Issues of SAAG(ing?) Interest in the USGIPv6  V1.0 Profile. Doug Montgomery (dougm@nist.gov) and  Sheila Frankel (sheila.f...
Topics Addressed <ul><li>What are we talking about? </li></ul><ul><ul><li>USG IPv6 Profile and Testing Program </li></ul><...
USG Policy Drivers <ul><li>OMB - Policy M-05-22 & FAQ </li></ul><ul><ul><li>http://www.whitehouse.gov/omb/memoranda/fy2005...
DRAFT USGIPv6-V1.0 http://www.antd.nist.gov/usgv6-v1-comments.html <ul><li>Status / Plans </li></ul><ul><li>Circulated for...
USGIPv6-V1 Overview <ul><li>Scope and Application </li></ul><ul><ul><li>Recommendation from NIST – but in isolation is  po...
Relationship to Other Efforts <ul><li>Support OMB/GSA policies </li></ul><ul><ul><li>Provide a basis through which OMB and...
What the Profile Defines <ul><li>Sub profiles for 3 types of devices </li></ul><ul><ul><li>3. Host Profile </li></ul></ul>...
General Issues? <ul><li>Development of Testing Program </li></ul><ul><ul><li>Expect industry/USG meeting on the topic in M...
Issues of SAAG Interest? <ul><li>General </li></ul><ul><ul><li>Specsmanship </li></ul></ul><ul><ul><ul><li>Detailed profil...
Issues of SAAG Interest? <ul><li>General </li></ul><ul><ul><li>Network Protection Device Profiles </li></ul></ul><ul><ul><...
Issues of SAAG Interest? <ul><li>IPsec </li></ul><ul><ul><li>Old or new IPsec/IKE?  and when? </li></ul></ul><ul><ul><ul><...
Issues of SAAG Interest? <ul><li>IPsec </li></ul><ul><ul><li>Algorithms: </li></ul></ul><ul><ul><ul><li>USGv6 3DES-CBC(M):...
Issues of SAAG Interest? <ul><li>Base Protocol / Addressing: </li></ul><ul><ul><li>SEND/CGA:  </li></ul></ul><ul><ul><ul><...
A Different View of Things …
… more terse view.
How Can You Help? <ul><li>Submit comments on the draft USGIPv6 profile! </li></ul><ul><ul><li>[email_address] . </li></ul>...
Upcoming SlideShare
Loading in …5
×

香港六合彩

1,725 views

Published on

六合彩到底去哪儿了嘛?
风爷一想起那个标准答案,居然面红耳赤起来.弄得赵玉又是一幅闷笑的表情.
走走走,风爷,香港六合彩打饭去.玉宝宝,你在这儿好好看门,有陌生人来的话一定要汪汪叫两声,明白了吗?
香港六合彩又张牙舞爪地来掐我.我和风爷赶忙端了饭盆出门了.
我和风爷打了饭回来,赵玉就在我身边从我的盆里拨拉着跟我一起吃,象是我的一只宠物.香港六合彩这种两人共用一盆的行为曾受到全寝室同胞们的严厉批判,香港六合彩说瞧着香港六合彩这么吃饭香港六合彩就吃不下了.不过香港六合彩没去搭理香港六合彩,说习惯习惯就好了,仍然我行我素地两张嘴猛啃一盆饭,有时兴致来了还要互相喂一下,然后另外的洞人们就慌不择路地四处逃蹿.
吃饭的时候赵玉不知动错了哪根神经,突然要我说说我的初恋.
我的初恋就是你,我说.香港六合彩说打死香港六合彩香港六合彩也不信.我在想,不信就不信嘛,谁还有这等闲功夫去打死香港六合彩?
香港六合彩按住我的饭勺说:快老实交待,我是第八百零几号?不说别想吃饭.香港六合彩又回过头,问风爷:风爷,你告诉我,在我之前香港六合彩有没有女朋友?
风爷赶紧拨拉了几口饭,装作正在努力吞咽无暇讲话的样子.
一丘之貉!赵玉下了结论.
好吧好吧,我说,就跟你说说吧.我看香港六合彩失望的样子有点不忍心了,就跟香港六合彩说,你倒也不是八百零几号,你的地

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,725
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

香港六合彩

  1. 1. Issues of SAAG(ing?) Interest in the USGIPv6 V1.0 Profile. Doug Montgomery (dougm@nist.gov) and Sheila Frankel (sheila.frankel@nist.gov) NIST / Information Technology Laboratory
  2. 2. Topics Addressed <ul><li>What are we talking about? </li></ul><ul><ul><li>USG IPv6 Profile and Testing Program </li></ul></ul><ul><li>Why are we doing this? </li></ul><ul><li>What have we done? </li></ul><ul><li>What we think it means? </li></ul><ul><li>What general issues remain? </li></ul><ul><li>Issues of potential SAAG interest. </li></ul><ul><li>How can you help? </li></ul><ul><ul><li>Submit your comments … in writing! </li></ul></ul>
  3. 3. USG Policy Drivers <ul><li>OMB - Policy M-05-22 & FAQ </li></ul><ul><ul><li>http://www.whitehouse.gov/omb/memoranda/fy2005/m05-22.pdf </li></ul></ul><ul><ul><li>http://www.whitehouse.gov/omb/egov/documents/IPv6_FAQs.pdf </li></ul></ul><ul><ul><li>All Agencies – Plan for IPv6 adoption. Deploy & use “IPv6 capable/compliant” products in “core” networks by June 2008. </li></ul></ul><ul><ul><ul><li>Requires agencies to “ensure orderly and secure transition” </li></ul></ul></ul><ul><ul><ul><li>FAQ: “Agencies should verify …capability through testing …are required to maintain security during and after adoption …” </li></ul></ul></ul><ul><ul><li>NIST – “The National Institute for Standards and Technology (NIST) will develop, as necessary, a standard to address IPv6 compliance for the Federal government.” </li></ul></ul><ul><ul><li>OMB & GSA – “Additionally, as necessary, the General Services Administration and the Federal Acquisition Regulation Council will develop a suitable FAR amendment for use by all agencies.” </li></ul></ul><ul><li>FAR Case 2005-041, Internet Protocol Version 6 (IPv6) </li></ul><ul><ul><li>http://edocket.access.gpo.gov/2006/06-7126.htm </li></ul></ul><ul><ul><li>“ OMB further requires, to the maximum extent practicable, all new IT procurements include IPv6 capable products and systems. “ </li></ul></ul><ul><li>DoD Policy for Enterprise-wide Deployment of IPv6 </li></ul><ul><ul><li>http://ipv6.disa.mil/docs/stenbit-memo-20030609.pdf </li></ul></ul>
  4. 4. DRAFT USGIPv6-V1.0 http://www.antd.nist.gov/usgv6-v1-comments.html <ul><li>Status / Plans </li></ul><ul><li>Circulated for USG IPv6WG Review – 2006-12-22 </li></ul><ul><li>USG comments resolved and circulated for public comment – 2007-2-1. </li></ul><ul><ul><li>30 day public comment period ended March 3 rd . </li></ul></ul><ul><ul><li>~500 comments from ~50 sources. </li></ul></ul><ul><li>Public comments resolved and final document to be published ASAP. </li></ul><ul><ul><li>~ March. </li></ul></ul><ul><li>Issue plans for the development of a testing program. </li></ul><ul><ul><li>~ March </li></ul></ul><ul><ul><li>More on this later ….. </li></ul></ul>
  5. 5. USGIPv6-V1 Overview <ul><li>Scope and Application </li></ul><ul><ul><li>Recommendation from NIST – but in isolation is policy free . </li></ul></ul><ul><ul><ul><li>Applicable to “non classified Federal IT systems”. </li></ul></ul></ul><ul><ul><li>Strategic planning document to guide acquisition of IPv6 technologies for operational deployments. </li></ul></ul><ul><ul><ul><li>Other uses/time-frames are cautioned. </li></ul></ul></ul><ul><ul><li>Defines minimal low-bar of capabilities to: </li></ul></ul><ul><ul><ul><li>Deliver expected functionality </li></ul></ul></ul><ul><ul><ul><li>Insure interoperability </li></ul></ul></ul><ul><ul><ul><li>Enable secure operation </li></ul></ul></ul><ul><ul><ul><li>Protect early investments </li></ul></ul></ul><ul><ul><li>Technical basis for further refinement and other uses: </li></ul></ul><ul><ul><ul><li>Agency / mission specific technical requirements. </li></ul></ul></ul><ul><ul><ul><ul><li>Everything that is not mentioned is optional. </li></ul></ul></ul></ul><ul><ul><ul><li>Agency / USG acquisition / deployment policies. </li></ul></ul></ul><ul><li>Defines “USGIPv6-V1 Compliant” hosts, routers, NPDs. </li></ul><ul><ul><li>Provides technical basis for product testing and certification program. </li></ul></ul>
  6. 6. Relationship to Other Efforts <ul><li>Support OMB/GSA policies </li></ul><ul><ul><li>Provide a basis through which OMB and GSA can further refine either emerging acquisition and deployment policies. </li></ul></ul><ul><ul><ul><li>Avoid policy confusion – allow policy sources to define “USG IPv6 Capable” and FAR in terms of our profile. </li></ul></ul></ul><ul><ul><ul><li>Fill in the technical pieces necessary to support these policies and their time frames. </li></ul></ul></ul><ul><ul><ul><ul><li>E.g., Provide interim specification of Network Protection Devices (firewalls and IDS systems) vital to ensure the security of Federal IT systems under OMB deployment strategy. </li></ul></ul></ul></ul><ul><li>Leverage DoD / IETF / Industry Efforts </li></ul><ul><ul><li>DISR, IETF Node Requirements, IPv6Ready, NSA, ICSA profiles and testing programs carefully analyzed. </li></ul></ul><ul><ul><li>USGv6V1.0 is a synthesis / intersection of these efforts mixed with USG specific requirements. </li></ul></ul><ul><ul><li>Long term goal is to get to a point where a distinct USG profile / testing program is unnecessary. </li></ul></ul>
  7. 7. What the Profile Defines <ul><li>Sub profiles for 3 types of devices </li></ul><ul><ul><li>3. Host Profile </li></ul></ul><ul><ul><li>4. Router Profile </li></ul></ul><ul><ul><li>5. Network Protection Device Profile </li></ul></ul><ul><li>12 Functional Categories of Capabilities </li></ul><ul><ul><li>6.1 Base </li></ul></ul><ul><ul><li>6.2 Routing </li></ul></ul><ul><ul><li>6.3 Quality of Service </li></ul></ul><ul><ul><li>6.4 Transition </li></ul></ul><ul><ul><li>6.5 Link Technology </li></ul></ul><ul><ul><li>6.6 Addressing </li></ul></ul><ul><ul><li>6.7 IPsec </li></ul></ul><ul><ul><li>6.8 Application Environment </li></ul></ul><ul><ul><li>6.9 Network Management </li></ul></ul><ul><ul><li>6.10 Multicasting </li></ul></ul><ul><ul><li>6.11 Mobility </li></ul></ul><ul><ul><li>6.12 Network Protection Devices </li></ul></ul><ul><ul><ul><li>6.12.1 Source of requirements </li></ul></ul></ul><ul><ul><ul><li>6.12.2 Common requirements for network protection devices </li></ul></ul></ul><ul><ul><ul><li>6.12.3 Firewall requirements </li></ul></ul></ul><ul><ul><ul><li>6.12.4 Intrusion detection and prevention system requirements </li></ul></ul></ul>
  8. 8. General Issues? <ul><li>Development of Testing Program </li></ul><ul><ul><li>Expect industry/USG meeting on the topic in May at NIST. </li></ul></ul><ul><li>Linkages to USG Policies </li></ul><ul><ul><li>Working with OMB / GSA to define linkages and time frames. </li></ul></ul><ul><li>Final USGv6-V1 Profile </li></ul><ul><ul><li>Resolve ~500 comments and publish. </li></ul></ul><ul><ul><li>Define profile use / maintenance cycles. </li></ul></ul>
  9. 9. Issues of SAAG Interest? <ul><li>General </li></ul><ul><ul><li>Specsmanship </li></ul></ul><ul><ul><ul><li>Detailed profiling of IETF normative requirements is challenging. </li></ul></ul></ul><ul><ul><ul><ul><li>This issue is particularly acute in the IPsec area. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Poison pill technique? </li></ul></ul></ul></ul><ul><ul><li>Device profiles? </li></ul></ul><ul><ul><ul><li>How many / types of conformance classes of IPv6 implementations? </li></ul></ul></ul><ul><ul><ul><li>USGv6: Hosts, Routers, Network Protection Devices (NPDs) </li></ul></ul></ul><ul><ul><ul><li>IETF: Hosts, Routers </li></ul></ul></ul><ul><ul><ul><li>Why would we need more? </li></ul></ul></ul><ul><ul><ul><ul><li>Allow some IPv6 devices to not implement IPsec, SNMP, DHCP. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Grandfather existing implementations … </li></ul></ul></ul></ul><ul><ul><ul><li>Why did we need 3? </li></ul></ul></ul>
  10. 10. Issues of SAAG Interest? <ul><li>General </li></ul><ul><ul><li>Network Protection Device Profiles </li></ul></ul><ul><ul><ul><li>Capability / behavior specifications for Firewalls, IDS/IPS systems. </li></ul></ul></ul><ul><ul><ul><li>Seeming void in the industry. </li></ul></ul></ul><ul><ul><ul><ul><li>We would have loved to cite consensus standards. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>We did consult “requirements” as we could find them (NSA, ICSA, etc). </li></ul></ul></ul></ul><ul><ul><ul><li>Received Comment – “remove from USG profile and submit to the IETF”. </li></ul></ul></ul><ul><ul><ul><ul><li>USG has operational deployment policies (June 2008) that can’t wait for this right now. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Not sure if the IETF considers NPD specifications within their scope. </li></ul></ul></ul></ul>
  11. 11. Issues of SAAG Interest? <ul><li>IPsec </li></ul><ul><ul><li>Old or new IPsec/IKE? and when? </li></ul></ul><ul><ul><ul><li>USGv6 Arch: Arch-v2/2401(M), Arch-v3/4301(S+) </li></ul></ul></ul><ul><ul><ul><li>USGv6 IKE: IKE-v1/2409(M), IKE-v2/4306(S+) </li></ul></ul></ul><ul><ul><ul><li>When can IPsec-v3/IKE-v2 be M? </li></ul></ul></ul><ul><ul><ul><li>When could IPsec-v2/IKE-v1 be M-? </li></ul></ul></ul><ul><ul><li>AH mandated or optional? </li></ul></ul><ul><ul><ul><li>USGv6: AH-v2/2402(O), AH-v3/4302(O). </li></ul></ul></ul><ul><ul><ul><li>Seems to be some disagreement in the industry about AH utility/advisability? </li></ul></ul></ul><ul><ul><ul><ul><li>IETF: AH(O) in Arch-v3/4301, but AH(M) in Node-Reqs/4294. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Concerns about unused/tested protocol, operational concerns. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Other protocols that require AH? (OSPFv3). </li></ul></ul></ul></ul>
  12. 12. Issues of SAAG Interest? <ul><li>IPsec </li></ul><ul><ul><li>Algorithms: </li></ul></ul><ul><ul><ul><li>USGv6 3DES-CBC(M): </li></ul></ul></ul><ul><ul><ul><ul><li>IETF: (M-) for Crypt-ESP-AH/4305 and Crypt-IKEv2/4307. </li></ul></ul></ul></ul><ul><ul><ul><li>USGv6 AES-CBC-128(M): </li></ul></ul></ul><ul><ul><ul><ul><li>IETF: (S+) for Crypt-ESP-AH/4305 and Crypt-IKEv2/4307, (S) for Crypt-IKEv1/4109. </li></ul></ul></ul></ul><ul><ul><ul><li>USGv6 Null-Auth(O): </li></ul></ul></ul><ul><ul><ul><ul><li>IETF: (M) in Crypto-Algs-ESP-AH/4305, but (O) in draft-manral-ipsec-rfc4305-bis-errata-03.txt </li></ul></ul></ul></ul><ul><ul><ul><li>USGv6 AES-GCM/AES-GMAC(O): </li></ul></ul></ul><ul><ul><ul><ul><li>Need understanding of status in industry / DoD. </li></ul></ul></ul></ul><ul><ul><li>IKEv2 </li></ul></ul><ul><ul><ul><li>USGv6 NAT-T(M): but UDP-encap/3948 is (O)? </li></ul></ul></ul><ul><ul><ul><li>USGv6 DPD/3706(O): Required/preferred for IKEv2? </li></ul></ul></ul>
  13. 13. Issues of SAAG Interest? <ul><li>Base Protocol / Addressing: </li></ul><ul><ul><li>SEND/CGA: </li></ul></ul><ul><ul><ul><li>USGv6: SEND/3971(S+), CGA/3972(S+) </li></ul></ul></ul><ul><ul><ul><li>Consistent with DoD …but, consistent with reality? </li></ul></ul></ul><ul><ul><li>Privacy Addresses </li></ul></ul><ul><ul><ul><li>USGv6: PA/3401(S) </li></ul></ul></ul><ul><ul><ul><li>Some thoughts abound that an IP address is Personally Identifying Information (PII), maybe privacy addresses will be universally mandated? </li></ul></ul></ul>
  14. 14. A Different View of Things …
  15. 15. … more terse view.
  16. 16. How Can You Help? <ul><li>Submit comments on the draft USGIPv6 profile! </li></ul><ul><ul><li>[email_address] . </li></ul></ul><ul><li>Participate in upcoming forums. </li></ul><ul><ul><li>GSA/OMB “USG IPv6 industry day” – in planning. </li></ul></ul><ul><ul><li>NIST – IPv6 Testing Forum – in planning - ~May 4 th @ NIST. </li></ul></ul><ul><li>Encourage / Embrace User Group Participation </li></ul><ul><ul><li>In industry profiles, testing plans, etc. </li></ul></ul>

×