香港六合彩

  • 769 views
Uploaded on

常以各种理由跟我探讨难解的数学题,研究作文的破题方法,心血来潮还会用几块饼干几颗话梅引诱我. …

常以各种理由跟我探讨难解的数学题,研究作文的破题方法,心血来潮还会用几块饼干几颗话梅引诱我.
那天,我正盯着李雪皙白的手背进入一个想象世界,就听班主任拿给我一封信,我接过来一看,信封上写着我的地址和我的名字,字体清秀,落款是花,我一拍脑袋,原来是小花给我的信.
小花说从一个亲戚那知道我的地址就给我写了信,问我几年来过得好不好,合肥的火车是不是很长,很漂亮,还羞涩的暗示我有没有想到香港六合彩,并在最后婉转的表示,有机会一定过来找我,履行儿时的誓言……
我比较心虚,我对不起你小花,我没怎么花时间想你,也没有思想准备当你是我那口子,也不认为应该履行大人们安排的婚约,你可以过来骂我、打我,但不要这样用温柔来折磨我!何况……何况我现在有了心

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
769
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Issues of SAAG(ing?) Interest in the USGIPv6 V1.0 Profile. Doug Montgomery (dougm@nist.gov) and Sheila Frankel (sheila.frankel@nist.gov) NIST / Information Technology Laboratory
  • 2. Topics Addressed
    • What are we talking about?
      • USG IPv6 Profile and Testing Program
    • Why are we doing this?
    • What have we done?
    • What we think it means?
    • What general issues remain?
    • Issues of potential SAAG interest.
    • How can you help?
      • Submit your comments … in writing!
  • 3. USG Policy Drivers
    • OMB - Policy M-05-22 & FAQ
      • http://www.whitehouse.gov/omb/memoranda/fy2005/m05-22.pdf
      • http://www.whitehouse.gov/omb/egov/documents/IPv6_FAQs.pdf
      • All Agencies – Plan for IPv6 adoption. Deploy & use “IPv6 capable/compliant” products in “core” networks by June 2008.
        • Requires agencies to “ensure orderly and secure transition”
        • FAQ: “Agencies should verify …capability through testing …are required to maintain security during and after adoption …”
      • NIST – “The National Institute for Standards and Technology (NIST) will develop, as necessary, a standard to address IPv6 compliance for the Federal government.”
      • OMB & GSA – “Additionally, as necessary, the General Services Administration and the Federal Acquisition Regulation Council will develop a suitable FAR amendment for use by all agencies.”
    • FAR Case 2005-041, Internet Protocol Version 6 (IPv6)
      • http://edocket.access.gpo.gov/2006/06-7126.htm
      • “ OMB further requires, to the maximum extent practicable, all new IT procurements include IPv6 capable products and systems. “
    • DoD Policy for Enterprise-wide Deployment of IPv6
      • http://ipv6.disa.mil/docs/stenbit-memo-20030609.pdf
  • 4. DRAFT USGIPv6-V1.0 http://www.antd.nist.gov/usgv6-v1-comments.html
    • Status / Plans
    • Circulated for USG IPv6WG Review – 2006-12-22
    • USG comments resolved and circulated for public comment – 2007-2-1.
      • 30 day public comment period ended March 3 rd .
      • ~500 comments from ~50 sources.
    • Public comments resolved and final document to be published ASAP.
      • ~ March.
    • Issue plans for the development of a testing program.
      • ~ March
      • More on this later …..
  • 5. USGIPv6-V1 Overview
    • Scope and Application
      • Recommendation from NIST – but in isolation is policy free .
        • Applicable to “non classified Federal IT systems”.
      • Strategic planning document to guide acquisition of IPv6 technologies for operational deployments.
        • Other uses/time-frames are cautioned.
      • Defines minimal low-bar of capabilities to:
        • Deliver expected functionality
        • Insure interoperability
        • Enable secure operation
        • Protect early investments
      • Technical basis for further refinement and other uses:
        • Agency / mission specific technical requirements.
          • Everything that is not mentioned is optional.
        • Agency / USG acquisition / deployment policies.
    • Defines “USGIPv6-V1 Compliant” hosts, routers, NPDs.
      • Provides technical basis for product testing and certification program.
  • 6. Relationship to Other Efforts
    • Support OMB/GSA policies
      • Provide a basis through which OMB and GSA can further refine either emerging acquisition and deployment policies.
        • Avoid policy confusion – allow policy sources to define “USG IPv6 Capable” and FAR in terms of our profile.
        • Fill in the technical pieces necessary to support these policies and their time frames.
          • E.g., Provide interim specification of Network Protection Devices (firewalls and IDS systems) vital to ensure the security of Federal IT systems under OMB deployment strategy.
    • Leverage DoD / IETF / Industry Efforts
      • DISR, IETF Node Requirements, IPv6Ready, NSA, ICSA profiles and testing programs carefully analyzed.
      • USGv6V1.0 is a synthesis / intersection of these efforts mixed with USG specific requirements.
      • Long term goal is to get to a point where a distinct USG profile / testing program is unnecessary.
  • 7. What the Profile Defines
    • Sub profiles for 3 types of devices
      • 3. Host Profile
      • 4. Router Profile
      • 5. Network Protection Device Profile
    • 12 Functional Categories of Capabilities
      • 6.1 Base
      • 6.2 Routing
      • 6.3 Quality of Service
      • 6.4 Transition
      • 6.5 Link Technology
      • 6.6 Addressing
      • 6.7 IPsec
      • 6.8 Application Environment
      • 6.9 Network Management
      • 6.10 Multicasting
      • 6.11 Mobility
      • 6.12 Network Protection Devices
        • 6.12.1 Source of requirements
        • 6.12.2 Common requirements for network protection devices
        • 6.12.3 Firewall requirements
        • 6.12.4 Intrusion detection and prevention system requirements
  • 8. General Issues?
    • Development of Testing Program
      • Expect industry/USG meeting on the topic in May at NIST.
    • Linkages to USG Policies
      • Working with OMB / GSA to define linkages and time frames.
    • Final USGv6-V1 Profile
      • Resolve ~500 comments and publish.
      • Define profile use / maintenance cycles.
  • 9. Issues of SAAG Interest?
    • General
      • Specsmanship
        • Detailed profiling of IETF normative requirements is challenging.
          • This issue is particularly acute in the IPsec area.
          • Poison pill technique?
      • Device profiles?
        • How many / types of conformance classes of IPv6 implementations?
        • USGv6: Hosts, Routers, Network Protection Devices (NPDs)
        • IETF: Hosts, Routers
        • Why would we need more?
          • Allow some IPv6 devices to not implement IPsec, SNMP, DHCP.
          • Grandfather existing implementations …
        • Why did we need 3?
  • 10. Issues of SAAG Interest?
    • General
      • Network Protection Device Profiles
        • Capability / behavior specifications for Firewalls, IDS/IPS systems.
        • Seeming void in the industry.
          • We would have loved to cite consensus standards.
          • We did consult “requirements” as we could find them (NSA, ICSA, etc).
        • Received Comment – “remove from USG profile and submit to the IETF”.
          • USG has operational deployment policies (June 2008) that can’t wait for this right now.
          • Not sure if the IETF considers NPD specifications within their scope.
  • 11. Issues of SAAG Interest?
    • IPsec
      • Old or new IPsec/IKE? and when?
        • USGv6 Arch: Arch-v2/2401(M), Arch-v3/4301(S+)
        • USGv6 IKE: IKE-v1/2409(M), IKE-v2/4306(S+)
        • When can IPsec-v3/IKE-v2 be M?
        • When could IPsec-v2/IKE-v1 be M-?
      • AH mandated or optional?
        • USGv6: AH-v2/2402(O), AH-v3/4302(O).
        • Seems to be some disagreement in the industry about AH utility/advisability?
          • IETF: AH(O) in Arch-v3/4301, but AH(M) in Node-Reqs/4294.
          • Concerns about unused/tested protocol, operational concerns.
          • Other protocols that require AH? (OSPFv3).
  • 12. Issues of SAAG Interest?
    • IPsec
      • Algorithms:
        • USGv6 3DES-CBC(M):
          • IETF: (M-) for Crypt-ESP-AH/4305 and Crypt-IKEv2/4307.
        • USGv6 AES-CBC-128(M):
          • IETF: (S+) for Crypt-ESP-AH/4305 and Crypt-IKEv2/4307, (S) for Crypt-IKEv1/4109.
        • USGv6 Null-Auth(O):
          • IETF: (M) in Crypto-Algs-ESP-AH/4305, but (O) in draft-manral-ipsec-rfc4305-bis-errata-03.txt
        • USGv6 AES-GCM/AES-GMAC(O):
          • Need understanding of status in industry / DoD.
      • IKEv2
        • USGv6 NAT-T(M): but UDP-encap/3948 is (O)?
        • USGv6 DPD/3706(O): Required/preferred for IKEv2?
  • 13. Issues of SAAG Interest?
    • Base Protocol / Addressing:
      • SEND/CGA:
        • USGv6: SEND/3971(S+), CGA/3972(S+)
        • Consistent with DoD …but, consistent with reality?
      • Privacy Addresses
        • USGv6: PA/3401(S)
        • Some thoughts abound that an IP address is Personally Identifying Information (PII), maybe privacy addresses will be universally mandated?
  • 14. A Different View of Things …
  • 15. … more terse view.
  • 16. How Can You Help?
    • Submit comments on the draft USGIPv6 profile!
      • [email_address] .
    • Participate in upcoming forums.
      • GSA/OMB “USG IPv6 industry day” – in planning.
      • NIST – IPv6 Testing Forum – in planning - ~May 4 th @ NIST.
    • Encourage / Embrace User Group Participation
      • In industry profiles, testing plans, etc.