Vient de paraître (pdf en téléchargement) : http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-119
Résumé court : « NIST announces the public comment release of Special Publication (SP) 800-119, Guidelines for the Secure Deployment of IPv6. IPv6 (Internet Protocol version 6) is the next generation Internet Protocol, accommodating vastly increased address space. This document describes and analyzes IPv6’s new and expanded protocols, services, and capabilities, including addressing, DNS, routing, mobility, quality of service, multihoming, and IPsec. For each component, there is a detailed analysis of the differences between IPv4 and IPv6, the security ramifications and any unknown aspects. It characterizes new security threats posed by the transition to IPv6 and provides guidelines on IPv6 deployment, including transition, integration, configuration, and testing. It also addresses more recent significant changes in the approach to IPv6 transition. »
Audience : « This document is intended primarily for network engineers and administrators who are responsible forplanning, building, and operating IP networks, as well as security engineers and administrators who areresponsible for providing Information Assurance support. Anyone interested in deploying IPv6technologies and related security implications may also find the document useful. It is assumed thatreaders are already familiar with basic IPv4, data networking, and network security concepts. «
Commentaires :
À la lecture du résumé (executive summary, pages ES-1-ES-3) et de la table des matières, le document a l’air très intéressant et instructif.Le document semble assez équilibré : reconnaissance des avancées en matière de maturité d’IPv6 mais sans complaisance (il reste encore du chemin à faire).On y trouve des recommandations pratiques pour tous : ceux qui ont déjà déployé, ceux qui déploient et ceux qui déploieront un jour (certain). Les recommandations sont transposables bien au-delà du contexte « agences fédérales »…
Enfin, c’est un draft et vous pouvez donc envoyer vos commentaires :« NIST requests comments on Draft SP 800-119 by April 23, 2010. Please submit comments to draft-sp800-119-comments@nist.gov with « Comments SP 800-119″ in the subject line. »