Issues of SAAG(ing?) Interest in the USGIPv6  V1.0 Profile. Doug Montgomery (dougm@nist.gov) and  Sheila Frankel (sheila.f...
Topics Addressed <ul><li>What are we talking about? </li></ul><ul><ul><li>USG IPv6 Profile and Testing Program </li></ul><...
USG Policy Drivers <ul><li>OMB - Policy M-05-22 & FAQ </li></ul><ul><ul><li>http://www.whitehouse.gov/omb/memoranda/fy2005...
DRAFT USGIPv6-V1.0 http://www.antd.nist.gov/usgv6-v1-comments.html <ul><li>Status / Plans </li></ul><ul><li>Circulated for...
USGIPv6-V1 Overview <ul><li>Scope and Application </li></ul><ul><ul><li>Recommendation from NIST – but in isolation is  po...
Relationship to Other Efforts <ul><li>Support OMB/GSA policies </li></ul><ul><ul><li>Provide a basis through which OMB and...
What the Profile Defines <ul><li>Sub profiles for 3 types of devices </li></ul><ul><ul><li>3. Host Profile </li></ul></ul>...
General Issues? <ul><li>Development of Testing Program </li></ul><ul><ul><li>Expect industry/USG meeting on the topic in M...
Issues of SAAG Interest? <ul><li>General </li></ul><ul><ul><li>Specsmanship </li></ul></ul><ul><ul><ul><li>Detailed profil...
Issues of SAAG Interest? <ul><li>General </li></ul><ul><ul><li>Network Protection Device Profiles </li></ul></ul><ul><ul><...
Issues of SAAG Interest? <ul><li>IPsec </li></ul><ul><ul><li>Old or new IPsec/IKE?  and when? </li></ul></ul><ul><ul><ul><...
Issues of SAAG Interest? <ul><li>IPsec </li></ul><ul><ul><li>Algorithms: </li></ul></ul><ul><ul><ul><li>USGv6 3DES-CBC(M):...
Issues of SAAG Interest? <ul><li>Base Protocol / Addressing: </li></ul><ul><ul><li>SEND/CGA:  </li></ul></ul><ul><ul><ul><...
A Different View of Things …
… more terse view.
How Can You Help? <ul><li>Submit comments on the draft USGIPv6 profile! </li></ul><ul><ul><li>[email_address] . </li></ul>...
Upcoming SlideShare
Loading in …5
×

香港六合彩|六合彩

3,238 views
3,191 views

Published on

地一一回答,说得自己象是个百战金刚,把香港六合彩那个娘们弄得要死要活,流出的(被禁止)可以装满一矿泉水瓶,(禁止)一次连着一次,嘶叫得站在街对面都可以听到香港六合彩的声音.香港六合彩的话听得香港六合彩惊其为天神,仿佛生来就是为了干这事儿的.
然后老大宣布,一个洞里从此又少了一个可耻的处男!
可怜的包菜,香港六合彩把这个当成了香港六合彩的尊严!
4.我躺到床上的时候,先同情了一阵包菜,暗骂了一通李海蓝,然后我又想起了我和赵玉在下午的对话.
我为什么要骗香港六合彩呢?
这绝对不是因为我不爱香港六合彩,因为我完全可以确认,自己也象是包菜一样陷进去了,并且越陷越深,即使是香港六合彩在利用我摆脱李熊刚也好,我也会象包菜一样义无返顾地任香港六合彩将我蹂蔺.
可是我究竟为什么要骗香港六合彩呢?
也许,我不想让任何人看到——我心里那已经倒塌的城堡,那已经在淤泥中腐烂的,一具风筝?
十三.
1.说到这里,有必要对赵玉作一个总体介绍了.不然大家可能有点担心:这是谁家的闺女儿呀?怎么就这么勾引住了骨格清奇的唐飞?到底是不是门当户对?
在这里首先要对各位对本人婚姻大事的关怀致以我最真诚的感谢,特别是女同志.然后听我慢慢道来.
玉儿姑娘也是湖南人士,家住离长沙市三四个小时车程远的一个小城市.香港六合彩比偶小两岁,却与偶同一年级.香港六合彩父亲属于那种真正的焦裕禄型的国家干部,是某国营工厂的待任厂长,但正因为香港六合彩是焦裕禄型的,所以也得到了焦裕禄型的下场,在赵玉十一岁的时候香港六合彩父亲还没当上厂长就因积劳成疾而亡,并且也象是焦裕

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,238
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

香港六合彩|六合彩

  1. 1. Issues of SAAG(ing?) Interest in the USGIPv6 V1.0 Profile. Doug Montgomery (dougm@nist.gov) and Sheila Frankel (sheila.frankel@nist.gov) NIST / Information Technology Laboratory
  2. 2. Topics Addressed <ul><li>What are we talking about? </li></ul><ul><ul><li>USG IPv6 Profile and Testing Program </li></ul></ul><ul><li>Why are we doing this? </li></ul><ul><li>What have we done? </li></ul><ul><li>What we think it means? </li></ul><ul><li>What general issues remain? </li></ul><ul><li>Issues of potential SAAG interest. </li></ul><ul><li>How can you help? </li></ul><ul><ul><li>Submit your comments … in writing! </li></ul></ul>
  3. 3. USG Policy Drivers <ul><li>OMB - Policy M-05-22 & FAQ </li></ul><ul><ul><li>http://www.whitehouse.gov/omb/memoranda/fy2005/m05-22.pdf </li></ul></ul><ul><ul><li>http://www.whitehouse.gov/omb/egov/documents/IPv6_FAQs.pdf </li></ul></ul><ul><ul><li>All Agencies – Plan for IPv6 adoption. Deploy & use “IPv6 capable/compliant” products in “core” networks by June 2008. </li></ul></ul><ul><ul><ul><li>Requires agencies to “ensure orderly and secure transition” </li></ul></ul></ul><ul><ul><ul><li>FAQ: “Agencies should verify …capability through testing …are required to maintain security during and after adoption …” </li></ul></ul></ul><ul><ul><li>NIST – “The National Institute for Standards and Technology (NIST) will develop, as necessary, a standard to address IPv6 compliance for the Federal government.” </li></ul></ul><ul><ul><li>OMB & GSA – “Additionally, as necessary, the General Services Administration and the Federal Acquisition Regulation Council will develop a suitable FAR amendment for use by all agencies.” </li></ul></ul><ul><li>FAR Case 2005-041, Internet Protocol Version 6 (IPv6) </li></ul><ul><ul><li>http://edocket.access.gpo.gov/2006/06-7126.htm </li></ul></ul><ul><ul><li>“ OMB further requires, to the maximum extent practicable, all new IT procurements include IPv6 capable products and systems. “ </li></ul></ul><ul><li>DoD Policy for Enterprise-wide Deployment of IPv6 </li></ul><ul><ul><li>http://ipv6.disa.mil/docs/stenbit-memo-20030609.pdf </li></ul></ul>
  4. 4. DRAFT USGIPv6-V1.0 http://www.antd.nist.gov/usgv6-v1-comments.html <ul><li>Status / Plans </li></ul><ul><li>Circulated for USG IPv6WG Review – 2006-12-22 </li></ul><ul><li>USG comments resolved and circulated for public comment – 2007-2-1. </li></ul><ul><ul><li>30 day public comment period ended March 3 rd . </li></ul></ul><ul><ul><li>~500 comments from ~50 sources. </li></ul></ul><ul><li>Public comments resolved and final document to be published ASAP. </li></ul><ul><ul><li>~ March. </li></ul></ul><ul><li>Issue plans for the development of a testing program. </li></ul><ul><ul><li>~ March </li></ul></ul><ul><ul><li>More on this later ….. </li></ul></ul>
  5. 5. USGIPv6-V1 Overview <ul><li>Scope and Application </li></ul><ul><ul><li>Recommendation from NIST – but in isolation is policy free . </li></ul></ul><ul><ul><ul><li>Applicable to “non classified Federal IT systems”. </li></ul></ul></ul><ul><ul><li>Strategic planning document to guide acquisition of IPv6 technologies for operational deployments. </li></ul></ul><ul><ul><ul><li>Other uses/time-frames are cautioned. </li></ul></ul></ul><ul><ul><li>Defines minimal low-bar of capabilities to: </li></ul></ul><ul><ul><ul><li>Deliver expected functionality </li></ul></ul></ul><ul><ul><ul><li>Insure interoperability </li></ul></ul></ul><ul><ul><ul><li>Enable secure operation </li></ul></ul></ul><ul><ul><ul><li>Protect early investments </li></ul></ul></ul><ul><ul><li>Technical basis for further refinement and other uses: </li></ul></ul><ul><ul><ul><li>Agency / mission specific technical requirements. </li></ul></ul></ul><ul><ul><ul><ul><li>Everything that is not mentioned is optional. </li></ul></ul></ul></ul><ul><ul><ul><li>Agency / USG acquisition / deployment policies. </li></ul></ul></ul><ul><li>Defines “USGIPv6-V1 Compliant” hosts, routers, NPDs. </li></ul><ul><ul><li>Provides technical basis for product testing and certification program. </li></ul></ul>
  6. 6. Relationship to Other Efforts <ul><li>Support OMB/GSA policies </li></ul><ul><ul><li>Provide a basis through which OMB and GSA can further refine either emerging acquisition and deployment policies. </li></ul></ul><ul><ul><ul><li>Avoid policy confusion – allow policy sources to define “USG IPv6 Capable” and FAR in terms of our profile. </li></ul></ul></ul><ul><ul><ul><li>Fill in the technical pieces necessary to support these policies and their time frames. </li></ul></ul></ul><ul><ul><ul><ul><li>E.g., Provide interim specification of Network Protection Devices (firewalls and IDS systems) vital to ensure the security of Federal IT systems under OMB deployment strategy. </li></ul></ul></ul></ul><ul><li>Leverage DoD / IETF / Industry Efforts </li></ul><ul><ul><li>DISR, IETF Node Requirements, IPv6Ready, NSA, ICSA profiles and testing programs carefully analyzed. </li></ul></ul><ul><ul><li>USGv6V1.0 is a synthesis / intersection of these efforts mixed with USG specific requirements. </li></ul></ul><ul><ul><li>Long term goal is to get to a point where a distinct USG profile / testing program is unnecessary. </li></ul></ul>
  7. 7. What the Profile Defines <ul><li>Sub profiles for 3 types of devices </li></ul><ul><ul><li>3. Host Profile </li></ul></ul><ul><ul><li>4. Router Profile </li></ul></ul><ul><ul><li>5. Network Protection Device Profile </li></ul></ul><ul><li>12 Functional Categories of Capabilities </li></ul><ul><ul><li>6.1 Base </li></ul></ul><ul><ul><li>6.2 Routing </li></ul></ul><ul><ul><li>6.3 Quality of Service </li></ul></ul><ul><ul><li>6.4 Transition </li></ul></ul><ul><ul><li>6.5 Link Technology </li></ul></ul><ul><ul><li>6.6 Addressing </li></ul></ul><ul><ul><li>6.7 IPsec </li></ul></ul><ul><ul><li>6.8 Application Environment </li></ul></ul><ul><ul><li>6.9 Network Management </li></ul></ul><ul><ul><li>6.10 Multicasting </li></ul></ul><ul><ul><li>6.11 Mobility </li></ul></ul><ul><ul><li>6.12 Network Protection Devices </li></ul></ul><ul><ul><ul><li>6.12.1 Source of requirements </li></ul></ul></ul><ul><ul><ul><li>6.12.2 Common requirements for network protection devices </li></ul></ul></ul><ul><ul><ul><li>6.12.3 Firewall requirements </li></ul></ul></ul><ul><ul><ul><li>6.12.4 Intrusion detection and prevention system requirements </li></ul></ul></ul>
  8. 8. General Issues? <ul><li>Development of Testing Program </li></ul><ul><ul><li>Expect industry/USG meeting on the topic in May at NIST. </li></ul></ul><ul><li>Linkages to USG Policies </li></ul><ul><ul><li>Working with OMB / GSA to define linkages and time frames. </li></ul></ul><ul><li>Final USGv6-V1 Profile </li></ul><ul><ul><li>Resolve ~500 comments and publish. </li></ul></ul><ul><ul><li>Define profile use / maintenance cycles. </li></ul></ul>
  9. 9. Issues of SAAG Interest? <ul><li>General </li></ul><ul><ul><li>Specsmanship </li></ul></ul><ul><ul><ul><li>Detailed profiling of IETF normative requirements is challenging. </li></ul></ul></ul><ul><ul><ul><ul><li>This issue is particularly acute in the IPsec area. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Poison pill technique? </li></ul></ul></ul></ul><ul><ul><li>Device profiles? </li></ul></ul><ul><ul><ul><li>How many / types of conformance classes of IPv6 implementations? </li></ul></ul></ul><ul><ul><ul><li>USGv6: Hosts, Routers, Network Protection Devices (NPDs) </li></ul></ul></ul><ul><ul><ul><li>IETF: Hosts, Routers </li></ul></ul></ul><ul><ul><ul><li>Why would we need more? </li></ul></ul></ul><ul><ul><ul><ul><li>Allow some IPv6 devices to not implement IPsec, SNMP, DHCP. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Grandfather existing implementations … </li></ul></ul></ul></ul><ul><ul><ul><li>Why did we need 3? </li></ul></ul></ul>
  10. 10. Issues of SAAG Interest? <ul><li>General </li></ul><ul><ul><li>Network Protection Device Profiles </li></ul></ul><ul><ul><ul><li>Capability / behavior specifications for Firewalls, IDS/IPS systems. </li></ul></ul></ul><ul><ul><ul><li>Seeming void in the industry. </li></ul></ul></ul><ul><ul><ul><ul><li>We would have loved to cite consensus standards. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>We did consult “requirements” as we could find them (NSA, ICSA, etc). </li></ul></ul></ul></ul><ul><ul><ul><li>Received Comment – “remove from USG profile and submit to the IETF”. </li></ul></ul></ul><ul><ul><ul><ul><li>USG has operational deployment policies (June 2008) that can’t wait for this right now. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Not sure if the IETF considers NPD specifications within their scope. </li></ul></ul></ul></ul>
  11. 11. Issues of SAAG Interest? <ul><li>IPsec </li></ul><ul><ul><li>Old or new IPsec/IKE? and when? </li></ul></ul><ul><ul><ul><li>USGv6 Arch: Arch-v2/2401(M), Arch-v3/4301(S+) </li></ul></ul></ul><ul><ul><ul><li>USGv6 IKE: IKE-v1/2409(M), IKE-v2/4306(S+) </li></ul></ul></ul><ul><ul><ul><li>When can IPsec-v3/IKE-v2 be M? </li></ul></ul></ul><ul><ul><ul><li>When could IPsec-v2/IKE-v1 be M-? </li></ul></ul></ul><ul><ul><li>AH mandated or optional? </li></ul></ul><ul><ul><ul><li>USGv6: AH-v2/2402(O), AH-v3/4302(O). </li></ul></ul></ul><ul><ul><ul><li>Seems to be some disagreement in the industry about AH utility/advisability? </li></ul></ul></ul><ul><ul><ul><ul><li>IETF: AH(O) in Arch-v3/4301, but AH(M) in Node-Reqs/4294. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Concerns about unused/tested protocol, operational concerns. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Other protocols that require AH? (OSPFv3). </li></ul></ul></ul></ul>
  12. 12. Issues of SAAG Interest? <ul><li>IPsec </li></ul><ul><ul><li>Algorithms: </li></ul></ul><ul><ul><ul><li>USGv6 3DES-CBC(M): </li></ul></ul></ul><ul><ul><ul><ul><li>IETF: (M-) for Crypt-ESP-AH/4305 and Crypt-IKEv2/4307. </li></ul></ul></ul></ul><ul><ul><ul><li>USGv6 AES-CBC-128(M): </li></ul></ul></ul><ul><ul><ul><ul><li>IETF: (S+) for Crypt-ESP-AH/4305 and Crypt-IKEv2/4307, (S) for Crypt-IKEv1/4109. </li></ul></ul></ul></ul><ul><ul><ul><li>USGv6 Null-Auth(O): </li></ul></ul></ul><ul><ul><ul><ul><li>IETF: (M) in Crypto-Algs-ESP-AH/4305, but (O) in draft-manral-ipsec-rfc4305-bis-errata-03.txt </li></ul></ul></ul></ul><ul><ul><ul><li>USGv6 AES-GCM/AES-GMAC(O): </li></ul></ul></ul><ul><ul><ul><ul><li>Need understanding of status in industry / DoD. </li></ul></ul></ul></ul><ul><ul><li>IKEv2 </li></ul></ul><ul><ul><ul><li>USGv6 NAT-T(M): but UDP-encap/3948 is (O)? </li></ul></ul></ul><ul><ul><ul><li>USGv6 DPD/3706(O): Required/preferred for IKEv2? </li></ul></ul></ul>
  13. 13. Issues of SAAG Interest? <ul><li>Base Protocol / Addressing: </li></ul><ul><ul><li>SEND/CGA: </li></ul></ul><ul><ul><ul><li>USGv6: SEND/3971(S+), CGA/3972(S+) </li></ul></ul></ul><ul><ul><ul><li>Consistent with DoD …but, consistent with reality? </li></ul></ul></ul><ul><ul><li>Privacy Addresses </li></ul></ul><ul><ul><ul><li>USGv6: PA/3401(S) </li></ul></ul></ul><ul><ul><ul><li>Some thoughts abound that an IP address is Personally Identifying Information (PII), maybe privacy addresses will be universally mandated? </li></ul></ul></ul>
  14. 14. A Different View of Things …
  15. 15. … more terse view.
  16. 16. How Can You Help? <ul><li>Submit comments on the draft USGIPv6 profile! </li></ul><ul><ul><li>[email_address] . </li></ul></ul><ul><li>Participate in upcoming forums. </li></ul><ul><ul><li>GSA/OMB “USG IPv6 industry day” – in planning. </li></ul></ul><ul><ul><li>NIST – IPv6 Testing Forum – in planning - ~May 4 th @ NIST. </li></ul></ul><ul><li>Encourage / Embrace User Group Participation </li></ul><ul><ul><li>In industry profiles, testing plans, etc. </li></ul></ul>

×