datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Liaison Statement: Security Area Response to Liaison on IPv6 security issues

Submission Date: 2011-06-21
From: Security Area (Stephen Farrell)
To: ITU-T SG 17 (kremer@rans.ru, ko-nakao@kddi.com)
Cc:chair@ietf.org
itu-t-liaisons@iab.org
Response Contact: stephen.farrell@cs.tcd.ie
turners@ieca.com
Technical Contact:
Purpose: In response
Liaisons referring to this one: Reply Liaison to IETF SEC Area on IPv6 security issues
Referenced liaison: Liaison on IPv6 security issues
Attachments: (none)
Body:
FOR ACTION

The IETF thanks Study Group 17 for its liaison LS-206 "Liaison on IPv6
security issues".  As the world transitions to IPv6, new opportunities
and challenges arise.  SG17's focus on deployment and
implementation considerations reflects this reality.   We would like
to
bring to your attention the following work which we believe may prove
a
useful basis for both X.ipv6-secguide and X.mgv6:

    * RFC 4294 - "IPv6 Node Requirements" (N.B., this work is
currently
      under revision as draft-ietf-6man-node-req-bis, submitted to
      the IESG for approval on 2011-05-25)
    * draft-ietf-6man-node-req-bis (work in progress) - "IPv6 Node
      Requirements RFC 4294-bis"
    * RFC 4864 - "Local Network Protection for IPv6"
    * RFC 4942 - "IPv6 Transition/Coexistence Security Considerations"
    * RFC 6092 - "Recommended Simple Security Capabilities in Customer
      Premise Equipment (CPE) for Providing Residential IPv6 Internet
      Service"
    * RFC 6105 - "IPv6 Router Advertisement Guard"
    * RFC 6106 - "IPv6 Router Advertisement Options for DNS
      Configuration", ยง7 in particular.

As you are aware, every RFC contains a Security Considerations
section.
In developing either an implementation or deployment guide,
contributors
are strongly encouraged to review the RFCs and Internet-Drafts that
support any underlying function.

In addition, we bring to your attention the following IETF Working
Groups that are working on IPv6 security-related work:

Working Group  Purpose                     Mailing list address
Name

6man     IPv6 Maintenance                    ipv6@ietf.org
savi        Source Address Validation     savi@ietf.org
               Improvements
dhc         Dynamic Host Configuration  dhcwg@ietf.org
v6ops     IPv6 Operations                        v6ops@ietf.org
opsec     Operational Security                opsec@ietf.org
                Capabilities for an IP Network
csi           CGA & Send maIntenance      cga-ext@ietf.org


In addition to the above working groups, the Security Area of the IETF
maintains a mailing list for general discussion, saag@ietf.org.  We
encourage and invite open and informal discussion in these or other
relevant IETF fora on this very important topic. As with all IETF
working groups, any and all interested parties can choose to directly
contribute via the mailing lists above.

As in other areas, the Security Area of the IETF invites SG17 to bring
any new-found concerns about IETF protocols to our attention so that
as
and when we revise our documents we can make appropriate amendments to
IETF protocols. In particular, as this planned work matures, we would
welcome hearing about it in more detail, perhaps via an invited
presentation at a saag meeting or via review of draft documents as may
be appropriate.