datatracker.ietf.org
Sign in
Version 5.6.2.p3, 2014-07-31
Report a bug

Softwire Security Analysis and Requirements
RFC 5619

Network Working Group                                        S. Yamamoto
Request for Comments: 5619                            NICT/KDDI R&D Labs
Category: Standards Track                                    C. Williams
                                                               H. Yokota
                                                           KDDI R&D Labs
                                                               F. Parent
                                                          Beon Solutions
                                                             August 2009

              Softwire Security Analysis and Requirements

Abstract

   This document describes security guidelines for the softwire "Hubs
   and Spokes" and "Mesh" solutions.  Together with discussion of the
   softwire deployment scenarios, the vulnerability to security attacks
   is analyzed to provide security protection mechanisms such as
   authentication, integrity, and confidentiality to the softwire
   control and data packets.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Yamamoto, et al.            Standards Track                     [Page 1]
RFC 5619            Softwire Security Considerations         August 2009

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
     2.1.  Abbreviations  . . . . . . . . . . . . . . . . . . . . . .  4
     2.2.  Requirements Language  . . . . . . . . . . . . . . . . . .  5
   3.  Hubs and Spokes Security Guidelines  . . . . . . . . . . . . .  5
     3.1.  Deployment Scenarios . . . . . . . . . . . . . . . . . . .  5
     3.2.  Trust Relationship . . . . . . . . . . . . . . . . . . . .  7
     3.3.  Softwire Security Threat Scenarios . . . . . . . . . . . .  8
     3.4.  Softwire Security Guidelines . . . . . . . . . . . . . . . 11
       3.4.1.  Authentication . . . . . . . . . . . . . . . . . . . . 12
       3.4.2.  Softwire Security Protocol . . . . . . . . . . . . . . 13
     3.5.  Guidelines for Usage of IPsec in Softwire  . . . . . . . . 13
       3.5.1.  Authentication Issues  . . . . . . . . . . . . . . . . 14
       3.5.2.  IPsec Pre-Shared Keys for Authentication . . . . . . . 15
       3.5.3.  Inter-Operability Guidelines . . . . . . . . . . . . . 15
       3.5.4.  IPsec Filtering Details  . . . . . . . . . . . . . . . 16
   4.  Mesh Security Guidelines . . . . . . . . . . . . . . . . . . . 19
     4.1.  Deployment Scenario  . . . . . . . . . . . . . . . . . . . 19
     4.2.  Trust Relationship . . . . . . . . . . . . . . . . . . . . 20
     4.3.  Softwire Security Threat Scenarios . . . . . . . . . . . . 20
     4.4.  Applicability of Security Protection Mechanism . . . . . . 21
       4.4.1.  Security Protection Mechanism for Control Plane  . . . 21
       4.4.2.  Security Protection Mechanism for Data Plane . . . . . 22
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 23
   6.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 23
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 23
     7.1.  Normative References . . . . . . . . . . . . . . . . . . . 23
     7.2.  Informative References . . . . . . . . . . . . . . . . . . 24
   Appendix A.  Examples  . . . . . . . . . . . . . . . . . . . . . . 26
     A.1.  IPv6-over-IPv4 Softwire with L2TPv2 Example for IKE  . . . 26
     A.2.  IPv4-over-IPv6 Softwire with Example for IKE . . . . . . . 26

Yamamoto, et al.            Standards Track                     [Page 2]
RFC 5619            Softwire Security Considerations         August 2009

1.  Introduction

   The Softwire Working Group specifies the standardization of
   discovery, control, and encapsulation methods for connecting IPv4
   networks across IPv6 networks and IPv6 networks across IPv4 networks.
   The softwire provides connectivity to enable the global reachability

[include full document text]