Once again, this is a v6ops topic, so this will be my last comment here on the 6man list:
On 2010-03-27 04:53, Perkins, Carroll G wrote: > In all of these discussions, I am amazed that no one has mentioned that NIST > has written a set of IPv6 implementation requirements for all US manufactured > equipment that addresses many of the discussion issues. > > NIST SP-800-115 Guidelines for the Secure Deployment of IPv6 Except that this is truly obnoxious and paranoid: > Organizations that are not yet deploying IPv6 should implement the following > recommendations: > > * Block all IPv6 traffic, native and tunneled, at the organization's > firewall. Both incoming and outgoing traffic should be blocked. This, if applied, would block all early-adopter activity. More reasonable guidelines are in draft-ietf-v6ops-cpe-simple-security and an approach that actively helps Internet transparency is suggested in draft-vyncke-advanced-ipv6-security. These are much more fruitful approaches than the NIST guideline, which I hope will be widely disregarded. Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
