Re: [v6ops] Document Action: 'Recommended Simple Security Capabilities in Customer Premises Equipment for Providing Residential IPv6 Internet Service' to Informational RFC
Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org> Fri, 22 October 2010 17:09 UTC
Return-Path: <ipng@69706e6720323030352d30312d31340a.nosense.org>
X-Original-To: v6ops@core3.amsl.com
Delivered-To: v6ops@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 472BE3A68F9 for <v6ops@core3.amsl.com>; Fri, 22 Oct 2010 10:09:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.527
X-Spam-Level:
X-Spam-Status: No, score=-0.527 tagged_above=-999 required=5 tests=[AWL=-0.524, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, J_CHICKENPOX_13=0.6, MISSING_HEADERS=1.292]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zq7ReEQPTPm0 for <v6ops@core3.amsl.com>; Fri, 22 Oct 2010 10:09:32 -0700 (PDT)
Received: from smtp1.adam.net.au (smtp1.adam.net.au [202.136.110.253]) by core3.amsl.com (Postfix) with ESMTP id F02AD3A67AD for <v6ops@ietf.org>; Fri, 22 Oct 2010 10:09:31 -0700 (PDT)
Received: from 182-239-171-173.ip.adam.com.au ([182.239.171.173] helo=opy.nosense.org) by smtp1.adam.net.au with esmtp (Exim 4.63) (envelope-from <ipng@69706e6720323030352d30312d31340a.nosense.org>) id 1P9L92-0004UL-QX for v6ops@ietf.org; Sat, 23 Oct 2010 03:41:08 +1030
Received: from opy.nosense.org (localhost.localdomain [IPv6:::1]) by opy.nosense.org (Postfix) with ESMTP id D1D2A3B32F for <v6ops@ietf.org>; Sat, 23 Oct 2010 03:41:07 +1030 (CST)
Date: Sat, 23 Oct 2010 03:41:07 +1030
From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
Cc: v6ops mailing list <v6ops@ietf.org>
Message-ID: <20101023034107.2e049007@opy.nosense.org>
In-Reply-To: <20101022135409.11E1328C0E8@core3.amsl.com>
References: <20101022135409.11E1328C0E8@core3.amsl.com>
X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; x86_64-unknown-linux-gnu)
X-Location: Lower Mitcham, South Australia, 5062
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [v6ops] Document Action: 'Recommended Simple Security Capabilities in Customer Premises Equipment for Providing Residential IPv6 Internet Service' to Informational RFC
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Oct 2010 17:09:33 -0000
On Fri, 22 Oct 2010 06:54:09 -0700 (PDT) The IESG <iesg-secretary@ietf.org> wrote: > The IESG has approved the following document: > > - 'Recommended Simple Security Capabilities in Customer Premises > Equipment for Providing Residential IPv6 Internet Service ' > <draft-ietf-v6ops-cpe-simple-security-16.txt> as an Informational RFC > Well done everybody, especially James. I think I've read somewhere that the DHCPv6 spec had set a record at 15 revisions ... it's just been beaten :-) > > This document is the product of the IPv6 Operations Working Group. > > The IESG contact persons are Ron Bonica and Dan Romascanu. > > A URL of this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-v6ops-cpe-simple-security-16.txt > > Technical Summary > > This document identifies a set of recommendations for the makers of > devices describing how to provide for "simple security" capabilities > at the perimeter of local-area IPv6 networks in Internet-enabled > homes and small offices. > > Working Group Summary > > The working group was divided on the concept of defining or recommending > the use of firewalls; as a result, this document is very explicitly a set > of recommendations for those that would choose to build or deploy a > firewall without making any recommendation on whether anyone should do > either. It describes a simple stateful firewall, permeable to traffic that > is secured using IPsec. > > Document Quality > > There is at least one deployed implementation of this firewall, and > expected to be others. The document clearly specifies a consensus set of > recommendations for such firewalls. > > Personel > > Fred Baker is shepherd. > > RFC Editor Note > > OLD TEXT: > > REC-13: > > By DEFAULT, Internet gateways SHOULD, automatically download > and install software updates for extending IPv6 simple security for > support of future standard upper layer transports and extension > headers. > > NEW TEXT: > > REC-13: > Residential Internet Gateways SHOULD provide a convenient means to > securely update their firmware, for the installation of security > patches and other manufacturer-recommended changes. > > Vendors can expect users and operators to have differing viewpoints > on the maintenance of patches, with some preferring automated update > and some preferring manual initiation, and those preferring automated > update wanting to download from a vendor site or one managed by the > network operator. To handle the disparity, vendors are well advised > if they provide manual and automated options. In the automated case, > they would do well to facilitate pre-configuration of the download > URL and a means of validating the software image such as a certificate. > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops
- [v6ops] Document Action: 'Recommended Simple Secu… The IESG
- Re: [v6ops] Document Action: 'Recommended Simple … Mark Smith
- Re: [v6ops] Document Action: 'Recommended Simple … Ralph Droms
- Re: [v6ops] Document Action: 'Recommended Simple … Bernie Volz (volz)
- Re: [v6ops] Document Action: 'Recommended Simple … Mark Smith