Your SlideShare is downloading. ×
  • Like
六合彩,香港六合彩
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

六合彩,香港六合彩

  • 1,358 views
Published

的身体是正常的,否则,没有任何一个人因为忧虑而兴高采烈.小学没毕业,我就说过李雪是冰雪聪明的,这是我唯一看准一个人的资本.我只是微微皱了下眉头,嘴巴如一条脱水的鱼般撇了撇,香港六合彩就立刻问我:怎么了,愁眉苦脸的?我心想,愁眉是可以确定的,但我的脸天生就是酷的样子,或者可以形容为冷俊,说我苦怕有些不尊重事实. …

的身体是正常的,否则,没有任何一个人因为忧虑而兴高采烈.小学没毕业,我就说过李雪是冰雪聪明的,这是我唯一看准一个人的资本.我只是微微皱了下眉头,嘴巴如一条脱水的鱼般撇了撇,香港六合彩就立刻问我:怎么了,愁眉苦脸的?我心想,愁眉是可以确定的,但我的脸天生就是酷的样子,或者可以形容为冷俊,说我苦怕有些不尊重事实.
我好好的啊,瞧我笑得多欢啊!我咧开嘴,嬉皮笑脸的对着李雪,也许是从紧缩的状态突然转变为舒展的状态,我的面部有撕裂般的疼痛感,如严寒冬季里刀割一样.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,358
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Issues of SAAG(ing?) Interest in the USGIPv6 V1.0 Profile. Doug Montgomery (dougm@nist.gov) and Sheila Frankel (sheila.frankel@nist.gov) NIST / Information Technology Laboratory
  • 2. Topics Addressed
    • What are we talking about?
      • USG IPv6 Profile and Testing Program
    • Why are we doing this?
    • What have we done?
    • What we think it means?
    • What general issues remain?
    • Issues of potential SAAG interest.
    • How can you help?
      • Submit your comments … in writing!
  • 3. USG Policy Drivers
    • OMB - Policy M-05-22 & FAQ
      • http://www.whitehouse.gov/omb/memoranda/fy2005/m05-22.pdf
      • http://www.whitehouse.gov/omb/egov/documents/IPv6_FAQs.pdf
      • All Agencies – Plan for IPv6 adoption. Deploy & use “IPv6 capable/compliant” products in “core” networks by June 2008.
        • Requires agencies to “ensure orderly and secure transition”
        • FAQ: “Agencies should verify …capability through testing …are required to maintain security during and after adoption …”
      • NIST – “The National Institute for Standards and Technology (NIST) will develop, as necessary, a standard to address IPv6 compliance for the Federal government.”
      • OMB & GSA – “Additionally, as necessary, the General Services Administration and the Federal Acquisition Regulation Council will develop a suitable FAR amendment for use by all agencies.”
    • FAR Case 2005-041, Internet Protocol Version 6 (IPv6)
      • http://edocket.access.gpo.gov/2006/06-7126.htm
      • “ OMB further requires, to the maximum extent practicable, all new IT procurements include IPv6 capable products and systems. “
    • DoD Policy for Enterprise-wide Deployment of IPv6
      • http://ipv6.disa.mil/docs/stenbit-memo-20030609.pdf
  • 4. DRAFT USGIPv6-V1.0 http://www.antd.nist.gov/usgv6-v1-comments.html
    • Status / Plans
    • Circulated for USG IPv6WG Review – 2006-12-22
    • USG comments resolved and circulated for public comment – 2007-2-1.
      • 30 day public comment period ended March 3 rd .
      • ~500 comments from ~50 sources.
    • Public comments resolved and final document to be published ASAP.
      • ~ March.
    • Issue plans for the development of a testing program.
      • ~ March
      • More on this later …..
  • 5. USGIPv6-V1 Overview
    • Scope and Application
      • Recommendation from NIST – but in isolation is policy free .
        • Applicable to “non classified Federal IT systems”.
      • Strategic planning document to guide acquisition of IPv6 technologies for operational deployments.
        • Other uses/time-frames are cautioned.
      • Defines minimal low-bar of capabilities to:
        • Deliver expected functionality
        • Insure interoperability
        • Enable secure operation
        • Protect early investments
      • Technical basis for further refinement and other uses:
        • Agency / mission specific technical requirements.
          • Everything that is not mentioned is optional.
        • Agency / USG acquisition / deployment policies.
    • Defines “USGIPv6-V1 Compliant” hosts, routers, NPDs.
      • Provides technical basis for product testing and certification program.
  • 6. Relationship to Other Efforts
    • Support OMB/GSA policies
      • Provide a basis through which OMB and GSA can further refine either emerging acquisition and deployment policies.
        • Avoid policy confusion – allow policy sources to define “USG IPv6 Capable” and FAR in terms of our profile.
        • Fill in the technical pieces necessary to support these policies and their time frames.
          • E.g., Provide interim specification of Network Protection Devices (firewalls and IDS systems) vital to ensure the security of Federal IT systems under OMB deployment strategy.
    • Leverage DoD / IETF / Industry Efforts
      • DISR, IETF Node Requirements, IPv6Ready, NSA, ICSA profiles and testing programs carefully analyzed.
      • USGv6V1.0 is a synthesis / intersection of these efforts mixed with USG specific requirements.
      • Long term goal is to get to a point where a distinct USG profile / testing program is unnecessary.
  • 7. What the Profile Defines
    • Sub profiles for 3 types of devices
      • 3. Host Profile
      • 4. Router Profile
      • 5. Network Protection Device Profile
    • 12 Functional Categories of Capabilities
      • 6.1 Base
      • 6.2 Routing
      • 6.3 Quality of Service
      • 6.4 Transition
      • 6.5 Link Technology
      • 6.6 Addressing
      • 6.7 IPsec
      • 6.8 Application Environment
      • 6.9 Network Management
      • 6.10 Multicasting
      • 6.11 Mobility
      • 6.12 Network Protection Devices
        • 6.12.1 Source of requirements
        • 6.12.2 Common requirements for network protection devices
        • 6.12.3 Firewall requirements
        • 6.12.4 Intrusion detection and prevention system requirements
  • 8. General Issues?
    • Development of Testing Program
      • Expect industry/USG meeting on the topic in May at NIST.
    • Linkages to USG Policies
      • Working with OMB / GSA to define linkages and time frames.
    • Final USGv6-V1 Profile
      • Resolve ~500 comments and publish.
      • Define profile use / maintenance cycles.
  • 9. Issues of SAAG Interest?
    • General
      • Specsmanship
        • Detailed profiling of IETF normative requirements is challenging.
          • This issue is particularly acute in the IPsec area.
          • Poison pill technique?
      • Device profiles?
        • How many / types of conformance classes of IPv6 implementations?
        • USGv6: Hosts, Routers, Network Protection Devices (NPDs)
        • IETF: Hosts, Routers
        • Why would we need more?
          • Allow some IPv6 devices to not implement IPsec, SNMP, DHCP.
          • Grandfather existing implementations …
        • Why did we need 3?
  • 10. Issues of SAAG Interest?
    • General
      • Network Protection Device Profiles
        • Capability / behavior specifications for Firewalls, IDS/IPS systems.
        • Seeming void in the industry.
          • We would have loved to cite consensus standards.
          • We did consult “requirements” as we could find them (NSA, ICSA, etc).
        • Received Comment – “remove from USG profile and submit to the IETF”.
          • USG has operational deployment policies (June 2008) that can’t wait for this right now.
          • Not sure if the IETF considers NPD specifications within their scope.
  • 11. Issues of SAAG Interest?
    • IPsec
      • Old or new IPsec/IKE? and when?
        • USGv6 Arch: Arch-v2/2401(M), Arch-v3/4301(S+)
        • USGv6 IKE: IKE-v1/2409(M), IKE-v2/4306(S+)
        • When can IPsec-v3/IKE-v2 be M?
        • When could IPsec-v2/IKE-v1 be M-?
      • AH mandated or optional?
        • USGv6: AH-v2/2402(O), AH-v3/4302(O).
        • Seems to be some disagreement in the industry about AH utility/advisability?
          • IETF: AH(O) in Arch-v3/4301, but AH(M) in Node-Reqs/4294.
          • Concerns about unused/tested protocol, operational concerns.
          • Other protocols that require AH? (OSPFv3).
  • 12. Issues of SAAG Interest?
    • IPsec
      • Algorithms:
        • USGv6 3DES-CBC(M):
          • IETF: (M-) for Crypt-ESP-AH/4305 and Crypt-IKEv2/4307.
        • USGv6 AES-CBC-128(M):
          • IETF: (S+) for Crypt-ESP-AH/4305 and Crypt-IKEv2/4307, (S) for Crypt-IKEv1/4109.
        • USGv6 Null-Auth(O):
          • IETF: (M) in Crypto-Algs-ESP-AH/4305, but (O) in draft-manral-ipsec-rfc4305-bis-errata-03.txt
        • USGv6 AES-GCM/AES-GMAC(O):
          • Need understanding of status in industry / DoD.
      • IKEv2
        • USGv6 NAT-T(M): but UDP-encap/3948 is (O)?
        • USGv6 DPD/3706(O): Required/preferred for IKEv2?
  • 13. Issues of SAAG Interest?
    • Base Protocol / Addressing:
      • SEND/CGA:
        • USGv6: SEND/3971(S+), CGA/3972(S+)
        • Consistent with DoD …but, consistent with reality?
      • Privacy Addresses
        • USGv6: PA/3401(S)
        • Some thoughts abound that an IP address is Personally Identifying Information (PII), maybe privacy addresses will be universally mandated?
  • 14. A Different View of Things …
  • 15. … more terse view.
  • 16. How Can You Help?
    • Submit comments on the draft USGIPv6 profile!
      • [email_address] .
    • Participate in upcoming forums.
      • GSA/OMB “USG IPv6 industry day” – in planning.
      • NIST – IPv6 Testing Forum – in planning - ~May 4 th @ NIST.
    • Encourage / Embrace User Group Participation
      • In industry profiles, testing plans, etc.