Deploy360 21 January 2013

10 Updated Internet-Drafts Related to IPv6 Security

By Dan YorkDirector, Internet Technology

Fernando Gont of SI6 Networks has been a VERY busy man lately!  He and his colleagues and co-authors have recently updated a whole host of Internet-Drafts related to IPv6 security.  In a post to the full-disclosure mailing list, Fernando provided his list that includes:

Network Reconnaissance in IPv6 Networks

Security Implications of IPv6 on IPv4 Networks

Virtual Private Network (VPN) traffic leakages in dual-stack
hosts/ networks

Security Assessment of Neighbor Discovery (ND) for IPv6

DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers

Security Implications of IPv6 Fragmentation with IPv6
Neighbor Discovery

Security Implications of IPv6 options of Type 10xxxxxx

Security Implications of Predictable Fragment

Processing of IPv6 “atomic” fragments

Recommendations on filtering of IPv4 packets containing IPv4 options

Some of these are broader documents while some dive deep into specific issues or solutions.  Altogether they do represent a great amount of work on IPv6 security issues, which is excellent and definitely needed as we continue to move to using more and more IPv6 in our networks.

Thanks to Fernando and the others involved in the work for getting these updated drafts out.  If you have any comments on these drafts, I know that Fernando is always looking for feedback – his email address and contact info in Argentina can be found at the end of any of the drafts.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...