A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : IPv6 Security Problem Statement
Author(s) : A. Vives, J. Palet
Filename : draft-vives-v6ops-ipv6-security-ps-00.txt
Pages : 13
Date : 2004-4-21
Today, each network is often secured by a unique device (i.e.
security gateway or firewall), that becomes a bottleneck for the
end-to-end security model with IPv6. The deployment of IPv6 enabled
devices and networks bring some issues, which must be addressed by
security administrators in order to guarantee at least the same level
of security obtained nowadays with IPv4 and perimeter security
schemes, allowing at the same time all the IPv6 advantages.
The most important issues are the rediscovery of end-to-end
communications, the availability of IPsec in all IPv6 stacks, the
increase in the number and type of IP devices and also the increase
in the number of "nomadic" devices, meaning devices that will be
connected to different networks (that could have different security
policies).
The security policies and architectures currently applied in Internet
with IPv4, does not longer apply for end-to-end security models which
IPv6 will need. This document outlines the advantages and drawbacks
of both security schemes: perimeter and distributed.
This document aims to identify IPv6 issues that justify the need of a
distributed security model for IPv6, that is, simply to show that a
security problem will arise with the deployment of IPv6 networks if
nothing is done.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-vives-v6ops-ipv6-security-ps-00.txt
To remove yourself from the I-D Announcement list, send a message to
i-d-announce-request@ietf.org with the word unsubscribe in the body of the message.
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
to change your subscription settings.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-vives-v6ops-ipv6-security-ps-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-vives-v6ops-ipv6-security-ps-00.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-vives-v6ops-ipv6-security-ps-00.txt>
-
