Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPv6 Transition/Co-existence Security Considerations draft-ietf-v6ops-security-overview-04.txt Elwyn Davies Suresh Krishnan Pekka Savola IETF-66, Montreal,

Published byEustacia Poole Modified over 8 years ago

Similar presentations

Presentation on theme: "IPv6 Transition/Co-existence Security Considerations draft-ietf-v6ops-security-overview-04.txt Elwyn Davies Suresh Krishnan Pekka Savola IETF-66, Montreal,"— Presentation transcript:

1 IPv6 Transition/Co-existence Security Considerations draft-ietf-v6ops-security-overview-04.txt Elwyn Davies Suresh Krishnan Pekka Savola IETF-66, Montreal, 12 July 2006

2 12 July 2006 v6ops Security Overview - IETF 66 - Montreal2 Dealing with IESG Comments  IESG and secdir review generated a lot of comments ... and a larger amount of email  Several comments are 'philosophical' Require clarification/disclaimers rather than substantive changes  Some editorial.. these will be fixed while recycling draft

3 12 July 2006 v6ops Security Overview - IETF 66 - Montreal3 IPv6 Specification Problems  Draft points out various problems with IPv6 specification  Suggests dropping traffic which is technically 'in specification' e.g., overlapped fragments  Two ADs disliked this but existence of problems acknowledged  Solution: Add general disclaimer

4 12 July 2006 v6ops Security Overview - IETF 66 - Montreal4 Disclaimer for Introduction "This memo identifies a number of situations where the current IPv6 standards allow for traffic which would potentially result in security vulnerabilities. The memo suggests measures which could be applied to detect or drop such traffic; in almost all cases these kinds of traffic would not result from correct, non-malicious use of the network. The hazards are pointed out in each case but administrators should be aware that existing or future applications might generate traffic that makes legitimate use of these capabilities."

5 12 July 2006 v6ops Security Overview - IETF 66 - Montreal5 Unusual Patterns of Padding  Agreed to add note that unusual patterns of option padding are legal but might be malicious  Add explanation of circumstances when maximum padding is 3

6 12 July 2006 v6ops Security Overview - IETF 66 - Montreal6 Tiny Fragments  Agreed to incorporate some extra text to reflect input in draft-manral-tiny-fragments-issues-02  Explain that s2.1.10 covers firewalls that reassembles packets before filtering  Suggest a sensible value for minimum size for non-final fragments (50% of guaranteed minimum MTU)

7 12 July 2006 v6ops Security Overview - IETF 66 - Montreal7 Unknown Extension Headers/Opts  Lengthy discussion of sensible practice for dropping these  Extensibility vs Security  Agreed that ultimately admins will choose safety over unthinking passing of all unknown options

8 12 July 2006 v6ops Security Overview - IETF 66 - Montreal8 Use of Link Local Addresses  Extensive discussion of link local addresses for applications that are not specifically designed to use them mostly management applications  Problem of overlapping addresses and zone specification  Recommendation in 2.1.12 will be toned down and explained further

9 12 July 2006 v6ops Security Overview - IETF 66 - Montreal9 Minor Issues Needing Clarification  s2.1.9.1: Middleboxes looking at destination opts, etc: needs to reflect that actual practice breaks the IPv6 spec (and it doesn't matter AFAICS)  Clarify s4.9 with regard to privacy addresses and ingress filtering  Using MAC addresses to identify equipment characteristics (App B)

10 12 July 2006 v6ops Security Overview - IETF 66 - Montreal10 Items Discussed - No Change Required or Proposed  Excessive use of Router Alert  Document reorganisation secdir reviewer didn't like organisation  A few things that were not necessarily IPv6 specific

11 12 July 2006 v6ops Security Overview - IETF 66 - Montreal11 Next Steps  Revised draft soon  Further WG review needed?  Back to IESG

Download ppt "IPv6 Transition/Co-existence Security Considerations draft-ietf-v6ops-security-overview-04.txt Elwyn Davies Suresh Krishnan Pekka Savola IETF-66, Montreal,"

Similar presentations

A Proposal to Improve IETF Productivity Geoff Huston Marshall Rose draft-huston-ietf-pact-00 October 2002.

A Proposal to Improve IETF Productivity Geoff Huston Marshall Rose draft-huston-ietf-pact-00 October 2002.
Design Guidelines for IPv6 Networks draft-matthews-v6ops-design-guidelines-01 Philip Matthews Alcatel-Lucent.

Design Guidelines for IPv6 Networks draft-matthews-v6ops-design-guidelines-01 Philip Matthews Alcatel-Lucent.
Recommendations for IPv6 in 3GPP Standards draft-wasserman-3gpp-advice-00.txt IPv6-3GPP Design Team Salt Lake City IETF December 2001.

Recommendations for IPv6 in 3GPP Standards draft-wasserman-3gpp-advice-00.txt IPv6-3GPP Design Team Salt Lake City IETF December 2001.
IP datagrams Service paradigm, IP datagrams, routing, encapsulation, fragmentation and reassembly.

IP datagrams Service paradigm, IP datagrams, routing, encapsulation, fragmentation and reassembly.
Detecting Network Attachment IETF64 Chairs: Suresh Krishnan Greg Daley.

Detecting Network Attachment IETF64 Chairs: Suresh Krishnan Greg Daley.
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.

© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.
 User Manuals come in all types, designs and formats.  This presentation is designed to show a few basic elements that will serve any user manual. 

 User Manuals come in all types, designs and formats.  This presentation is designed to show a few basic elements that will serve any user manual. 
Detecting Network Attachment IETF61 Chairs: Pekka Nikander, Greg Daley.

Detecting Network Attachment IETF61 Chairs: Pekka Nikander, Greg Daley.
CAPWAP Editor’s Report Pat R. Calhoun Cisco Systems, Inc.

CAPWAP Editor’s Report Pat R. Calhoun Cisco Systems, Inc.
Draft-ietf-v6ops-scanning-implications-00 IPv6 Implications for Network Scanning Tim Chown University of Southampton (UK) IETF 66,

Draft-ietf-v6ops-scanning-implications-00 IPv6 Implications for Network Scanning Tim Chown University of Southampton (UK) IETF 66,
Draft-mickles-v6ops-isp-cases-01.txt September 19, 2002 Cleveland Mickles V6OPS ISP Breakout Session.

Draft-mickles-v6ops-isp-cases-01.txt September 19, 2002 Cleveland Mickles V6OPS ISP Breakout Session.
NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.

NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.
1 IPv6 Deployment Scenarios in 802.16(e) Networks draft-ietf-v6ops-802-16-deployment-scenarios-01 Myung-Ki Shin, ETRI Youn-Hee Han, KUT Sang-Eon Kim, KT.

1 IPv6 Deployment Scenarios in (e) Networks draft-ietf-v6ops deployment-scenarios-01 Myung-Ki Shin, ETRI Youn-Hee Han, KUT Sang-Eon Kim, KT.
Draft-chown-v6ops-renumber-thinkabout-05 Things to think about when Renumbering an IPv6 network Tim Chown IETF 67, November 6th, 2006.

Draft-chown-v6ops-renumber-thinkabout-05 Things to think about when Renumbering an IPv6 network Tim Chown IETF 67, November 6th, 2006.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna

July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
July 16, 20031 Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...

July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
Draft-vandevelde-v6ops-addcon-00.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor) Tim Chown Ciprian Popoviciu IETF 65, March.

Draft-vandevelde-v6ops-addcon-00.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor) Tim Chown Ciprian Popoviciu IETF 65, March.
NAT64 Operational Experiences draft-chen-v6ops-nat64-experience-01 IETF 83- Paris, Mar 2012 Gang Chen, China Mobile Zhen Cao, China Mobile Cameron Byrne,

NAT64 Operational Experiences draft-chen-v6ops-nat64-experience-01 IETF 83- Paris, Mar 2012 Gang Chen, China Mobile Zhen Cao, China Mobile Cameron Byrne,
Fees and Services John Curran President and CEO. Situation Fee Structure Review Panel completed and discharged – Final Fee Structure Review Report released.

Fees and Services John Curran President and CEO. Situation Fee Structure Review Panel completed and discharged – Final Fee Structure Review Report released.
Draft-barnes-geopriv-policy-uri. -03 (err… -02) We updated the draft (-02) in early September – … and forgot to post it We updated it again (-03) right.

Draft-barnes-geopriv-policy-uri. -03 (err… -02) We updated the draft (-02) in early September – … and forgot to post it We updated it again (-03) right.

Similar presentations

Ads by Google