Folks,
We have published a new I-D on "Requirements for IPv6 Firewalls"
The I-D is available at:
<http://tools.ietf.org/html/draft-gont-opsec-ipv6-firewall-reqs-00>
The goals of this first (and drafty) version of the document are as follows:
1) Agree on a rationale to write this spec.
For example, one possible rationale is "aim at providing parity of
features with IPv4". Another one could be that "should should aim a
little higher". For example, in the light of
draft-farrell-perpass-attack we may aim at requiring some confidentiality
features that might not be that common in IPv4 firewalls.
2) Expose different aspects of firewalls that we may want to standardize.
High-level feedback along the lines of "this other aspect is missing,
and should be added" or "we probably should not address this or that
other aspect" are very valuable.
3) Discussion of concrete requirements.
Here the feedback would be in the form of "This or that requirement is
missing", "this or that requirement doesn't make sense and should be
eliminated", etc. And for each of those that we keep in, arguments in
favor of "mandatory", "recommended", or "optional" (i.e., what the level
of each requirement should be).
It would be great if you could post any feedback on the opsec wg
mailing-list (Instructions here:
<https://www.ietf.org/mailman/listinfo/opsec>). But in any case feel free to
discuss this document on this list (ipv6-ops) while CC'ing
<draft-gont-opsec-ipv6-firewall-reqs@tools.ietf.org>.
P.S.: Regardless of what we end up doing with this I-D, etc., I think
the brainstorming would be fruitful. :-)
Thanks!
Best regards,
Fernando
-------- Original Message --------
From: internet-drafts@ietf.org
To: Will Liu <liushucheng@huawei.com>, "Shucheng LIU (Will)"
<liushucheng@huawei.com>, Fernando Gont <fgont@si6networks.com>,
"Fernando Gont" <fgont@si6networks.com>, Marco Ermini
<marco.ermini@resmed.com>, "Marco Ermini" <marco.ermini@resmed.com>
Subject: New Version Notification for
draft-gont-opsec-ipv6-firewall-reqs-00.txt
Date: Fri, 14 Feb 2014 16:00:33 -0800
A new version of I-D, draft-gont-opsec-ipv6-firewall-reqs-00.txt
has been successfully submitted by Fernando Gont and posted to the
IETF repository.
Name: draft-gont-opsec-ipv6-firewall-reqs
Revision: 00
Title: Requirements for IPv6 Firewalls
Document date: 2014-02-15
Group: Individual Submission
Pages: 12
URL:
http://www.ietf.org/internet-drafts/draft-gont-opsec-ipv6-firewall-reqs-00.txt
Status:
https://datatracker.ietf.org/doc/draft-gont-opsec-ipv6-firewall-reqs/
Htmlized:
http://tools.ietf.org/html/draft-gont-opsec-ipv6-firewall-reqs-00
Abstract:
While there are a large number of documents discussing IP and IPv6
packet filtering, requirements for IPv6 firewalls have never been
specified in the RFC series. When it comes to IPv6, the more limited
experience with the protocols, and reduced variety of products has
made it rather difficult to specify what are reasonable features to
be expected from an IPv6 firewall. This has typically been a problem
for network operators, who typically have to produce a "Request for
Proposal" (from scratch) that describes such features. This document
specifies a set of requirements for IPv6 firewalls, marked as
"mandatory", "recommended", or "optional".
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
We have published a new I-D on "Requirements for IPv6 Firewalls"
The I-D is available at:
<http://tools.ietf.org/html/draft-gont-opsec-ipv6-firewall-reqs-00>
The goals of this first (and drafty) version of the document are as follows:
1) Agree on a rationale to write this spec.
For example, one possible rationale is "aim at providing parity of
features with IPv4". Another one could be that "should should aim a
little higher". For example, in the light of
draft-farrell-perpass-attack we may aim at requiring some confidentiality
features that might not be that common in IPv4 firewalls.
2) Expose different aspects of firewalls that we may want to standardize.
High-level feedback along the lines of "this other aspect is missing,
and should be added" or "we probably should not address this or that
other aspect" are very valuable.
3) Discussion of concrete requirements.
Here the feedback would be in the form of "This or that requirement is
missing", "this or that requirement doesn't make sense and should be
eliminated", etc. And for each of those that we keep in, arguments in
favor of "mandatory", "recommended", or "optional" (i.e., what the level
of each requirement should be).
It would be great if you could post any feedback on the opsec wg
mailing-list (Instructions here:
<https://www.ietf.org/mailman/listinfo/opsec>). But in any case feel free to
discuss this document on this list (ipv6-ops) while CC'ing
<draft-gont-opsec-ipv6-firewall-reqs@tools.ietf.org>.
P.S.: Regardless of what we end up doing with this I-D, etc., I think
the brainstorming would be fruitful. :-)
Thanks!
Best regards,
Fernando
-------- Original Message --------
From: internet-drafts@ietf.org
To: Will Liu <liushucheng@huawei.com>, "Shucheng LIU (Will)"
<liushucheng@huawei.com>, Fernando Gont <fgont@si6networks.com>,
"Fernando Gont" <fgont@si6networks.com>, Marco Ermini
<marco.ermini@resmed.com>, "Marco Ermini" <marco.ermini@resmed.com>
Subject: New Version Notification for
draft-gont-opsec-ipv6-firewall-reqs-00.txt
Date: Fri, 14 Feb 2014 16:00:33 -0800
A new version of I-D, draft-gont-opsec-ipv6-firewall-reqs-00.txt
has been successfully submitted by Fernando Gont and posted to the
IETF repository.
Name: draft-gont-opsec-ipv6-firewall-reqs
Revision: 00
Title: Requirements for IPv6 Firewalls
Document date: 2014-02-15
Group: Individual Submission
Pages: 12
URL:
http://www.ietf.org/internet-drafts/draft-gont-opsec-ipv6-firewall-reqs-00.txt
Status:
https://datatracker.ietf.org/doc/draft-gont-opsec-ipv6-firewall-reqs/
Htmlized:
http://tools.ietf.org/html/draft-gont-opsec-ipv6-firewall-reqs-00
Abstract:
While there are a large number of documents discussing IP and IPv6
packet filtering, requirements for IPv6 firewalls have never been
specified in the RFC series. When it comes to IPv6, the more limited
experience with the protocols, and reduced variety of products has
made it rather difficult to specify what are reasonable features to
be expected from an IPv6 firewall. This has typically been a problem
for network operators, who typically have to produce a "Request for
Proposal" (from scratch) that describes such features. This document
specifies a set of requirements for IPv6 firewalls, marked as
"mandatory", "recommended", or "optional".
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1