National Institute of Standards and Technology
National Telecommunications and Information Administration
DEPARTMENT OF COMMERCE
Comments on Deployment of Internet Protocol, Version 6
Docket No. 040107006-4006-01
The Internet Security Alliance is pleased to provide its response to the above captioned Notice of Inquiry: Request for Comments on Deployment of Internet Protocol Version 6, as published in the federal Register by NIST and NTIA on 21 January, 2004.
As a trade association focused on improved cyber security and representing more than 50 corporate members serving various sectors of the economy on four continents, we believe we have a unique perspective to address the security aspects of this inquiry.
The Internet Security Alliance (ISAlliance) understands the desire, and in many cases, the need to deploy IPV6 protocol as a replacement for the current implementation of Internet Protocol (IPV4) from a network addressability perspective and for the merits that the expanded network feature set provides to the implementer.
IPv6 would be deployed to co-exist with and ultimately replace a set of IPv4 systems and protocols that have 20+ years of implementation and deployment experience. The IS Alliance has concerns regarding the motivation for the deployment of IPv6 from the perspective of network security as outlined in the 3 broad areas below:
· Industry, with assistance from the established security monitoring and alerting services, can and must use the systems established during the development of IPv4 to expedite the security hardening of IPv6 implementations.
· The ISAlliance believes that the experience, expertise and systems put in place to build up the security of IPv4 can be applied to ameliorate the initial shortcomings of IPv6 implementations.
It is of major concern to the ISAlliance membership that organizations considering the deployment of IPV6 understand, very clearly, that implementations of IPV6 are not necessarily more secure than IPv4 despite the addition of IPSec capabilities to the protocol as a standard feature set. We believe that the deployment of IPv6 alongside IPv4 will throw up additional issues in security that have not been experienced in the single protocol environment of existing IPv4 networks. It is very important that all parties work together to deliver solutions and improved practices to overcome these problems.