Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > We received a liaison [1] from ITU-T saying they're > planning to start a couple of work items on the > security of IPv6. As far as we know, they envisage > developing a "technical guideline on deploying IPv6" > and "Security Management Guideline for implementation > of IPv6 environment in telecommunications > organizations." Bear in mind that they're just starting > so they know about as much as we would just before a > BoF or something like that. > > I think we'd like to respond to them that that's great, > and we'll be interested in their results, but can they > *please* come back to us before saying something should > be changed so's we can talk about it.
I don't think that's quite right. We should welcome their studying security issues; but I think we need to _strongly_ encourage them to start from draft-ietf-6man-node-req-bis when it becomes an RFC -- since it has _significant_ changes from RFC 4294 (and an ITU-T study based on RFC4294 will be of rather limited value). Furthermore, ITU-T should NOT propose "changes" to IPv6 protocol or the Node Requirements. The language there should talk of documenting security "concerns" or "issues" or whatever term seems neutral enough; and list as the next step exchanging ideas of what "changes" might help. Clearly, ITU-T is entirely justified in publishing recommendations of what level of security-related-trust to place in IPv6 packet forwarding: but any protocol _changes_ are outside their bailiwick. (As an aside, IETF should resist most proposals for change until IPv6 sees widespread deployment -- deploying to a moving target is just TOO risky.) -- John Leslie <j...@jlc.net> -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------