From wwwrun@rfc-editor.org Wed Feb 2 20:00:47 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C462D3A67CC; Wed, 2 Feb 2011 20:00:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.306 X-Spam-Level: X-Spam-Status: No, score=-102.306 tagged_above=-999 required=5 tests=[AWL=0.294, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BDitSDjPV52x; Wed, 2 Feb 2011 20:00:46 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:1112:1::2f]) by core3.amsl.com (Postfix) with ESMTP id 3E0BB3A6778; Wed, 2 Feb 2011 20:00:44 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id D031EE0746; Wed, 2 Feb 2011 20:04:05 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20110203040405.D031EE0746@rfc-editor.org> Date: Wed, 2 Feb 2011 20:04:05 -0800 (PST) Cc: opsec@ietf.org, rfc-editor@rfc-editor.org Subject: [OPSEC] RFC 6094 on Summary of Cryptographic Authentication Algorithm Implementation Requirements for Routing Protocols X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2011 04:00:47 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6094 Title: Summary of Cryptographic Authentication Algorithm Implementation Requirements for Routing Protocols Author: M. Bhatia, V. Manral Status: Informational Stream: IETF Date: February 2011 Mailbox: manav.bhatia@alcatel-lucent.com, vishwas@ipinfusion.com Pages: 11 Characters: 24583 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-opsec-igp-crypto-requirements-04.txt URL: http://www.rfc-editor.org/rfc/rfc6094.txt The routing protocols Open Shortest Path First version 2 (OSPFv2), Intermediate System to Intermediate System (IS-IS), and Routing Information Protocol (RIP) currently define cleartext and MD5 (Message Digest 5) methods for authenticating protocol packets. Recently, effort has been made to add support for the SHA (Secure Hash Algorithm) family of hash functions for the purpose of authenticating routing protocol packets for RIP, IS-IS, and OSPF. To encourage interoperability between disparate implementations, it is imperative that we specify the expected minimal set of algorithms, thereby ensuring that there is at least one algorithm that all implementations will have in common. Similarly, RIP for IPv6 (RIPng) and OSPFv3 support IPsec algorithms for authenticating their protocol packets. This document examines the current set of available algorithms, with interoperability and effective cryptographic authentication protection being the principal considerations. Cryptographic authentication of these routing protocols requires the availability of the same algorithms in disparate implementations. It is desirable that newly specified algorithms should be implemented and available in routing protocol implementations because they may be promoted to requirements at some future time. This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Operational Security Capabilities for IP Network Infrastructure Working Group of the IETF. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From leo.vegoda@icann.org Thu Feb 3 06:36:48 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A65F93A6998; Thu, 3 Feb 2011 06:36:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fp6xA5XSRWNY; Thu, 3 Feb 2011 06:36:48 -0800 (PST) Received: from EXPFE100-1.exc.icann.org (expfe100-1.exc.icann.org [64.78.22.236]) by core3.amsl.com (Postfix) with ESMTP id 015843A698A; Thu, 3 Feb 2011 06:36:48 -0800 (PST) Received: from EXVPMBX100-1.exc.icann.org ([64.78.22.232]) by EXPFE100-1.exc.icann.org ([64.78.22.236]) with mapi; Thu, 3 Feb 2011 06:40:10 -0800 From: Leo Vegoda To: "opsec@ietf.org" , "grow@ietf.org" Date: Thu, 3 Feb 2011 06:40:09 -0800 Thread-Topic: New I-D: draft-vegoda-no-more-unallocated-slash8s-00 Thread-Index: AcvDsEIaWLMorHWTS36p6ocknO0z2g== Message-ID: <875C38A7-87AB-44E5-9507-8C37ED2905A6@icann.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [OPSEC] New I-D: draft-vegoda-no-more-unallocated-slash8s-00 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2011 14:36:48 -0000 Hi, I have just uploaded draft-vegoda-no-more-unallocated-slash8s-00 to the I-D= repository and have been advised to mention it on OPSEC and GROW, so that = it can be well reviewed. This document advises network operators to remove filters for any unicast /= 8s they previously filtered on the basis of being unallocated. The IANA IPv= 4 Address Space Registry is now fully allocated and so the practice of filt= ering IPv4 address space based on its registration status is no longer advi= sable. Your thoughts and comments are welcome. Kind regards, Leo Vegoda= From aservin@lacnic.net Mon Feb 7 05:41:03 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E7EAB3A6E14; Mon, 7 Feb 2011 05:41:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.741 X-Spam-Level: X-Spam-Status: No, score=-0.741 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, NO_RELAYS=-0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id duPtGfp8Qtj5; Mon, 7 Feb 2011 05:41:03 -0800 (PST) Received: from mail.lacnic.net.uy (mail.lacnic.net.uy [IPv6:2001:13c7:7001:4000::3]) by core3.amsl.com (Postfix) with ESMTP id AC06F3A6E0A; Mon, 7 Feb 2011 05:41:02 -0800 (PST) Received: from [IPv6:2001:13c7:7001:5128:225:ff:fe4b:94a8] (unknown [IPv6:2001:13c7:7001:5128:225:ff:fe4b:94a8]) by mail.lacnic.net.uy (Postfix) with ESMTP id 6E14230848D; Mon, 7 Feb 2011 11:40:48 -0200 (UYST) Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: Arturo Servin In-Reply-To: <875C38A7-87AB-44E5-9507-8C37ED2905A6@icann.org> Date: Mon, 7 Feb 2011 11:40:47 -0200 Content-Transfer-Encoding: quoted-printable Message-Id: <8EC2023C-3C3F-4E26-9308-8AB4AEBBBC05@lacnic.net> References: <875C38A7-87AB-44E5-9507-8C37ED2905A6@icann.org> To: Leo Vegoda X-Mailer: Apple Mail (2.1082) X-LACNIC.uy-MailScanner-Information: Please contact the ISP for more information X-LACNIC.uy-MailScanner: Found to be clean X-LACNIC.uy-MailScanner-SpamCheck: X-LACNIC.uy-MailScanner-From: aservin@lacnic.net Cc: "opsec@ietf.org" , "grow@ietf.org" Subject: Re: [OPSEC] New I-D: draft-vegoda-no-more-unallocated-slash8s-00 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2011 13:41:04 -0000 Leo, I reviewed your draft and I have no comments. I support your = draft and I think it is important to raise awareness regarding filtering = and how this is evolving as result of the last IANA allocations to RIRs. Regards, .as On 3 Feb 2011, at 12:40, Leo Vegoda wrote: > Hi, >=20 > I have just uploaded draft-vegoda-no-more-unallocated-slash8s-00 to = the I-D repository and have been advised to mention it on OPSEC and = GROW, so that it can be well reviewed. >=20 > This document advises network operators to remove filters for any = unicast /8s they previously filtered on the basis of being unallocated. = The IANA IPv4 Address Space Registry is now fully allocated and so the = practice of filtering IPv4 address space based on its registration = status is no longer advisable. >=20 > Your thoughts and comments are welcome. >=20 > Kind regards, >=20 > Leo Vegoda > _______________________________________________ > GROW mailing list > GROW@ietf.org > https://www.ietf.org/mailman/listinfo/grow From cpignata@cisco.com Mon Feb 7 07:01:40 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 067033A6936; Mon, 7 Feb 2011 07:01:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.599 X-Spam-Level: X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5-d0phd1ETzg; Mon, 7 Feb 2011 07:01:39 -0800 (PST) Received: from av-tac-rtp.cisco.com (hen.cisco.com [64.102.19.198]) by core3.amsl.com (Postfix) with ESMTP id 1971A3A6D03; Mon, 7 Feb 2011 07:01:39 -0800 (PST) X-TACSUNS: Virus Scanned Received: from rooster.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id p17EwxDp029863; Mon, 7 Feb 2011 09:58:59 -0500 (EST) Received: from [10.116.85.237] (rtp-cpignata-87112.cisco.com [10.116.85.237]) by rooster.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id p17EwxgU010973; Mon, 7 Feb 2011 09:58:59 -0500 (EST) Message-ID: <4D5008B1.8070901@cisco.com> Date: Mon, 07 Feb 2011 09:58:57 -0500 From: Carlos Pignataro Organization: cisco Systems, Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.24) Gecko/20100228 Thunderbird/2.0.0.24 Mnenhy/0.7.6.0 MIME-Version: 1.0 To: Leo Vegoda References: <875C38A7-87AB-44E5-9507-8C37ED2905A6@icann.org> In-Reply-To: <875C38A7-87AB-44E5-9507-8C37ED2905A6@icann.org> X-Enigmail-Version: 1.1.1 X-Face: *3w8NvnQ|kS~V{&{U}$?G9U9EJQ8p9)O[1[1F'1i>XIc$5FR!hdAIf5}'Xu-3`^Z']h0J* ccB'fl/XJYR[+,Z+jj`4%06nd'y9[ln&ScJT5S+O18e^ Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: "opsec@ietf.org" , "grow@ietf.org" Subject: Re: [OPSEC] New I-D: draft-vegoda-no-more-unallocated-slash8s-00 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2011 15:01:40 -0000 Hi Leo, I support this document and think it's important and very well written. I do have some overall comments and a couple of editorial suggestions: At a high level, the document is arguing that with no more IANA unallocated /8s, then existing corresponding filters should be removed, and then lists special purpose prefixes that should not be router in the Internet. I think that the document could benefit from making a stricter classification of "bogons" from the Intro onwards, into "unallocated" and "martian"; then, "martian filters" do not change, but "unallocated" do (as continuously do, but now there is a notable milestone). These unallocated prefix filers now need to be larger than /8, but there is still value in filtering RIRs unallocated. So there is a choice of whether no longer filter based on address allocation status at all, or do it with finer granularity, with pros and cons. I think that the document should contain the final state (martians only) but list pros and cons of the transition (filter or not RIR unallocated prefixes). I do not want to suggest overcomplicating the document, as its simplicity is a plus, though. On the more editorial side, I think that perhaps slightly more emphasis on the fact that this is filtering on the "source" (even on the title) can prevent potential confusions. Similarly, a note of caution as to the application of filters (as some of the blocks can "appear", but not be Internet-routed. My 2¢. Thanks ! -- Carlos. On 2/3/2011 9:40 AM, Leo Vegoda wrote: > Hi, > > I have just uploaded draft-vegoda-no-more-unallocated-slash8s-00 to the I-D repository and have been advised to mention it on OPSEC and GROW, so that it can be well reviewed. > > This document advises network operators to remove filters for any unicast /8s they previously filtered on the basis of being unallocated. The IANA IPv4 Address Space Registry is now fully allocated and so the practice of filtering IPv4 address space based on its registration status is no longer advisable. > > Your thoughts and comments are welcome. > > Kind regards, > > Leo Vegoda > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > From clonvick@cisco.com Mon Feb 7 07:12:47 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE4CC3A68C6 for ; Mon, 7 Feb 2011 07:12:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.599 X-Spam-Level: X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qe6yumT8zPdv for ; Mon, 7 Feb 2011 07:12:47 -0800 (PST) Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id 2BE763A6D6B for ; Mon, 7 Feb 2011 07:12:47 -0800 (PST) Authentication-Results: sj-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnEGAAubT02rRN+J/2dsb2JhbACXEQEBjh9znymaaYVaBIR6 Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-2.cisco.com with ESMTP; 07 Feb 2011 15:12:51 +0000 Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-3.cisco.com (8.13.8/8.14.3) with ESMTP id p17FCpRl007478 for ; Mon, 7 Feb 2011 15:12:51 GMT Date: Mon, 7 Feb 2011 07:12:51 -0800 (PST) From: Chris Lonvick To: opsec@ietf.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: [OPSEC] New Version Notification for draft-ietf-opsec-efforts-14 (fwd) X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2011 15:12:47 -0000 Hi Folks, I'm getting back to validating the contents of this ID. I'm going to be doing it by checking and revising each of sections 3, 4, and 5 on a rolling basis. I've just revised section 3. Section 4 coming up next. If anyone does have additions, please let me know. Thanks, Chris ---------- Forwarded message ---------- Date: Mon, 7 Feb 2011 07:09:11 -0800 (PST) From: IETF I-D Submission Tool To: clonvick@cisco.com Cc: dspak@cisco.com Subject: New Version Notification for draft-ietf-opsec-efforts-14 A new version of I-D, draft-ietf-opsec-efforts-14.txt has been successfully submitted by Chris Lonvick and posted to the IETF repository. Filename: draft-ietf-opsec-efforts Revision: 14 Title: Security Best Practices Efforts and Documents Creation_date: 2011-02-07 WG ID: opsec Number_of_pages: 37 Abstract: This document provides a snapshot of the current efforts to define or apply security requirements in various Standards Developing Organizations (SDO). The IETF Secretariat. From Internet-Drafts@ietf.org Mon Feb 7 07:15:02 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 678263A6E07; Mon, 7 Feb 2011 07:15:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.356 X-Spam-Level: X-Spam-Status: No, score=-102.356 tagged_above=-999 required=5 tests=[AWL=0.243, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rASUvVW4j-wt; Mon, 7 Feb 2011 07:15:01 -0800 (PST) Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ABC783A6E06; Mon, 7 Feb 2011 07:15:01 -0800 (PST) MIME-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 3.12 Message-ID: <20110207151501.1133.87778.idtracker@localhost> Date: Mon, 07 Feb 2011 07:15:01 -0800 Cc: opsec@ietf.org Subject: [OPSEC] I-D Action:draft-ietf-opsec-efforts-14.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2011 15:15:02 -0000 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure Working Group of the IETF. Title : Security Best Practices Efforts and Documents Author(s) : C. Lonvick, D. Spak Filename : draft-ietf-opsec-efforts-14.txt Pages : 37 Date : 2011-02-07 This document provides a snapshot of the current efforts to define or apply security requirements in various Standards Developing Organizations (SDO). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-opsec-efforts-14.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-opsec-efforts-14.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2011-02-07070911.I-D@ietf.org> --NextPart-- From rbonica@juniper.net Mon Feb 7 08:20:25 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3A9A63A6D83; Mon, 7 Feb 2011 08:20:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TmHONirdhMwL; Mon, 7 Feb 2011 08:20:24 -0800 (PST) Received: from exprod7og116.obsmtp.com (exprod7og116.obsmtp.com [64.18.2.219]) by core3.amsl.com (Postfix) with ESMTP id 281243A6959; Mon, 7 Feb 2011 08:20:03 -0800 (PST) Received: from source ([66.129.224.36]) (using TLSv1) by exprod7ob116.postini.com ([64.18.6.12]) with SMTP ID DSNKTVAbtyzrNbDoL07FsVSp6jrYzEp6e9Io@postini.com; Mon, 07 Feb 2011 08:20:28 PST Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by P-EMHUB02-HQ.jnpr.net (172.24.192.36) with Microsoft SMTP Server (TLS) id 8.2.254.0; Mon, 7 Feb 2011 08:18:56 -0800 Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Mon, 7 Feb 2011 11:19:03 -0500 From: Ronald Bonica To: Leo Vegoda , "opsec@ietf.org" , "grow@ietf.org" Date: Mon, 7 Feb 2011 11:19:01 -0500 Thread-Topic: New I-D: draft-vegoda-no-more-unallocated-slash8s-00 Thread-Index: AcvDsEIaWLMorHWTS36p6ocknO0z2gDMmlgQ Message-ID: <13205C286662DE4387D9AF3AC30EF456B189D38053@EMBX01-WF.jnpr.net> References: <875C38A7-87AB-44E5-9507-8C37ED2905A6@icann.org> In-Reply-To: <875C38A7-87AB-44E5-9507-8C37ED2905A6@icann.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [OPSEC] New I-D: draft-vegoda-no-more-unallocated-slash8s-00 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2011 16:20:25 -0000 Leo, Which WG would you like to own this draft? Ron > -----Original Message----- > From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf > Of Leo Vegoda > Sent: Thursday, February 03, 2011 9:40 AM > To: opsec@ietf.org; grow@ietf.org > Subject: [OPSEC] New I-D: draft-vegoda-no-more-unallocated-slash8s-00 >=20 > Hi, >=20 > I have just uploaded draft-vegoda-no-more-unallocated-slash8s-00 to the > I-D repository and have been advised to mention it on OPSEC and GROW, > so that it can be well reviewed. >=20 > This document advises network operators to remove filters for any > unicast /8s they previously filtered on the basis of being unallocated. > The IANA IPv4 Address Space Registry is now fully allocated and so the > practice of filtering IPv4 address space based on its registration > status is no longer advisable. >=20 > Your thoughts and comments are welcome. >=20 > Kind regards, >=20 > Leo Vegoda > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec From leo.vegoda@icann.org Tue Feb 8 10:50:44 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 80C9B3A67D6; Tue, 8 Feb 2011 10:50:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Scbwm5GZoK8E; Tue, 8 Feb 2011 10:50:43 -0800 (PST) Received: from EXPFE100-2.exc.icann.org (expfe100-2.exc.icann.org [64.78.22.237]) by core3.amsl.com (Postfix) with ESMTP id 168C63A681C; Tue, 8 Feb 2011 10:50:43 -0800 (PST) Received: from EXVPMBX100-1.exc.icann.org ([64.78.22.232]) by EXPFE100-2.exc.icann.org ([64.78.22.237]) with mapi; Tue, 8 Feb 2011 10:50:50 -0800 From: Leo Vegoda To: Carlos Pignataro Date: Tue, 8 Feb 2011 10:50:49 -0800 Thread-Topic: [OPSEC] New I-D: draft-vegoda-no-more-unallocated-slash8s-00 Thread-Index: AcvHwRqZq4e+iOJ6TYWkw/joEdO96A== Message-ID: <21DA149D-61C7-4822-A4CA-9D0CB6ED1F7B@icann.org> References: <875C38A7-87AB-44E5-9507-8C37ED2905A6@icann.org> <4D5008B1.8070901@cisco.com> In-Reply-To: <4D5008B1.8070901@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "opsec@ietf.org" , "grow@ietf.org" Subject: Re: [OPSEC] New I-D: draft-vegoda-no-more-unallocated-slash8s-00 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2011 18:50:44 -0000 Hi Carlos, On 7 Feb 2011, at 6:58, Carlos Pignataro wrote: >=20 > I support this document and think it's important and very well written. > I do have some overall comments and a couple of editorial suggestions: Thank you. > At a high level, the document is arguing that with no more IANA > unallocated /8s, then existing corresponding filters should be removed, > and then lists special purpose prefixes that should not be router in the > Internet. I think that the document could benefit from making a stricter > classification of "bogons" from the Intro onwards, into "unallocated" > and "martian"; then, "martian filters" do not change, but "unallocated" > do (as continuously do, but now there is a notable milestone). These > unallocated prefix filers now need to be larger than /8, but there is > still value in filtering RIRs unallocated. So there is a choice of > whether no longer filter based on address allocation status at all, or > do it with finer granularity, with pros and cons. I think that the > document should contain the final state (martians only) but list pros > and cons of the transition (filter or not RIR unallocated prefixes). I > do not want to suggest overcomplicating the document, as its simplicity > is a plus, though. I would like to avoid the use of jargon words like "bogons" and "martians" = if possible as I expect the total number of people who know and use them is= small enough that their inclusion would make it a more difficult read for = many.=20 I would appreciate more operator feedback as regards the benefit of using s= trict filters based on the prefixes allocated by the RIRs. Looking at the l= atest RIPE NCC enhanced statistics file (http://albatross.ripe.net/delegate= d-extended/) there are about 250 IPv4 blocks to filter. Not all of these bl= ocks are bit aligned, so the number of prefixes to filter based on the RIPE= NCC alone is likely to be higher than that. And there are five RIRs. How m= any operators are going to be happy maintaining a list of something in the = order a thousand prefixes and updating it every day to avoid broken connect= ivity? > On the more editorial side, I think that perhaps slightly more emphasis > on the fact that this is filtering on the "source" (even on the title) > can prevent potential confusions. Thanks. I will add this. > Similarly, a note of caution as to the > application of filters (as some of the blocks can "appear", but not be > Internet-routed. If I understand you correctly, you'd like to see extra language clarifying = that these filters should only be applied at borders and not internally. Ri= ght? Many thanks, Leo From leo.vegoda@icann.org Tue Feb 8 10:52:22 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8E47B3A6839; Tue, 8 Feb 2011 10:52:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id itHdq8JVbYYW; Tue, 8 Feb 2011 10:52:22 -0800 (PST) Received: from EXPFE100-1.exc.icann.org (expfe100-1.exc.icann.org [64.78.22.236]) by core3.amsl.com (Postfix) with ESMTP id F41463A6824; Tue, 8 Feb 2011 10:52:21 -0800 (PST) Received: from EXVPMBX100-1.exc.icann.org ([64.78.22.232]) by EXPFE100-1.exc.icann.org ([64.78.22.236]) with mapi; Tue, 8 Feb 2011 10:52:29 -0800 From: Leo Vegoda To: Ronald Bonica Date: Tue, 8 Feb 2011 10:52:29 -0800 Thread-Topic: New I-D: draft-vegoda-no-more-unallocated-slash8s-00 Thread-Index: AcvHwVYdLfNf7zdcQuiEvYR+VKtvOA== Message-ID: References: <875C38A7-87AB-44E5-9507-8C37ED2905A6@icann.org> <13205C286662DE4387D9AF3AC30EF456B189D38053@EMBX01-WF.jnpr.net> In-Reply-To: <13205C286662DE4387D9AF3AC30EF456B189D38053@EMBX01-WF.jnpr.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "opsec@ietf.org" , "grow@ietf.org" Subject: Re: [OPSEC] New I-D: draft-vegoda-no-more-unallocated-slash8s-00 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2011 18:52:22 -0000 Hi Ron, On 7 Feb 2011, at 8:19, Ronald Bonica wrote: > Leo, >=20 > Which WG would you like to own this draft? GROW, if that's OK with everyone else. Thanks, Leo From warren@kumari.net Tue Feb 8 11:51:23 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 350E63A6826; Tue, 8 Feb 2011 11:51:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.299 X-Spam-Level: X-Spam-Status: No, score=-102.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mp518cq9O6YY; Tue, 8 Feb 2011 11:51:20 -0800 (PST) Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by core3.amsl.com (Postfix) with ESMTP id 66C133A67C3; Tue, 8 Feb 2011 11:51:20 -0800 (PST) Received: from dhcp-172-31-153-30.sfo.corp.google.com (unknown [72.14.229.84]) by vimes.kumari.net (Postfix) with ESMTPSA id 54DB61B40047; Tue, 8 Feb 2011 14:51:27 -0500 (EST) Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: Warren Kumari In-Reply-To: Date: Tue, 8 Feb 2011 14:51:26 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <875C38A7-87AB-44E5-9507-8C37ED2905A6@icann.org> <13205C286662DE4387D9AF3AC30EF456B189D38053@EMBX01-WF.jnpr.net> To: Leo Vegoda X-Mailer: Apple Mail (2.1081) Cc: "opsec@ietf.org" , Warren Kumari , "grow@ietf.org" Subject: Re: [OPSEC] [GROW] New I-D: draft-vegoda-no-more-unallocated-slash8s-00 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2011 19:51:23 -0000 On Feb 8, 2011, at 1:52 PM, Leo Vegoda wrote: > Hi Ron, >=20 > On 7 Feb 2011, at 8:19, Ronald Bonica wrote: >=20 >> Leo, >>=20 >> Which WG would you like to own this draft? >=20 > GROW, if that's OK with everyone else. >=20 Apologies for not responding earlier -- I read the doc and have been = ruminating on how we could fit in OpSec (it's well written and useful), = but unfortunately I think that GROW is the better place for it.... W > Thanks, >=20 > Leo > _______________________________________________ > GROW mailing list > GROW@ietf.org > https://www.ietf.org/mailman/listinfo/grow >=20 From cpignata@cisco.com Tue Feb 8 13:17:21 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 344263A686E; Tue, 8 Feb 2011 13:17:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.299 X-Spam-Level: X-Spam-Status: No, score=-110.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XGzPU-9Hn5aF; Tue, 8 Feb 2011 13:17:19 -0800 (PST) Received: from av-tac-rtp.cisco.com (hen.cisco.com [64.102.19.198]) by core3.amsl.com (Postfix) with ESMTP id CA4073A683A; Tue, 8 Feb 2011 13:17:19 -0800 (PST) X-TACSUNS: Virus Scanned Received: from rooster.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id p18LH6Ks018289; Tue, 8 Feb 2011 16:17:06 -0500 (EST) Received: from [64.102.157.92] (dhcp-64-102-157-92.cisco.com [64.102.157.92]) by rooster.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id p18LH6Ws008584; Tue, 8 Feb 2011 16:17:06 -0500 (EST) Message-ID: <4D51B2D1.1070805@cisco.com> Date: Tue, 08 Feb 2011 16:17:05 -0500 From: Carlos Pignataro Organization: cisco Systems, Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.24) Gecko/20100228 Thunderbird/2.0.0.24 Mnenhy/0.7.6.0 MIME-Version: 1.0 To: Leo Vegoda References: <875C38A7-87AB-44E5-9507-8C37ED2905A6@icann.org> <4D5008B1.8070901@cisco.com> <21DA149D-61C7-4822-A4CA-9D0CB6ED1F7B@icann.org> In-Reply-To: <21DA149D-61C7-4822-A4CA-9D0CB6ED1F7B@icann.org> X-Enigmail-Version: 1.1.1 X-Face: *3w8NvnQ|kS~V{&{U}$?G9U9EJQ8p9)O[1[1F'1i>XIc$5FR!hdAIf5}'Xu-3`^Z']h0J* ccB'fl/XJYR[+,Z+jj`4%06nd'y9[ln&ScJT5S+O18e^ Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "opsec@ietf.org" , "grow@ietf.org" Subject: Re: [OPSEC] New I-D: draft-vegoda-no-more-unallocated-slash8s-00 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2011 21:17:21 -0000 Hi Leo, Thanks for the quick reply. Please see inline. On 2/8/2011 1:50 PM, Leo Vegoda wrote: > Hi Carlos, > > On 7 Feb 2011, at 6:58, Carlos Pignataro wrote: >> >> I support this document and think it's important and very well written. >> I do have some overall comments and a couple of editorial suggestions: > > Thank you. > >> At a high level, the document is arguing that with no more IANA >> unallocated /8s, then existing corresponding filters should be removed, >> and then lists special purpose prefixes that should not be router in the >> Internet. I think that the document could benefit from making a stricter >> classification of "bogons" from the Intro onwards, into "unallocated" >> and "martian"; then, "martian filters" do not change, but "unallocated" >> do (as continuously do, but now there is a notable milestone). These >> unallocated prefix filers now need to be larger than /8, but there is >> still value in filtering RIRs unallocated. So there is a choice of >> whether no longer filter based on address allocation status at all, or >> do it with finer granularity, with pros and cons. I think that the >> document should contain the final state (martians only) but list pros >> and cons of the transition (filter or not RIR unallocated prefixes). I >> do not want to suggest overcomplicating the document, as its simplicity >> is a plus, though. > > I would like to avoid the use of jargon words like "bogons" and > "martians" if possible as I expect the total number of people who know > and use them is small enough that their inclusion would make it a more > difficult read for many. > I am not sure if those two terms fall under jargon, but my point was that the I-D describes filters for two types of addresses: unallocated, and martian, and the document would benefit from differentiating them. Perhaps there are proper descriptors or you can coin new words to define them. I meant to emphasize the fact that there are two different things, and not the use of these terms themselves. I'll note though that, although there are not many occurrences, these terms are defined in RFCs (and in my experience are well understood in the *NOC community, that the I-Dis targeting). http://tools.ietf.org/html/rfc3871 Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure Bogon. A "Bogon" (plural: "bogons") is a packet with an IP source address in an address block not yet allocated by IANA or the Regional Internet Registries (ARIN, RIPE, APNIC...) as well as all addresses reserved for private or special use by RFCs. See [RFC3330] and [RFC1918]. Martian. Per [RFC1208] "Martian: Humorous term applied to packets that turn up unexpectedly on the wrong network because of bogus routing entries. Also used as a name for a packet which has an altogether bogus (non-registered or ill-formed) Internet address." For the http://tools.ietf.org/html/rfc4778 Current Operational Security Practices in Internet Service Provider Environments o DoS Mitigation - Many DoS attacks are mitigated using a combination of techniques including: MD5 authentication, the GTSM feature, filtering routing advertisements to bogons, and filtering routing advertisements to one's own network. http://tools.ietf.org/html/rfc4948 Report from the IAB workshop on Unwanted Traffic March 9-10, 2006 Bogon A bogon is an IP packet that has a source address taken for a range of addresses that has not yet been allocated to legitimate users, or is a private [RFC1918] or reserved address [RFC3330]. Bogon prefix A bogon prefix is a route that should never appear in the Internet routing table, e.g., from the private or unallocated address blocks. #grep -i bogon rfc*txt | wc -l 19 #grep -i martian rfc*txt | wc -l 44 > I would appreciate more operator feedback as regards the benefit of > using strict filters based on the prefixes allocated by the RIRs. > Looking at the latest RIPE NCC enhanced statistics file > (http://albatross.ripe.net/delegated-extended/) there are about 250 IPv4 > blocks to filter. Not all of these blocks are bit aligned, so the number > of prefixes to filter based on the RIPE NCC alone is likely to be higher > than that. And there are five RIRs. How many operators are going to be > happy maintaining a list of something in the order a thousand prefixes > and updating it every day to avoid broken connectivity? > >> On the more editorial side, I think that perhaps slightly more emphasis >> on the fact that this is filtering on the "source" (even on the title) >> can prevent potential confusions. > > Thanks. I will add this. > >> Similarly, a note of caution as to the >> application of filters (as some of the blocks can "appear", but not be >> Internet-routed. > > If I understand you correctly, you'd like to see extra language > clarifying that these filters should only be applied at borders and not > internally. Right? > Sure. Thanks, -- Carlos. > Many thanks, > > Leo > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > From warren@kumari.net Tue Feb 8 17:06:14 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 309C23A68CD for ; Tue, 8 Feb 2011 17:06:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iNXDRZJdW3Qc for ; Tue, 8 Feb 2011 17:06:13 -0800 (PST) Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by core3.amsl.com (Postfix) with ESMTP id 7FF423A6836 for ; Tue, 8 Feb 2011 17:06:13 -0800 (PST) Received: from [10.67.11.82] (64.1.210.2.ptr.us.xo.net [64.1.210.2]) by vimes.kumari.net (Postfix) with ESMTPSA id E0A871B41297; Tue, 8 Feb 2011 20:06:20 -0500 (EST) From: Warren Kumari Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Tue, 8 Feb 2011 20:06:19 -0500 Message-Id: <1CB3A020-FF29-49E7-9975-2EC9562BDBF6@kumari.net> To: opsec@ietf.org Mime-Version: 1.0 (Apple Message framework v1081) X-Mailer: Apple Mail (2.1081) Cc: Warren Kumari Subject: [OPSEC] Meeting in Prague. X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2011 01:06:14 -0000 Hi there, Joe Abley and I are trying to determine if an OpSec meeting in Prague = makes sense. We would appreciate the Working Groups feedback -- are you planning on = attending Prague? Do you have anything that you would like to present or discuss? Both Joe and myself will be there, but we need to keep in mind that = meeting timeslots are a precious commodity... W From atif.siddiqui@hydroone.com Wed Feb 9 19:16:23 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A54D3A684B for ; Wed, 9 Feb 2011 19:16:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FIc0rieYZdyt for ; Wed, 9 Feb 2011 19:16:20 -0800 (PST) Received: from hydroone.com (mail2.hydroone.com [192.75.118.20]) by core3.amsl.com (Postfix) with ESMTP id 8AC3F3A6824 for ; Wed, 9 Feb 2011 19:16:20 -0800 (PST) Received: from ([142.10.2.118]) by mail2.hydroone.com with ESMTP id 18941L1.115347041; Wed, 09 Feb 2011 22:16:12 -0500 Received: from 1104MILPEV.corp.hydroone.com ([142.10.2.91]) by 1105MILPST.corp.hydroone.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 9 Feb 2011 22:16:28 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CBC8D0.E7D4AA7C" Date: Wed, 9 Feb 2011 22:16:27 -0500 Message-ID: <41BBAE5132ABA54BB2BA8716254F03D60313F293@1104MILPEV.corp.hydroone.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Re: [OPSEC] of possible interest to opsec Thread-Index: AcvI0KtYh80T3d3USFircbYAK5L38g== From: To: X-OriginalArrivalTime: 10 Feb 2011 03:16:28.0375 (UTC) FILETIME=[E8260670:01CBC8D0] X-TM-AS-Product-Ver: SMEX-10.0.0.1412-6.500.1024-17946.003 X-TM-AS-Result: No--16.196300-0.000000-31 X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No Subject: Re: [OPSEC] of possible interest to opsec X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2011 03:16:23 -0000 This is a multi-part message in MIME format. ------_=_NextPart_001_01CBC8D0.E7D4AA7C Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I found it to be an extremely useful technique; a neat way to address an important SP's security issue, totally support it and must be included as a WG item. =20 Atif. =20 Hi all, =20 http://www.ietf.org/id/draft-shahid-protect-edge-devices-00.txt =20 I gather the author is amenable to the idea that this could become a working group document, if the working group is inclined to spend time on it. =20 =20 Joe =20 =20 =20 ------_=_NextPart_001_01CBC8D0.E7D4AA7C Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable 
I found it to be an extremely useful =
technique; a neat way to address an important SP’s security issue, =
totally support it and must be included as a WG =
item.
 
Atif.
 
Hi =
all,
 
=
http://www.ietf.org/id/draft-shahid-protect-edge-devices-00.txt<=
/o:p>
 
I gather the author is amenable to the idea =
that this could become a working group document, if the working group is =
inclined to spend time on it.
 
 
Joe

 

 

 

------_=_NextPart_001_01CBC8D0.E7D4AA7C-- From warren@kumari.net Thu Feb 10 06:54:54 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 21DC43A6969 for ; Thu, 10 Feb 2011 06:54:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E6WJrUcrI9i2 for ; Thu, 10 Feb 2011 06:54:53 -0800 (PST) Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by core3.amsl.com (Postfix) with ESMTP id 23DF33A69C0 for ; Thu, 10 Feb 2011 06:54:52 -0800 (PST) Received: from [10.67.11.82] (64.1.210.2.ptr.us.xo.net [64.1.210.2]) by vimes.kumari.net (Postfix) with ESMTPSA id 608831B41208; Thu, 10 Feb 2011 09:55:04 -0500 (EST) Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: Warren Kumari In-Reply-To: <1CB3A020-FF29-49E7-9975-2EC9562BDBF6@kumari.net> Date: Thu, 10 Feb 2011 09:55:03 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <2641CEFE-58F2-494C-9F2D-516F68D5917B@kumari.net> References: <1CB3A020-FF29-49E7-9975-2EC9562BDBF6@kumari.net> To: Warren Kumari X-Mailer: Apple Mail (2.1081) Cc: opsec@ietf.org Subject: Re: [OPSEC] Meeting in Prague. X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2011 14:54:54 -0000 I believe that Fernando has some work that he would be willing to = discuss in a face to face meeting... Anyone else? Beuller?=20 W On Feb 8, 2011, at 8:06 PM, Warren Kumari wrote: > Hi there, >=20 > Joe Abley and I are trying to determine if an OpSec meeting in Prague = makes sense. >=20 > We would appreciate the Working Groups feedback -- are you planning on = attending Prague? > Do you have anything that you would like to present or discuss? >=20 > Both Joe and myself will be there, but we need to keep in mind that = meeting timeslots are a precious commodity... >=20 > W >=20 >=20 From joelja@bogus.com Thu Feb 10 07:36:18 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9F9343A67EC for ; Thu, 10 Feb 2011 07:36:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.239 X-Spam-Level: X-Spam-Status: No, score=-102.239 tagged_above=-999 required=5 tests=[AWL=0.360, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IfSZHb1tr2Zs for ; Thu, 10 Feb 2011 07:36:17 -0800 (PST) Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id 29FA33A6956 for ; Thu, 10 Feb 2011 07:36:16 -0800 (PST) Received: from joelja-mac.lan (c-98-234-216-143.hsd1.ca.comcast.net [98.234.216.143]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id p1AFaRcR035200 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Thu, 10 Feb 2011 15:36:28 GMT (envelope-from joelja@bogus.com) Message-ID: <4D5405FB.7080109@bogus.com> Date: Thu, 10 Feb 2011 07:36:27 -0800 From: Joel Jaeggli User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: Warren Kumari References: <1CB3A020-FF29-49E7-9975-2EC9562BDBF6@kumari.net> <2641CEFE-58F2-494C-9F2D-516F68D5917B@kumari.net> In-Reply-To: <2641CEFE-58F2-494C-9F2D-516F68D5917B@kumari.net> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: opsec@ietf.org Subject: Re: [OPSEC] Meeting in Prague. X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2011 15:36:18 -0000 On 2/10/11 6:55 AM, Warren Kumari wrote: > I believe that Fernando has some work that he would be willing to discuss in a face to face meeting... > > Anyone else? Beuller? The opsec list has had some meaningful traffic since the last meeting. if there are still people raring to work on some of the filtering issues that were raised it's worth organizing an actual BOF in an actual bar to connecting any interested parties. assuming there are no drafts including resurected or exhumed one's at this point. > W > On Feb 8, 2011, at 8:06 PM, Warren Kumari wrote: > >> Hi there, >> >> Joe Abley and I are trying to determine if an OpSec meeting in Prague makes sense. >> >> We would appreciate the Working Groups feedback -- are you planning on attending Prague? >> Do you have anything that you would like to present or discuss? >> >> Both Joe and myself will be there, but we need to keep in mind that meeting timeslots are a precious commodity... >> >> W >> >> > > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > From fernando.gont.netbook.win@gmail.com Fri Feb 11 07:30:37 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 11BD53A6AEE for ; Fri, 11 Feb 2011 07:30:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0APzAWWox60J for ; Fri, 11 Feb 2011 07:30:36 -0800 (PST) Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id 1AB3A3A6ADE for ; Fri, 11 Feb 2011 07:30:36 -0800 (PST) Received: by gyd12 with SMTP id 12so1239725gyd.31 for ; Fri, 11 Feb 2011 07:30:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:message-id:date:from:user-agent :mime-version:to:cc:subject:x-enigmail-version:openpgp:content-type :content-transfer-encoding; bh=BoAaspxDEit5GNMYEywABtgeHPf5hKgveO/AP8VwVZw=; b=DkIFi7z8+uUFlDbW6RPGFjhpn6TVTmyT9lawZ49XCRJtNKTBbCfokVjGLxeWajwo8A DFhTdos5GrKXoyGJ3jNCF9bl3+HsjLnD51+Re63opFjZ2Oxs2GSl7AeBRLDX4rTtJOVZ zDYvST3qEMCJAVXMJBqkDNDD+Wiy2B+arfoLQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=wBlCvh7UhHfm/s+Ior6D28kGDHsib08iYpq2zll4w1z0CrIqGVgzrPIHnpzzueXAFQ IYRoi7hLFhjO0nmH5rTCQulKf6UtMFgvqEJ0Mh9CXIyIsZhfToldhOjU4URLFdLviXkk WbUn9BN+8X2G4GVgMsIU/3luRzpb/BbrecMFs= Received: by 10.147.35.9 with SMTP id n9mr691435yaj.24.1297438250759; Fri, 11 Feb 2011 07:30:50 -0800 (PST) Received: from [192.168.0.120] (61-128-17-190.fibertel.com.ar [190.17.128.61]) by mx.google.com with ESMTPS id g76sm575956yhd.37.2011.02.11.07.30.46 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 11 Feb 2011 07:30:49 -0800 (PST) Sender: Fernando Gont Message-ID: <4D554E63.5020902@gont.com.ar> Date: Fri, 11 Feb 2011 11:57:39 -0300 From: Fernando Gont User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2 MIME-Version: 1.0 To: "'opsec@ietf.org'" X-Enigmail-Version: 1.1.1 OpenPGP: id=D076FFF1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [OPSEC] IP options filtering recommendations X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2011 15:30:37 -0000 Folks, Last year we had published the IETF I-D "IP Options Filtering Recommendations" (draft-gont-opsec-ip-options-filtering-00.txt), currently available at: http://tools.ietf.org/id/draft-gont-opsec-ip-options-filtering-00.txt This I-D was produced in response to a request by Ron Bonica at the Hiroshima IETF, as it was deemed that advice in this area was needed. I'm planning to publish a revision of this document soon (in the first week of March 2011 as the latest). Therefore, I would welcome any feedback or suggestions, such that they can be incorporated in the next revision of the document. Thanks! Best regards, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From Internet-Drafts@ietf.org Mon Feb 14 19:15:02 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6A9D73A6E1E; Mon, 14 Feb 2011 19:15:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.581 X-Spam-Level: X-Spam-Status: No, score=-102.581 tagged_above=-999 required=5 tests=[AWL=0.018, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KpmPbgiIiB-M; Mon, 14 Feb 2011 19:15:01 -0800 (PST) Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B41B93A6C3F; Mon, 14 Feb 2011 19:15:01 -0800 (PST) MIME-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 3.12 Message-ID: <20110215031501.26700.65629.idtracker@localhost> Date: Mon, 14 Feb 2011 19:15:01 -0800 Cc: opsec@ietf.org Subject: [OPSEC] I-D Action:draft-ietf-opsec-efforts-15.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Feb 2011 03:15:02 -0000 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure Working Group of the IETF. Title : Security Best Practices Efforts and Documents Author(s) : C. Lonvick, D. Spak Filename : draft-ietf-opsec-efforts-15.txt Pages : 45 Date : 2011-02-14 This document provides a snapshot of the current efforts to define or apply security requirements in various Standards Developing Organizations (SDO). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-opsec-efforts-15.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-opsec-efforts-15.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2011-02-14190310.I-D@ietf.org> --NextPart-- From ehsan.khan@hydroone.com Sun Feb 27 19:47:37 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7C4CB3A698D for ; Sun, 27 Feb 2011 19:47:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5KEHtsRq6yM8 for ; Sun, 27 Feb 2011 19:47:36 -0800 (PST) Received: from hydroone.com (mail2.hydroone.com [192.75.118.20]) by core3.amsl.com (Postfix) with ESMTP id 713023A694A for ; Sun, 27 Feb 2011 19:47:36 -0800 (PST) Received: from ([142.10.2.118]) by mail2.hydroone.com with ESMTP id 18941L1.118658197; Sun, 27 Feb 2011 22:47:08 -0500 Received: from 1102MILPEV.corp.hydroone.com ([142.10.2.110]) by 1105MILPST.corp.hydroone.com with Microsoft SMTPSVC(6.0.3790.4675); Sun, 27 Feb 2011 22:48:32 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Sun, 27 Feb 2011 22:48:32 -0500 Message-ID: In-Reply-To: <41BBAE5132ABA54BB2BA8716254F03D60313F293@1104MILPEV.corp.hydroone.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [OPSEC] of possible interest to opsec Thread-Index: AcvI0KtYh80T3d3USFircbYAK5L38gOKW26w References: <41BBAE5132ABA54BB2BA8716254F03D60313F293@1104MILPEV.corp.hydroone.com> From: To: , X-OriginalArrivalTime: 28 Feb 2011 03:48:32.0896 (UTC) FILETIME=[5EB02000:01CBD6FA] X-TM-AS-Product-Ver: SMEX-10.0.0.1412-6.500.1024-17982.003 X-TM-AS-Result: No--5.869800-0.000000-31 X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No Subject: Re: [OPSEC] of possible interest to opsec X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Feb 2011 03:47:37 -0000 I would say this document is describing a very useful technique in simple way of securing the network in SP's environment without spending money for connecting edge devices with customer router. I will support if it gets considered as a WG item. Ehsan=20 ________________________________ From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf Of SIDDIQUI Atif Sent: Wednesday, February 09, 2011 10:16 PM To: opsec@ietf.org Subject: Re: [OPSEC] of possible interest to opsec I found it to be an extremely useful technique; a neat way to address an important SP's security issue, totally support it and must be included as a WG item. =20 Atif. =20 Hi all, =20 http://www.ietf.org/id/draft-shahid-protect-edge-devices-00.txt =20 I gather the author is amenable to the idea that this could become a working group document, if the working group is inclined to spend time on it. =20 =20 Joe =20 =20 =20 From Farhan.AhmedShah@mtsallstream.com Mon Feb 28 12:11:51 2011 Return-Path: X-Original-To: opsec@core3.amsl.com Delivered-To: opsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4B0853A6C16 for ; Mon, 28 Feb 2011 12:11:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GrATLn6P7nop for ; Mon, 28 Feb 2011 12:11:50 -0800 (PST) Received: from tj1mg001.mtsallstream.com (tj1mg001.mtsallstream.com [216.13.127.50]) by core3.amsl.com (Postfix) with ESMTP id DE3383A67D9 for ; Mon, 28 Feb 2011 12:11:41 -0800 (PST) Received: from tj1ex001.mtsallstream.com (tj1ex001.mtsallstream.com [10.18.1.100]) by tj1mg001.mtsallstream.com (8.13.1/8.13.1) with ESMTP id p1SKCfcH013767 for ; Mon, 28 Feb 2011 15:12:42 -0500 Received: from TJ1EXA02.mtsallstream.com ([10.18.11.74]) by tj1ex001.mtsallstream.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 28 Feb 2011 15:12:41 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Date: Mon, 28 Feb 2011 15:12:41 -0500 Message-ID: <9A2EA419642D9C4688F40CAC45ABBE1C0109B4DF@TJ1EXA02.mtsallstream.com> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [OPSEC] of possible interest to opsec Thread-Index: AcvI0KtYh80T3d3USFircbYAK5L38gOKW26wACJsJ4A= References: <41BBAE5132ABA54BB2BA8716254F03D60313F293@1104MILPEV.corp.hydroone.com> From: "Ahmed Shah, Farhan" To: X-OriginalArrivalTime: 28 Feb 2011 20:12:41.0824 (UTC) FILETIME=[DA977E00:01CBD783] Subject: Re: [OPSEC] of possible interest to opsec X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Feb 2011 20:11:51 -0000 Just read your document, I think the idea of using Odd and Even access-lists for point-to-point links is a great idea. With the way we have structured our IP Addressing scheme, it will work perfectly. Seems pretty straight idea but don't know why it didn't come our mind before. I fully support it and must be included as a WG document. I personally believe if this becomes an RFC then lot of Service providers will have this information and most probably they will implement it. Farhan Shah -----Original Message----- From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf Of Ehsan.Khan@HydroOne.com Sent: Sunday, February 27, 2011 10:49 PM To: Atif.Siddiqui@HydroOne.com; opsec@ietf.org Subject: Re: [OPSEC] of possible interest to opsec I would say this document is describing a very useful technique in simple way of securing the network in SP's environment without spending money for connecting edge devices with customer router. I will support if it gets considered as a WG item. Ehsan=20 ________________________________ From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf Of SIDDIQUI Atif Sent: Wednesday, February 09, 2011 10:16 PM To: opsec@ietf.org Subject: Re: [OPSEC] of possible interest to opsec I found it to be an extremely useful technique; a neat way to address an important SP's security issue, totally support it and must be included as a WG item. =20 Atif. =20 Hi all, =20 http://www.ietf.org/id/draft-shahid-protect-edge-devices-00.txt =20 I gather the author is amenable to the idea that this could become a working group document, if the working group is inclined to spend time on it. =20 =20 Joe =20 =20 =20 _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec