Re: Seeking IPv6 Security Resources

[Joe Klein <jsklein () gmail com>]

Chris,

Are you aware IPv6 has 3 or arguably 4 major generations of standards?

Each generation requires nuanced defense strategies, based on which clauses
("must" and "should") were implemented. Some of the derived security works,
do not reflect, and in some cases contradict current security
recommendations. The perceived newness of the technology, and ambiguities
of recommendations have resulted in 'pushback' by the security community to
implement IPv6. This has forced us to continue with the implement of IPv6
and 'trust' the vender recommendations, based on the limitations of that
venders products.

In the cracks, between the standards and implementation of these standards,
are where security vulnerabilities exist, compromises lay, and defenses
crumble.

Joe Klein
"Inveniam viam aut faciam"

On Tue, Nov 25, 2014 at 3:32 PM, Chris Grundemann <cgrundemann () gmail com>
wrote:

> Hail NANOG!
>
> I am looking for IPv6 security resources to add to:
> http://www.internetsociety.org/deploy360/ipv6/security/
>
> These could be best current practice documents, case-studies,
> lessons-learned/issues-found, research/evaluations, RFCs, or anything else
> focused on IPv6 security really.
>
> I'm not requesting that anyone do any new work, just that you point me to
> solid public documents that already exist. Feel free to share on-list or
> privately, both documents you may have authored and those you have found
> helpful.
>
> Thanks!
> ~Chris
>
> Note: Not every document shared will get posted to the Deploy360 site.
>
> --
> @ChrisGrundemann
> http://chrisgrundemann.com