IPv6 Transition/Co-existence Security Considerations draft-ietf-v6ops-security-overview-04.txt Elwyn Davies Suresh Krishnan Pekka Savola IETF-66, Montreal,

Slides:



Advertisements
Similar presentations
A Proposal to Improve IETF Productivity Geoff Huston Marshall Rose draft-huston-ietf-pact-00 October 2002.
Advertisements

Design Guidelines for IPv6 Networks draft-matthews-v6ops-design-guidelines-01 Philip Matthews Alcatel-Lucent.
Recommendations for IPv6 in 3GPP Standards draft-wasserman-3gpp-advice-00.txt IPv6-3GPP Design Team Salt Lake City IETF December 2001.
IP datagrams Service paradigm, IP datagrams, routing, encapsulation, fragmentation and reassembly.
Detecting Network Attachment IETF64 Chairs: Suresh Krishnan Greg Daley.
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.
 User Manuals come in all types, designs and formats.  This presentation is designed to show a few basic elements that will serve any user manual. 
Detecting Network Attachment IETF61 Chairs: Pekka Nikander, Greg Daley.
CAPWAP Editor’s Report Pat R. Calhoun Cisco Systems, Inc.
Draft-ietf-v6ops-scanning-implications-00 IPv6 Implications for Network Scanning Tim Chown University of Southampton (UK) IETF 66,
Draft-mickles-v6ops-isp-cases-01.txt September 19, 2002 Cleveland Mickles V6OPS ISP Breakout Session.
NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.
1 IPv6 Deployment Scenarios in (e) Networks draft-ietf-v6ops deployment-scenarios-01 Myung-Ki Shin, ETRI Youn-Hee Han, KUT Sang-Eon Kim, KT.
Draft-chown-v6ops-renumber-thinkabout-05 Things to think about when Renumbering an IPv6 network Tim Chown IETF 67, November 6th, 2006.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
Draft-vandevelde-v6ops-addcon-00.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor) Tim Chown Ciprian Popoviciu IETF 65, March.
NAT64 Operational Experiences draft-chen-v6ops-nat64-experience-01 IETF 83- Paris, Mar 2012 Gang Chen, China Mobile Zhen Cao, China Mobile Cameron Byrne,
Fees and Services John Curran President and CEO. Situation Fee Structure Review Panel completed and discharged – Final Fee Structure Review Report released.
Draft-barnes-geopriv-policy-uri. -03 (err… -02) We updated the draft (-02) in early September – … and forgot to post it We updated it again (-03) right.
1 Miscellaneous Capabilities for IP Network Infrastructure IETF 64 Vancouver, BC, Canada November 2005.
Enterprise IPv6 Transition Analysis IETF 62 IPv6 Operations Working Group March 7-11, 2005 Minneapolis, MN Presenter Jim Bound Jim Bound (Editor), Yanick.
Authority To Citizen Alerts IETF 81 Quebec. Note: Note Well the Note Well Any submission to the IETF intended by the Contributor for publication as all.
GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-ietf-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning Schulzrinne.
Node Information Queries July 2002 Yokohama IETF Bob Hinden / Nokia.
March 2006 CAPWAP Protocol Specification Update March 2006
V6OPS WG – IETF #85 IPv6 for 3GPP Cellular Hosts draft-korhonen-v6ops-rfc3316bis-00 Jouni Korhonen, Jari Arkko, Teemu Savolainen, Suresh Krishnan.
IETF-90 (Toronto) DHC WG Meeting Wednesday, July 23, GMT IETF-90 DHC WG1 Last Updated: 07/21/ :10 EDT.
Page 1 IETF Speermint Working Group Speermint Requirements/Guidelines for SIP session peering draft-ietf-speermint-requirements-02 IETF 69 - Monday July.
SRI International 1 Topology Dissemination Based on Reverse-Path Forwarding (TBRPF) Richard Ogier March 20, 2003.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Guidelines for Firewall Administrators Mobile IPv6 Suresh Krishnan, Niklas Steinleitner, Ying Qiu, Gabor.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
OSPFv3 Auto-Config IETF 83, Paris Jari Arkko, Ericsson Acee Lindem, Ericsson.
IPv4 over IEEE IP CS draft-ietf-16ng-ipv4-over-802-dot-16-ipcs-03 Samita Chakrabarti IP Infusion Syam Madanapalli Ordyn Technologies Daniel Park.
/ Jonne Soininen v6ops-3GPP Design Team IETF#55, v6ops wg Atlanta, USA Jonne Soininen / Juha Wiljakka
July 2007 CAPWAP Protocol Specification Editors' Report July 2007
NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.
BSR Spec Status BSR Spec authors 03/06. Status ID refreshed (now rev-07) Resolved remaining issues we had on our list Updated to reflect WG
Slide title minimum 48 pt Slide subtitle minimum 30 pt Tunnel Security Concerns draft-ietf-v6ops-tunnel-security-concerns-02 James Hoagland Suresh Krishnan.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Guidelines for Firewall Vendors Mobile IPv6 Suresh Krishnan, Yaron Sheffer, Niklas Steinleitner, Gabor.
1 cellhost-ipv6-52.ppt/ December 13, 2001 / John A. Loughney Minimum IPv6 Functionality for a Cellular Host John Loughney, Pertti Suomela, Juha Wiljakka,
CDB Chris Bonatti (IECA, Inc.) Tel: (+1) Proposed PKI4IPSEC Certificate Management Requirements Document IETF #61 – PKI4IPSEC Working.
Draft-ietf-v6ops-addcon-01.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor), Tim Chown, Ciprian Popoviciu, Olaf Bonness,
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
December 4th, ng WG, IETF701 Junghoon Jee, ETRI IP over Problem Statement and Goals draft-ietf-16ng-ps-goals-03.
Flow OAM Requirements Janardhanan Pathangi Balaji Venkat Venkataswami DELL Richard Groves – Microsoft Peter Hoose – Facebook
Authors: Scott Poretsky, Quarry Technologies Brent Imhoff, LightCore
28 October 2016 Webex IPv6 over the TSCH mode of IEEE e
Denial of Service attack in IPv6 networks and Counter measurements
Interface extensions YANG & VLAN sub-interface YANG Status update
IP Router-Alert Considerations and usage
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
Les Ginsberg Stefano Previdi Peter Psenak Martin Pilka
IKEv2 Mobility and Multihoming Protocol (MOBIKE)
ND-Shield: Protecting against Neighbor Discovery Attacks
Guide to TCP/IP Fourth Edition
Migration-Issues-xx Where it’s been and might be going
Multi-server Namespace in NFSv4.x Previous and Pending Updates
STIR WG IETF-99 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-00) July, 2017 Ray P. Singh, Martin Dolly, Subir Das, and An.
Chairs: Samita Chakrabarti, Gabriel Montenegro
draft-ietf-dtn-bpsec-06
ACP status IETF 103 Montreal 2018
MIF DHCPv6 Route Option Update
Update for “Multicast Considerations over IEEE 802 Wireless Media”
DetNet Data Plane Solutions draft-ietf-detnet-dp-sol-ip-02  draft-ietf-detnet-dp-sol-mpls-02  Bala’zs Varga, Jouni Korhonen, Janos Farkas, Lou Berger,
IETF105 IS-IS V6/MT Deployment Considerations draft-chunduri-lsr-isis-mt-deployment-cons-02 Uma Chunduri [Futurewei] Jeff Tantsura [Apstra] Shraddha Hegde.
Interface extensions YANG & VLAN sub-interface YANG Status update
DetNet Architecture Updates
Presentation transcript:

IPv6 Transition/Co-existence Security Considerations draft-ietf-v6ops-security-overview-04.txt Elwyn Davies Suresh Krishnan Pekka Savola IETF-66, Montreal, 12 July 2006

12 July 2006 v6ops Security Overview - IETF 66 - Montreal2 Dealing with IESG Comments  IESG and secdir review generated a lot of comments ... and a larger amount of  Several comments are 'philosophical' Require clarification/disclaimers rather than substantive changes  Some editorial.. these will be fixed while recycling draft

12 July 2006 v6ops Security Overview - IETF 66 - Montreal3 IPv6 Specification Problems  Draft points out various problems with IPv6 specification  Suggests dropping traffic which is technically 'in specification' e.g., overlapped fragments  Two ADs disliked this but existence of problems acknowledged  Solution: Add general disclaimer

12 July 2006 v6ops Security Overview - IETF 66 - Montreal4 Disclaimer for Introduction "This memo identifies a number of situations where the current IPv6 standards allow for traffic which would potentially result in security vulnerabilities. The memo suggests measures which could be applied to detect or drop such traffic; in almost all cases these kinds of traffic would not result from correct, non-malicious use of the network. The hazards are pointed out in each case but administrators should be aware that existing or future applications might generate traffic that makes legitimate use of these capabilities."

12 July 2006 v6ops Security Overview - IETF 66 - Montreal5 Unusual Patterns of Padding  Agreed to add note that unusual patterns of option padding are legal but might be malicious  Add explanation of circumstances when maximum padding is 3

12 July 2006 v6ops Security Overview - IETF 66 - Montreal6 Tiny Fragments  Agreed to incorporate some extra text to reflect input in draft-manral-tiny-fragments-issues-02  Explain that s covers firewalls that reassembles packets before filtering  Suggest a sensible value for minimum size for non-final fragments (50% of guaranteed minimum MTU)

12 July 2006 v6ops Security Overview - IETF 66 - Montreal7 Unknown Extension Headers/Opts  Lengthy discussion of sensible practice for dropping these  Extensibility vs Security  Agreed that ultimately admins will choose safety over unthinking passing of all unknown options

12 July 2006 v6ops Security Overview - IETF 66 - Montreal8 Use of Link Local Addresses  Extensive discussion of link local addresses for applications that are not specifically designed to use them mostly management applications  Problem of overlapping addresses and zone specification  Recommendation in will be toned down and explained further

12 July 2006 v6ops Security Overview - IETF 66 - Montreal9 Minor Issues Needing Clarification  s : Middleboxes looking at destination opts, etc: needs to reflect that actual practice breaks the IPv6 spec (and it doesn't matter AFAICS)  Clarify s4.9 with regard to privacy addresses and ingress filtering  Using MAC addresses to identify equipment characteristics (App B)

12 July 2006 v6ops Security Overview - IETF 66 - Montreal10 Items Discussed - No Change Required or Proposed  Excessive use of Router Alert  Document reorganisation secdir reviewer didn't like organisation  A few things that were not necessarily IPv6 specific

12 July 2006 v6ops Security Overview - IETF 66 - Montreal11 Next Steps  Revised draft soon  Further WG review needed?  Back to IESG

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.