On Jun 4, 2011, at 9:53 AM, Stephen Farrell wrote: > I think we'd like to respond to them that that's great, > and we'll be interested in their results, but can they > *please* come back to us before saying something should > be changed so's we can talk about it.
That seems like a reasonable proposal. There a, of course, several proposed sets of security guidelines for IPv6 floating in the breeze. If you want my druthers, I would like to see a comprehensive security *architecture*. Steve Kent wrote to me last month, on another topic, saying > I do have a few comments about the discuss of secruity, in general. I see > that you used the CIA model for describing security requirements/services. > Although this is a commonly used model, I find it inferior to the model that > was developed by ISO in the mid 80's (ISO 7498-2). It might be worthwhile to look at the ISO model he suggests as a possible starting point. To my mind, anything resembling a security architecture will identify threats at the physical, link, network (LAN and IP), transport, and applications layers, and make recommendations for addressing them - and not start from the premise of a global federated identity, which doesn't exist. -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
