[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SECDIR review: draft-ietf-v6ops-tunnel-concerns

To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Suresh Krishnan <suresh.krishnan@ericsson.com>
Subject: RE: SECDIR review: draft-ietf-v6ops-tunnel-concerns
From: Christian Huitema <huitema@windows.microsoft.com>
Date: Sun, 19 Oct 2008 21:40:20 -0700
Accept-language: en-US
Acceptlanguage: en-US
Cc: Nathan Ward <v6ops@daork.net>, Kurt Zeilenga <Kurt.Zeilenga@Isode.com>, Pasi Eronen <Pasi.Eronen@nokia.com>, Tim Polk <tim.polk@nist.gov>, "secdir@mit.edu" <secdir@mit.edu>, "Jim_Hoagland@symantec.com" <Jim_Hoagland@symantec.com>, Dave Thaler <dthaler@windows.microsoft.com>, "v6ops@ops.ietf.org" <v6ops@ops.ietf.org>
In-reply-to: <48FB9A79.8040407@gmail.com>
References: <8B128AB2-BBD9-49B9-A837-F00DD80BF5D3@Isode.com> <48F2C29B.8090900@ericsson.com> <D6947E23-5209-4767-882A-7EBA645B3DCB@daork.net> <48F8EE0D.4060307@ericsson.com> <48FB9A79.8040407@gmail.com>

> I think there's a real risk of this document being misunderstood
> by typical site IT managers, and being used simply as an excuse
> to block all kinds of tunnel-based v4/v6 coexistence. But tunnels
> are a legitimate coexistence strategy. I'd much rather see
> this document talking more about how to make the use of tunnels
> safe as part of v4/v6 coexistence. There is some of that material
> in the document, but the impression the draft leaves is now of
> a succession of warnings to block tunnels.

Actually, it is a succession of warning to block standardized tunnels, those that are well documented and have a clear signature. By doing so, we are pushing application developers to just "roll their own technologies", and indeed to use evasive techniques such as encrypted packets, random port numbers or tunneling of HTTP. I am not sure that network managers are going to like the result...

-- Christian Huitema

Follow-Ups:
- Re: SECDIR review: draft-ietf-v6ops-tunnel-concerns
  - From: Suresh Krishnan <suresh.krishnan@ericsson.com>

References:
- Re: SECDIR review: draft-ietf-v6ops-tunnel-concerns-00
  - From: Suresh Krishnan <suresh.krishnan@ericsson.com>
- Re: SECDIR review: draft-ietf-v6ops-tunnel-concerns-00
  - From: Nathan Ward <v6ops@daork.net>
- Re: SECDIR review: draft-ietf-v6ops-tunnel-concerns-00
  - From: Suresh Krishnan <suresh.krishnan@ericsson.com>
- Re: SECDIR review: draft-ietf-v6ops-tunnel-concerns
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

Prev by Date: Re: SECDIR review: draft-ietf-v6ops-tunnel-concerns
Next by Date: Re: some real life data
Previous by thread: Re: SECDIR review: draft-ietf-v6ops-tunnel-concerns
Next by thread: Re: SECDIR review: draft-ietf-v6ops-tunnel-concerns
Index(es):
- Date
- Thread