BTW, in case it wasn't clear, I think the IETF should do that architecture.
On Jun 4, 2011, at 11:10 PM, Fred Baker wrote: > > On Jun 4, 2011, at 9:53 AM, Stephen Farrell wrote: > >> I think we'd like to respond to them that that's great, >> and we'll be interested in their results, but can they >> *please* come back to us before saying something should >> be changed so's we can talk about it. > > That seems like a reasonable proposal. > > There a, of course, several proposed sets of security guidelines for IPv6 > floating in the breeze. If you want my druthers, I would like to see a > comprehensive security *architecture*. Steve Kent wrote to me last month, on > another topic, saying > >> I do have a few comments about the discuss of secruity, in general. I see >> that you used the CIA model for describing security requirements/services. >> Although this is a commonly used model, I find it inferior to the model that >> was developed by ISO in the mid 80's (ISO 7498-2). > > It might be worthwhile to look at the ISO model he suggests as a possible > starting point. > > To my mind, anything resembling a security architecture will identify threats > at the physical, link, network (LAN and IP), transport, and applications > layers, and make recommendations for addressing them - and not start from the > premise of a global federated identity, which doesn't exist. > _______________________________________________ > v6ops mailing list > v6...@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------