From joelja@bogus.com Mon Oct 5 20:15:14 2009 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9CACA28C17F for ; Mon, 5 Oct 2009 20:15:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.559 X-Spam-Level: X-Spam-Status: No, score=-2.559 tagged_above=-999 required=5 tests=[AWL=0.040, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6sB8dBkQ0-3o for ; Mon, 5 Oct 2009 20:15:14 -0700 (PDT) Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id BC2303A63C9 for ; Mon, 5 Oct 2009 20:15:13 -0700 (PDT) Received: from [192.168.1.131] (c-98-234-104-156.hsd1.ca.comcast.net [98.234.104.156]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n963GlqS055745 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 6 Oct 2009 03:16:47 GMT (envelope-from joelja@bogus.com) Message-ID: <4ACAB69F.6090408@bogus.com> Date: Mon, 05 Oct 2009 20:16:47 -0700 From: joel jaeggli User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: opsec@ietf.org Content-Type: multipart/mixed; boundary="------------050105000602080307080102" X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.2 (nagasaki.bogus.com [147.28.0.81]); Tue, 06 Oct 2009 03:16:47 +0000 (UTC) Subject: [OPSEC] FYI [Fwd: OPSEC - Requested session has been scheduled for IETF 76] X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2009 03:15:14 -0000 This is a multi-part message in MIME format. --------------050105000602080307080102 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit --------------050105000602080307080102 Content-Type: message/rfc822; name="OPSEC - Requested session has been scheduled for IETF 76.eml" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename*0="OPSEC - Requested session has been scheduled for IETF 76.eml" Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on nagasaki.bogus.com X-Spam-Level: X-Spam-Status: No, score=-0.5 required=4.0 tests=AWL,NO_RELAYS autolearn=disabled version=3.2.5 Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n961UDP5050000 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 6 Oct 2009 01:30:13 GMT (envelope-from wwwrun@core3.amsl.com) Received: from [2001:1890:1112:1::20] (helo=mail.ietf.org) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1MuysK-0009cD-PR for joelja@bogus.com; Tue, 06 Oct 2009 01:30:08 +0000 Received: by core3.amsl.com (Postfix, from userid 30) id 0C9E928C1D0; Mon, 5 Oct 2009 18:28:22 -0700 (PDT) From: IETF Secretariat To: joelja@bogus.com Cc: jabley@ca.afilias.info, dromasca@avaya.com, rbonica@juniper.net, session-request@ietf.org Subject: OPSEC - Requested session has been scheduled for IETF 76 Content-Type: text/plain; charset="utf-8" Mime-Version: 1.0 Message-Id: <20091006012823.0C9E928C1D0@core3.amsl.com> Date: Mon, 5 Oct 2009 18:28:23 -0700 (PDT) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (nagasaki.bogus.com [IPv6:2001:418:1::81]); Tue, 06 Oct 2009 01:30:13 +0000 (UTC) Dear Joel Jaeggli, The sessions that you have requested have been scheduled. Below is the scheduled session information followed by the information of sessions that you have requested. OPSEC Session 1 (1.5 hours) Tuesday, Afternoon Session II 1520-1700 Room Name: Camellia ---------------------------------------------- Requested Information: --------------------------------------------------------- Working Group Name: opsec Area Name: Operations and Management Area Session Requester: Joel Jaeggli Number of Sessions: 1 Length of Session(s): 1.5 hours Number of Attendees: 20 Conflicts to Avoid: First Priority: opsarea Second Priority: opsawg Third Priority: saag Special Requests: --------------------------------------------------------- --------------050105000602080307080102-- From fernando.gont.netbook.win@gmail.com Tue Oct 13 12:06:01 2009 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9A28F28C208 for ; Tue, 13 Oct 2009 12:06:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JctmeDmIbTXo for ; Tue, 13 Oct 2009 12:06:00 -0700 (PDT) Received: from mail-ew0-f163.google.com (mail-ew0-f163.google.com [209.85.219.163]) by core3.amsl.com (Postfix) with ESMTP id 9B5D528C1BC for ; Tue, 13 Oct 2009 12:06:00 -0700 (PDT) Received: by ewy7 with SMTP id 7so127014ewy.13 for ; Tue, 13 Oct 2009 12:05:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=dYz6WRyEvLPzAR6GOjKPQjFs2Q4K0CxplIJCBDjT9RY=; b=ahIBbu91bIUE608WAxYWnZLGm//9wujQlHHGuqz9m0Cg6QWo2HT9y9mbLb6Y1cXX+v N3hRWHiEYI/apXxE1uNlmhpW5XKZx5tuu7EA+EvC/NVlrr6duyc+vU/GpL2MvjmHBI46 cxBFasgbPs+W2+dQbuuqOwutBdptNJNmuoeWM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=W5LPAg6l5ofJgt3IGTAOH4y2nGQWPOL9dijlAohxCvCBijlFhTZcRD/6vyHbEkzbf0 P0XJr5xtGffSAI9SNFfVmhq9gxk5qz7kLLDuq9v6s2MFFQdlEo18GeuXWj9Pnt2d890D Pe3DbyD3KSWqtl0/wGsqcQphbjiRwJ18V/zKk= Received: by 10.216.86.139 with SMTP id w11mr2559832wee.10.1255460759631; Tue, 13 Oct 2009 12:05:59 -0700 (PDT) Received: from ?192.168.0.151? (129-130-17-190.fibertel.com.ar [190.17.130.129]) by mx.google.com with ESMTPS id i35sm3477690gve.28.2009.10.13.12.05.53 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 13 Oct 2009 12:05:57 -0700 (PDT) Sender: Fernando Gont Message-ID: <4AD4CF92.1060600@gont.com.ar> Date: Tue, 13 Oct 2009 16:05:54 -0300 From: Fernando Gont User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Joel Jaeggli References: <4A9EE292.5070904@bogus.com> <4ABB9BF2.1080105@bogus.com> In-Reply-To: <4ABB9BF2.1080105@bogus.com> X-Enigmail-Version: 0.95.7 OpenPGP: id=D076FFF1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "'opsec@ietf.org'" Subject: Re: [OPSEC] UPdate, cutoff dates for IETF76... X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Oct 2009 19:06:01 -0000 Hello, Joel, I may have sent a request already. Nevertheless: I'd like slots for: * ICMP filtering I-D (wg item) * IP security I-D (wg item) Could you confirm that these slots have been assigned? Thanks! Kind regards, Fernando Joel Jaeggli wrote: > Just an update: > > We have a request for a timeslot so we're scheduling a meeting. > > Fernando has requested agenda time. > > Next milestones in the march to ietf 75 are: > > Initial document cutoff 10/19 > > Updated document cutoff 10/26 > > meeting is 11/8 - 11/13 > > so 44 days away at this point. > _______________________________________________ >> OPSEC mailing list >> OPSEC@ietf.org >> https://www.ietf.org/mailman/listinfo/opsec >> > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From joelja@bogus.com Tue Oct 13 22:04:37 2009 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DB4873A685D for ; Tue, 13 Oct 2009 22:04:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mS+nlJrxO05p for ; Tue, 13 Oct 2009 22:04:37 -0700 (PDT) Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id DF8DF3A684F for ; Tue, 13 Oct 2009 22:04:36 -0700 (PDT) Received: from [192.168.1.151] (c-98-234-104-156.hsd1.ca.comcast.net [98.234.104.156]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n9E54T1w084365 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 14 Oct 2009 05:04:30 GMT (envelope-from joelja@bogus.com) Message-ID: <4AD55BDC.2080705@bogus.com> Date: Tue, 13 Oct 2009 22:04:28 -0700 From: Joel Jaeggli User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: Fernando Gont References: <4A9EE292.5070904@bogus.com> <4ABB9BF2.1080105@bogus.com> <4AD4CF92.1060600@gont.com.ar> In-Reply-To: <4AD4CF92.1060600@gont.com.ar> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.2 (nagasaki.bogus.com [147.28.0.81]); Wed, 14 Oct 2009 05:04:31 +0000 (UTC) Cc: "'opsec@ietf.org'" Subject: Re: [OPSEC] UPdate, cutoff dates for IETF76... X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Oct 2009 05:04:38 -0000 yes I'm aware of them and they're in queue Fernando Gont wrote: > Hello, Joel, > > I may have sent a request already. Nevertheless: > > I'd like slots for: > > * ICMP filtering I-D (wg item) > * IP security I-D (wg item) > > Could you confirm that these slots have been assigned? > > Thanks! > > Kind regards, > Fernando > > > > > Joel Jaeggli wrote: >> Just an update: >> >> We have a request for a timeslot so we're scheduling a meeting. >> >> Fernando has requested agenda time. >> >> Next milestones in the march to ietf 75 are: >> >> Initial document cutoff 10/19 >> >> Updated document cutoff 10/26 >> >> meeting is 11/8 - 11/13 >> >> so 44 days away at this point. >> _______________________________________________ >>> OPSEC mailing list >>> OPSEC@ietf.org >>> https://www.ietf.org/mailman/listinfo/opsec >>> >> _______________________________________________ >> OPSEC mailing list >> OPSEC@ietf.org >> https://www.ietf.org/mailman/listinfo/opsec >> > From joelja@bogus.com Sat Oct 17 20:45:03 2009 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 06D803A6774 for ; Sat, 17 Oct 2009 20:45:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DsmA2to4sdiZ for ; Sat, 17 Oct 2009 20:45:02 -0700 (PDT) Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id 22DF63A6807 for ; Sat, 17 Oct 2009 20:45:01 -0700 (PDT) Received: from [192.168.1.151] (c-98-234-104-156.hsd1.ca.comcast.net [98.234.104.156]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n9I3ivC2091066 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 18 Oct 2009 03:45:00 GMT (envelope-from joelja@bogus.com) Message-ID: <4ADA8F39.90306@bogus.com> Date: Sat, 17 Oct 2009 20:44:57 -0700 From: Joel Jaeggli User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: "'opsec@ietf.org'" , Joe Abley References: <4A9EE292.5070904@bogus.com> In-Reply-To: <4A9EE292.5070904@bogus.com> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.2 (nagasaki.bogus.com [147.28.0.81]); Sun, 18 Oct 2009 03:45:01 +0000 (UTC) Subject: [OPSEC] Update and cutoff dates for IETF76... X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Oct 2009 03:45:03 -0000 Initial document cutoff is monday 10/19 and the Updated document cutoff is the following monday 10/26. I expect that we'll have at least 4 revved docuements to discuss during our slot. but obviously that means we need to clear the hurdle meeting is 11/8 - 11/13 Thanks Joel _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec From joelja@bogus.com Sun Oct 25 21:08:45 2009 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D5BF53A68DB for ; Sun, 25 Oct 2009 21:08:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mzVKeS8xktHh for ; Sun, 25 Oct 2009 21:08:45 -0700 (PDT) Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id C324C3A6891 for ; Sun, 25 Oct 2009 21:08:44 -0700 (PDT) Received: from [192.168.1.151] (c-98-234-104-156.hsd1.ca.comcast.net [98.234.104.156]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n9Q48r0u041291 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 26 Oct 2009 04:08:55 GMT (envelope-from joelja@bogus.com) Message-ID: <4AE520D4.20102@bogus.com> Date: Sun, 25 Oct 2009 21:08:52 -0700 From: Joel Jaeggli User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: "'opsec@ietf.org'" X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.2 (nagasaki.bogus.com [147.28.0.81]); Mon, 26 Oct 2009 04:08:56 +0000 (UTC) Subject: [OPSEC] culled from nanog 47 circumstances where stateful inspection is considered harmful... X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2009 04:08:45 -0000 Roland Dobbins presentation from the nanog 47 caught my attention... http://www.nanog.org/meetings/nanog47/presentations/Monday/Dobbins_ISPSecTrac_N47_Mond.pdf Notably: "Organizations with firewalls and IDS/’IPS’ inline in front of their servers went down quickly and stayed down. Same for load-balancers." Obviously we have a long suspicion of elements of user generated state with the potential to blow up the forwarding plane (MSDP explosions for example). Stateful packet inspection however is cooked into a lot of both network security devices and standards (e.g. pci compliance). I wonder: if some of the efforts associated with stateful inspection requirements in this space: are working at cross-purposes preclude cost-effective network scaling beyond a certain level joel From joelja@bogus.com Sun Oct 25 21:12:15 2009 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B9E0D3A6876 for ; Sun, 25 Oct 2009 21:12:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7CH2Py+nTRyW for ; Sun, 25 Oct 2009 21:12:15 -0700 (PDT) Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id BCAEE3A6811 for ; Sun, 25 Oct 2009 21:12:14 -0700 (PDT) Received: from [192.168.1.151] (c-98-234-104-156.hsd1.ca.comcast.net [98.234.104.156]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n9Q4COOH041576 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 26 Oct 2009 04:12:26 GMT (envelope-from joelja@bogus.com) Message-ID: <4AE521A8.4020001@bogus.com> Date: Sun, 25 Oct 2009 21:12:24 -0700 From: Joel Jaeggli User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: "'opsec@ietf.org'" X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.2 (nagasaki.bogus.com [147.28.0.81]); Mon, 26 Oct 2009 04:12:26 +0000 (UTC) Subject: [OPSEC] Monday 10/26 draft revision submission deadline... X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2009 04:12:15 -0000 For IETF 76 is tomorrow. joel From root@core3.amsl.com Mon Oct 26 10:15:01 2009 Return-Path: X-Original-To: opsec@ietf.org Delivered-To: opsec@core3.amsl.com Received: by core3.amsl.com (Postfix, from userid 0) id C429C28C0E1; Mon, 26 Oct 2009 10:15:01 -0700 (PDT) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20091026171501.C429C28C0E1@core3.amsl.com> Date: Mon, 26 Oct 2009 10:15:01 -0700 (PDT) Cc: opsec@ietf.org Subject: [OPSEC] I-D Action:draft-ietf-opsec-icmp-filtering-01.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2009 17:15:01 -0000 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure Working Group of the IETF. Title : Recommendations for filtering ICMP messages Author(s) : F. Gont, G. Gont Filename : draft-ietf-opsec-icmp-filtering-01.txt Pages : 44 Date : 2009-10-26 This document document provides advice on the filtering of ICMPv4 and ICMPv6 messages. Additionaly, it discusses the operational and interoperability implications of such filtering. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-opsec-icmp-filtering-01.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-opsec-icmp-filtering-01.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2009-10-26100837.I-D@ietf.org> --NextPart-- From shore@arsc.edu Mon Oct 26 10:27:43 2009 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2744A3A686C for ; Mon, 26 Oct 2009 10:27:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lcUhzifMyNWs for ; Mon, 26 Oct 2009 10:27:42 -0700 (PDT) Received: from arsc.edu (mail1.arsc.edu [IPv6:2001:480:150:75::229]) by core3.amsl.com (Postfix) with ESMTP id B8BA33A67D7 for ; Mon, 26 Oct 2009 10:27:41 -0700 (PDT) Received: from viking-e0.arsc.edu (viking-e0.arsc.edu [IPv6:2001:480:150:860:223:32ff:feda:4a52]) by arsc.edu (20090828.ARSC) with ESMTP id n9QHRfG5011928; Mon, 26 Oct 2009 09:27:41 -0800 (AKDT) Message-Id: From: Melinda Shore To: Joel Jaeggli In-Reply-To: <4AE520D4.20102@bogus.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v936) Date: Mon, 26 Oct 2009 09:27:41 -0800 References: <4AE520D4.20102@bogus.com> X-Mailer: Apple Mail (2.936) X-Bayes-Prob: 0.0001 (Score 0, tokens from: @@RPTN) X-CanIt-Geo: No geolocation information available for 2001:480:150:860:223:32ff:feda:4a52 X-CanItPRO-Stream: default X-Canit-Stats-ID: 3398189 - 5f585bd210e3 X-Antispam-Training-Forget: https://canit.arsc.edu:8787/b.php?i=3398189&m=5f585bd210e3&c=f X-Antispam-Training-Nonspam: https://canit.arsc.edu:8787/b.php?i=3398189&m=5f585bd210e3&c=n X-Antispam-Training-Spam: https://canit.arsc.edu:8787/b.php?i=3398189&m=5f585bd210e3&c=s X-Scanned-By: CanIt (www . roaringpenguin . com) on IPv6:2001:480:150:75::167 Cc: "'opsec@ietf.org'" Subject: Re: [OPSEC] culled from nanog 47 circumstances where stateful inspection is considered harmful... X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2009 17:27:43 -0000 On Oct 25, 2009, at 8:08 PM, Joel Jaeggli wrote: > I wonder: > if some of the efforts associated with stateful inspection > requirements > in this space: > are working at cross-purposes > preclude cost-effective network scaling beyond a certain level I can't really speak to your second item but I think that there's no question that the first is true. It's been clear for some time that where crypto interferes with inspection operators/enterprises will turn off the crypto rather than get rid of (or modify) the firewall or NAT. Melinda From joelja@bogus.com Wed Oct 28 18:20:08 2009 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D78083A6861 for ; Wed, 28 Oct 2009 18:20:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.577 X-Spam-Level: X-Spam-Status: No, score=-2.577 tagged_above=-999 required=5 tests=[AWL=-0.022, BAYES_00=-2.599, DATE_IN_PAST_03_06=0.044] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 52t3RI2S+gET for ; Wed, 28 Oct 2009 18:20:08 -0700 (PDT) Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id DB08F3A6359 for ; Wed, 28 Oct 2009 18:20:07 -0700 (PDT) Received: from [192.168.1.151] (c-98-234-104-156.hsd1.ca.comcast.net [98.234.104.156]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n9T1KI8M072572 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 29 Oct 2009 01:20:19 GMT (envelope-from joelja@bogus.com) Message-ID: <4AE8A86C.7020102@bogus.com> Date: Wed, 28 Oct 2009 13:24:12 -0700 From: Joel Jaeggli User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: "'opsec@ietf.org'" , Joe Abley X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.2 (nagasaki.bogus.com [147.28.0.81]); Thu, 29 Oct 2009 01:20:19 +0000 (UTC) Subject: [OPSEC] Preliminary Agenda X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Oct 2009 01:20:08 -0000 This is what I'm submitting for a preliminary agenda. 1. WG status - WG Chair 2. Nanog ISP security BOF report - WG Chair 3. Revised, draft-ietf-opsec-ip-security - Fernando Gont 4. Revised, draft-ietf-opsec-icmp-filtering - Fernando Gont 5. Revised, draft-ietf-opsec-routing-protocols-crypto-issues - TBD 6. Others? additions corrections or subtractions accepted for the final one.