Re: [v6ops] IPv6 transition technologies vs MITM (DEFCON)

Fernando Gont <fgont@si6networks.com> Wed, 28 August 2013 06:38 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4910D11E814D for <v6ops@ietfa.amsl.com>; Tue, 27 Aug 2013 23:38:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EAI54FGfKoSy for <v6ops@ietfa.amsl.com>; Tue, 27 Aug 2013 23:38:28 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id B962411E8104 for <v6ops@ietf.org>; Tue, 27 Aug 2013 23:38:28 -0700 (PDT)
Received: from 26-174-16-190.fibertel.com.ar ([190.16.174.26] helo=[192.168.1.109]) by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from <fgont@si6networks.com>) id 1VEZNw-0005Aa-UE; Wed, 28 Aug 2013 08:37:46 +0200
Message-ID: <521D9AB0.4030007@si6networks.com>
Date: Wed, 28 Aug 2013 03:37:36 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8
MIME-Version: 1.0
To: David Farmer <farmer@umn.edu>
References: <52165DC0.7090406@scea.com> <CFF483B5-E780-4D8F-B2B4-2F9AE19A4147@ecs.soton.ac.uk> <EMEW3|aa8823c39ca54364e45099ae590c0046p7LLpN03tjc|ecs.soton.ac.uk|CFF483B5-E780-4D8F-B2B4-2F9AE19A4147@ecs.soton.ac.uk> <521697C6.8080207@umn.edu>
In-Reply-To: <521697C6.8080207@umn.edu>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Tom Perrine <tperrine@scea.com>, IETF v6ops list <v6ops@ietf.org>
Subject: Re: [v6ops] IPv6 transition technologies vs MITM (DEFCON)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2013 06:38:29 -0000

On 08/22/2013 07:59 PM, David Farmer wrote:
> 
> For policy reasons, still today, we still haven't turned on IPv6 in
> several parts of our network.  These are mostly areas that deal with
> private data, HIPPI, FERPA, PCI and other compliance regimes, but it was
> extra important that theses areas also got RA-Guard for the very same
> reasons we haven't turned on IPv6 yet.

Regarding RA-Guard, you're probably aware of
<http://tools.ietf.org/id/draft-ietf-v6ops-ra-guard-implementation-07.txt>.

Cheers,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492