Deploy360 IETF Improving Technical Security IPv6

10 Updated Internet-Drafts Related to IPv6 Security

Fernando Gont of SI6 Networks has been a VERY busy man lately!  He and his colleagues and co-authors have recently updated a whole host of Internet-Drafts related to IPv6 security.  In a post to the full-disclosure mailing list, Fernando provided his list that includes:

Network Reconnaissance in IPv6 Networks

Security Implications of IPv6 on IPv4 Networks

Virtual Private Network (VPN) traffic leakages in dual-stack
hosts/ networks

Security Assessment of Neighbor Discovery (ND) for IPv6

DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers

Security Implications of IPv6 Fragmentation with IPv6
Neighbor Discovery

Security Implications of IPv6 options of Type 10xxxxxx

Security Implications of Predictable Fragment

Processing of IPv6 “atomic” fragments

Recommendations on filtering of IPv4 packets containing IPv4 options

Some of these are broader documents while some dive deep into specific issues or solutions.  Altogether they do represent a great amount of work on IPv6 security issues, which is excellent and definitely needed as we continue to move to using more and more IPv6 in our networks.

Thanks to Fernando and the others involved in the work for getting these updated drafts out.  If you have any comments on these drafts, I know that Fernando is always looking for feedback – his email address and contact info in Argentina can be found at the end of any of the drafts.