Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service
RFC 6092

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    v6ops mailing list <v6ops@ietf.org>, 
    v6ops chair <v6ops-chairs@tools.ietf.org>
Subject: Document Action: 'Recommended Simple Security Capabilities in Customer Premises Equipment for Providing Residential IPv6 Internet Service' to Informational RFC

The IESG has approved the following document:

- 'Recommended Simple Security Capabilities in Customer Premises 
   Equipment for Providing Residential IPv6 Internet Service '
   <draft-ietf-v6ops-cpe-simple-security-16.txt> as an Informational RFC


This document is the product of the IPv6 Operations Working Group. 

The IESG contact persons are Ron Bonica and Dan Romascanu.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-v6ops-cpe-simple-security-16.txt

Technical Summary
 
This document identifies a set of recommendations for the makers of
devices describing how to provide for "simple security" capabilities
at the perimeter of local-area IPv6 networks in Internet-enabled
homes and small offices.
 
Working Group Summary
 
The working group was divided on the concept of defining or recommending
the use of firewalls; as a result, this document is very explicitly a set
of recommendations for those that would choose to build or deploy a
firewall without making any recommendation on whether anyone should do
either. It describes a simple stateful firewall, permeable to traffic that
is secured using IPsec.
 
Document Quality
 
There is at least one deployed implementation of this firewall, and
expected to be others. The document clearly specifies a consensus set of
recommendations for such firewalls.

Personel

Fred Baker is shepherd.

RFC Editor Note

OLD TEXT:

REC-13: 

By DEFAULT, Internet gateways SHOULD, automatically download
and install software updates for extending IPv6 simple security for
support of future standard upper layer transports and extension
headers.

NEW TEXT:

REC-13:
Residential Internet Gateways SHOULD provide a convenient means to 
securely update their firmware, for the installation of security 
patches and other manufacturer-recommended changes.
 
Vendors can expect users and operators to have differing viewpoints 
on the maintenance of patches, with some preferring automated update 
and some preferring manual initiation, and those preferring automated 
update wanting to download from a vendor site or one managed by the 
network operator. To handle the disparity, vendors are well advised 
if they provide manual and automated options. In the automated case, 
they would do well to facilitate pre-configuration of the download 
URL and a means of validating the software image such as a certificate.