Advanced IPv6 Residential Security

draft-vyncke-advanced-ipv6-security-01.txt

Eric Vyncke evyncke@cisco.comMark Townsley townsley@cisco.com

March 2010

Advanced Security

User Feedback

User control

IPS

Dynamic Policy & Signatures

Update On-line Access to

IP Address Reputation

Overview7 policies are identified in the -00. These are largely

based on features which are commonly available in “advanced” security gear for enterprises today

Home edge router is not something that is purchased and thrown away when obsolete. Instead, it is actively updated like many other consumer devices are today (PCs, iPods and iPhones, etc.)

Business model may include a paid subscription service from the manufacturer, a participating service or content provider, consortium, etc.

Why is this important to IPv6?Security policy can be adjusted to match the

threat as attacks arriveWe don’t break end-to-end IPv6, unless we

absolutely have to

-00 at IETF 76-00 presented at V6OPS & SAAGGlobally positive reaction

The crypto part could be improved/better presentedParanoid Openness is very much needed for IPv6Already known as Universal Threat Mitigation for

large enterprisesCould/should cross pollination with simple-security ID

Between IETF76 & 77Small design team has be createdBut, little progress done (Eric’s & Mark’s fault)-01 delta

Some cosmeticsMore reference to UTMReference to previous I-D

After IETF 77Activate the design teamSome discussions at HomeGate interim in ParisBoF in IETF 78?Bring rule7 (rate limited but open inbound) into

simple security?