IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-ietf-v6ops-balanced-ipv6-security-01.txt

Guillaume Leclanche <guillaume@leclanche.net> Fri, 06 December 2013 15:52 UTC

Return-Path: <guillaume@leclanche.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AEB01ADFAF for <v6ops@ietfa.amsl.com>; Fri, 6 Dec 2013 07:52:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.357
X-Spam-Level:
X-Spam-Status: No, score=-0.357 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, MISSING_HEADERS=1.021] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nIwEUywVrIOZ for <v6ops@ietfa.amsl.com>; Fri, 6 Dec 2013 07:52:42 -0800 (PST)
Received: from mail-vc0-x22a.google.com (mail-vc0-x22a.google.com [IPv6:2607:f8b0:400c:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id D502D1ADFFB for <v6ops@ietf.org>; Fri, 6 Dec 2013 07:52:41 -0800 (PST)
Received: by mail-vc0-f170.google.com with SMTP id ht10so908507vcb.29 for <v6ops@ietf.org>; Fri, 06 Dec 2013 07:52:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leclanche.net; s=leclanche-net; h=mime-version:in-reply-to:references:from:date:message-id:subject:cc :content-type; bh=7yChUcr+hkv+0yMjgHeFu0lqIKtbxxJ4iqkBWDvhp4Y=; b=nVHGekfi3SMD1lnxV3R3OcsRumRcJ3qTX2J3dLPciqOwpv5heBeAcu0Zdki4rS0GJV LPiN/89p1TbwPjEByUTA14+Cnap5/uAzxYh4ehZ45Qg1bKU48uDlsk4i7wHRDotpEqui EDFzO7wKPLcKweIIJOrhxv3FjjamKe27Yzrt4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:cc:content-type; bh=7yChUcr+hkv+0yMjgHeFu0lqIKtbxxJ4iqkBWDvhp4Y=; b=WbnEwcNZK5vEwGZLRFJVOY2wYHvfWJIAynYxZ6k9IVhTYFMPv2lpaeek/MvI4G9SUh DoxIpIRvyeBbas5s99g8gwZvf1tO65vTlf1pWZyGXTh6Up1IzXc4jmXgMXRM+fuVR6y4 QMsDsxJdgPZyIA9hseu9TJgaro9z9RgHZINKPJ5XDAT5OkEPbRdgzQrcFRa5T1kthOvz NDRJs33ASVeIleT+EdZ1mwavN36eAF+Y4D7MFiApW2AbETrGyTs7k27u4TRhwe4V0hOf jnFF5Wyvxz5I1Y6CigC7tMrKRhP237sCLuDT3PAAqvS4UCuu8YhUfBn7e5vOnv9EDNjf 9tjQ==
X-Gm-Message-State: ALoCoQmqUeRTSn87X0gaBlbWkkiL2ZMdVeZSUuo2lQyKzG31Xov10If0edYgOfy+RkTQP+MGE8M7
X-Received: by 10.220.50.18 with SMTP id x18mr2392367vcf.29.1386345157741; Fri, 06 Dec 2013 07:52:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.58.24.200 with HTTP; Fri, 6 Dec 2013 07:51:57 -0800 (PST)
X-Originating-IP: [2620:0:230:c000:3e97:eff:fe95:5451]
In-Reply-To: <20131206153834.19120.52021.idtracker@ietfa.amsl.com>
References: <20131206153834.19120.52021.idtracker@ietfa.amsl.com>
From: Guillaume Leclanche <guillaume@leclanche.net>
Date: Fri, 06 Dec 2013 10:51:57 -0500
Message-ID: <CADDV1edv5cjW-Uspm4bfrwkjfs3wX-8VR0x3fHLR8pUvCLLeYw@mail.gmail.com>
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-balanced-ipv6-security-01.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2013 15:52:43 -0000

Hello,

This is a new version of the draft after having analyzed the WGLC
comments and the Security Directorate review.

A lot of text was modified to make sure that the document could not be
mistaken for a recommendation. The filtering concept and examples are
not changed, as the authors have chosen to stick to describing the
documented practice.

There are new mentions of PCP and UPnP, and the Security
Considerations part was also detailed.

Guillaume

2013/12/6  <internet-drafts@ietf.org>:
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>  This draft is a work item of the IPv6 Operations Working Group of the IETF.
>
>         Title           : Balanced Security for IPv6 Residential CPE
>         Author(s)       : Martin Gysi
>                           Guillaume Leclanche
>                           Eric Vyncke
>                           Ragnar Anfinsen
>         Filename        : draft-ietf-v6ops-balanced-ipv6-security-01.txt
>         Pages           : 9
>         Date            : 2013-12-06
>
> Abstract:
>    This document describes how an IPv6 residential Customer Premise
>    Equipment (CPE) can have a balanced security policy that allows for a
>    mostly end-to-end connectivity while keeping the major threats
>    outside of the home.  It is documenting an existing IPv6 deployment
>    by Swisscom and allows all packets inbound/outbound EXCEPT for some
>    layer-4 ports where attacks and vulnerabilities (such as weak
>    passwords) are well-known.  The policy is a proposed set of rules
>    that can be used as a default setting.  The set of blocked inbound
>    and outbound ports is expected to be updated as threats come and go.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-v6ops-balanced-ipv6-security
>
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-v6ops-balanced-ipv6-security-01
>
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=draft-ietf-v6ops-balanced-ipv6-security-01
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email