[Bp_ipv6] Government and enterprise procurement text

Sander Steffann sander at steffann.nl
Wed Sep 9 05:04:30 EDT 2015


The US DoD mandates that their suppliers have an IPv6 enabled website:

I have permission from Ron Broersma to quote him on this if we want to:

> We still have the policy where we don’t even let the vendors in the door to
> sell us IT stuff, unless their corporate or product web site is IPv6-enabled,
> to demonstrate their commitment to fully supporting IPv6.  We also want to
> know if they are “eating their own dogfood”.  I also just heard of a NASA
> security vendor day coming next month, where only vendors with IPv6-enabled
> web sites will be allowed to participate.

I also have permission from Enno Rey to use his IPv6 related procurement questions:

> - Do you run IPv6 in your own corporate network? Pls provide details.
> - When displaying, storing or exporting IP addresses, can your solution correctly handle IPv6 addresses of all types (link-local, ULAs, GUAs)? 
> - When receiving IP addresses as input or processing them (e.g. in a database), can your solution correctly handle IPv6 addresses of all types (link-local, ULAs, GUAs) and of variable length?
> - Does your solution implement RFC 5952 in the sense that input (of IPv6 addresses) can be in any format, but output (e.g. in log files) follows the RFC 5952 recommendation?
> - Can your solution handle both A and AAAA records from DNS?
> - Does your solution use link-local or GUAs/ULAs for intra-subnet communication? Which is the default and can both types of addresses be configured?
> - Does your product/offering comply with any of the profiles in the ripe-554 requirements specification?
> - Do all security-related functions of your solution (e.g. traffic filtering/ACLs, blacklisting, logging) fully support IPv6, with performance being equal to that of IPv4?
> - Do all implementations of management interfaces & protocols (SNMP, syslog etc.) used within your solution fully support IPv6?
> - Does your solution have a built-in webserver? Can this be configured to listen on an IPv6 address and has it been tested to successfully work in an IPv6-only or dual-stack setting?
> - Has your solution been thoroughly tested in an IPv6 only or in a dual-stack setting? Please provide proper test documentation.
> - In dual-stack settings which approach (e.g. Happy Eyeballs as of RFC 6555) does your solution follow as for preferring IPv6 over IPv4 or vice versa? Can this be configured/adjusted if needed?	

Maybe we can use (parts of) this in the text or references.


More information about the Bp_ipv6 mailing list