From kkumar@google.com Tue May 15 08:34:11 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B158F21F880B for ; Tue, 15 May 2012 08:34:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.825 X-Spam-Level: X-Spam-Status: No, score=-102.825 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u++vJlzgfGPd for ; Tue, 15 May 2012 08:34:11 -0700 (PDT) Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id AA5A021F87FF for ; Tue, 15 May 2012 08:34:09 -0700 (PDT) Received: by lagv3 with SMTP id v3so3400605lag.31 for ; Tue, 15 May 2012 08:34:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc:content-type :x-system-of-record; bh=lCJE3O1outR/k0wEOnytyfAQdwQ2ou9+Z1QXn2hCE+4=; b=FEzUDPcf5FF/BJBoWTPiOROCqmlm6FeoxtuQtl9pW8iMwwHCdrZfOYEeZIfL49INwL c5+h5VS1m8RkBM6r39hXWN5NpkoXMTlgg4qeZgvO4X+bQNlKjsI2L73mMYaacA4U+qZ+ 2lP55FAoqDyi9IG5pRoGg0hu4I/RLBJOjI8B+WwUEQ74+LylBJfP3qqRbOcopOKV/drr N4H8N1rIRo0F4brVhIhfev72VwHZHcARC2HPP0rsW04A/pi2pMs61JGTbRCZdgHNpiFZ uyzITHAwXVH3RgM1Jgyar/U6cMvb2ed+8OddprlKo/F27RW40Tho3HLrxH6GO1kI1Ysq JoFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc:content-type :x-system-of-record:x-gm-message-state; bh=lCJE3O1outR/k0wEOnytyfAQdwQ2ou9+Z1QXn2hCE+4=; b=n1P6hyi6LxlUbFrgYtCtM1TVOvD35IwPwJVJO2l+8mJHqq7WVcO/4RN4oP2dWVj/RI jepfW4ATO2XvoH9RXoc8QnUZcHrJ9A+UQoz28npNK4Vvz875qIRdKj+YS/qrGFRi7aqf A6OliFsbvSCJuX3fxBnqHMHluoS56TT/ft8hlMal2deCdoMx50Rboc6rm55ifUVFuTl5 hnJ24xq6TI5POUKSvHzal4n5r+2qmO6pv4ZdsSsGAH9ejkXmME3cOQzYV+nO3PSguZ2A GhJXNhC87z6EKqBK853r8yGDOKgF02zwtrRFytSjSTEyu7dmq1rKkZKYvdm3uZZXSZ/V 2lWQ== Received: by 10.112.40.5 with SMTP id t5mr5691610lbk.55.1337096047623; Tue, 15 May 2012 08:34:07 -0700 (PDT) Received: by 10.112.40.5 with SMTP id t5mr5691598lbk.55.1337096047407; Tue, 15 May 2012 08:34:07 -0700 (PDT) MIME-Version: 1.0 Received: by 10.112.98.3 with HTTP; Tue, 15 May 2012 08:33:47 -0700 (PDT) From: KK Date: Tue, 15 May 2012 08:33:47 -0700 Message-ID: To: opsec@ietf.org Content-Type: multipart/alternative; boundary=485b390f7b9eefb18c04c014ee75 X-System-Of-Record: true X-Gm-Message-State: ALoCoQkR77SlBlTsjKDHsNiLewYSk+/C00mwwguwV0usC/H79a6I6NAT1XoACoPZzmwRPwo8ilK5k9nvdANZXEudtq9VnnKhsqpmS1sXj38Mk7Zsf3TfXztwX9Qy9rSxqw/jq6353cgO Cc: opsec chairs Subject: [OPSEC] Question: Interim Meeting X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 May 2012 15:34:11 -0000 --485b390f7b9eefb18c04c014ee75 Content-Type: text/plain; charset=ISO-8859-1 Hello, Given the growth of drafts in opsec, Gunter and I wanted to gauge potential interest on the possibility of an interim opsec wg meeting. Here, we would discuss drafts that have been updated or posted no later than a week in advance of the interim. Additionally, it would also be very helpful if you could indicate specific drafts which you think would benefit from review then. To help us plan, can we get a headcount of people who would be receptive to the idea of an interim scheduled to coincide with the end of RIPE 65 (Amsterdam, Sep 24 - 28). It would be ideal if you could also indicate your ability to participate in-person vs. remotely. Thanks, KK --485b390f7b9eefb18c04c014ee75 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hello,

Given the growth of drafts in opsec, Gunter and I wanted= to=A0gauge=A0potential interest on the possibility of an interim opsec wg = meeting. Here, we= would discuss drafts that have been updated or posted no later than a week= in advance of the interim. Additionally, it would also be very help= ful if you could indicate specific drafts which you think would benefit fro= m review then.=A0

To help us plan, can we get a headcount of people who w= ould be receptive to the idea of an interim scheduled to coincide with the = end of RIPE 65 (Amsterdam, Sep 24 - 28).=A0It would be ideal if you could a= lso indicate your ability to participate in-person vs. remotely.

Thanks,<= div>KK --485b390f7b9eefb18c04c014ee75-- From gvandeve@cisco.com Wed May 16 02:40:16 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64EE021F86F5 for ; Wed, 16 May 2012 02:40:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.598 X-Spam-Level: X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JvfvRipRc12b for ; Wed, 16 May 2012 02:40:12 -0700 (PDT) Received: from ams-iport-3.cisco.com (ams-iport-3.cisco.com [144.254.224.146]) by ietfa.amsl.com (Postfix) with ESMTP id 1F93321F8711 for ; Wed, 16 May 2012 02:40:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=gvandeve@cisco.com; l=3622; q=dns/txt; s=iport; t=1337161212; x=1338370812; h=mime-version:subject:date:message-id:from:to:cc; bh=ktsdSzwNfd82djOarsTiLPpJ9ZJZev5lF5YwSxIFbdQ=; b=hhjnr30Mo9sx/uksd6KDS/BJ3EDcmjQB9aXiof24gfe4EVeLNSKgwV5J sytPTqJbV+cBypurMYQgYhQLppKu6HrPod72R808OOlmBSJ8tlMsMdWAt NOnOIQfBWCt8svATAPIq6Yt8WYlk8Oybkshe4XyUJ/58npv2cTHjhFZQh U=; X-IronPort-AV: E=Sophos;i="4.75,601,1330905600"; d="scan'208,217";a="4571579" Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-3.cisco.com with ESMTP; 16 May 2012 09:40:10 +0000 Received: from xbh-ams-101.cisco.com (xbh-ams-101.cisco.com [144.254.74.71]) by ams-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id q4G9eAOQ031651; Wed, 16 May 2012 09:40:10 GMT Received: from xmb-ams-102.cisco.com ([144.254.74.77]) by xbh-ams-101.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 16 May 2012 11:40:10 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CD3347.E26816C7" Date: Wed, 16 May 2012 11:40:09 +0200 Message-ID: <5C99EC8C99D9BB45AC51D20DC2AD2DC5079770A2@XMB-AMS-102.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Drafts for Vancouver for OPSEC WG Thread-Index: Ac0zR+ISF6qxbQr7S+uSUmuLvtSr/w== From: "Gunter Van de Velde (gvandeve)" To: X-OriginalArrivalTime: 16 May 2012 09:40:10.0035 (UTC) FILETIME=[E28F5030:01CD3347] Subject: [OPSEC] Drafts for Vancouver for OPSEC WG X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 May 2012 09:40:16 -0000 This is a multi-part message in MIME format. ------_=_NextPart_001_01CD3347.E26816C7 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Dear all, =20 We are starting to process for agenda planning for the Vancouver IETF84, however please be aware of the following message. =20 Only drafts that have been discussed within the OPSEC email alias will be granted a slot at the next OPSEC WG meeting at IETF84 Vancouver. =20 This very important to understand the potential clashes with other working groups, and in addition we desire to have an Area Director attending the meeting if possible. =20 G/ & KK (OPSEC Chairs) ------_=_NextPart_001_01CD3347.E26816C7 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Dear all,

 

We are starting to process for = agenda planning for the Vancouver IETF84, however please be aware of the = following message.

 

Only drafts that have been = discussed within the OPSEC email alias will be granted a slot at the next OPSEC WG = meeting at IETF84 Vancouver.

 

This very important to = understand the potential clashes with other working groups, and in addition we desire to have an = Area Director attending the meeting if possible.

 

G/ & KK (OPSEC = Chairs)

------_=_NextPart_001_01CD3347.E26816C7-- From rbonica@juniper.net Thu May 17 09:11:47 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75B3B21F866D; Thu, 17 May 2012 09:11:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.548 X-Spam-Level: X-Spam-Status: No, score=-106.548 tagged_above=-999 required=5 tests=[AWL=0.051, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id coXxzb2qndnH; Thu, 17 May 2012 09:11:46 -0700 (PDT) Received: from exprod7og126.obsmtp.com (exprod7og126.obsmtp.com [64.18.2.206]) by ietfa.amsl.com (Postfix) with ESMTP id 57F3B21F865B; Thu, 17 May 2012 09:11:46 -0700 (PDT) Received: from P-EMHUB03-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob126.postini.com ([64.18.6.12]) with SMTP ID DSNKT7UjQVh98DnwTfNI4+CsbJ0D4NqxJGn7@postini.com; Thu, 17 May 2012 09:11:46 PDT Received: from P-CLDFE02-HQ.jnpr.net (172.24.192.60) by P-EMHUB03-HQ.jnpr.net (172.24.192.37) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 17 May 2012 09:11:31 -0700 Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by p-cldfe02-hq.jnpr.net (172.24.192.60) with Microsoft SMTP Server (TLS) id 14.1.355.2; Thu, 17 May 2012 09:11:31 -0700 Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Thu, 17 May 2012 12:11:30 -0400 From: Ronald Bonica To: "grow@ietf.org" , "opsec@ietf.org" Date: Thu, 17 May 2012 12:11:29 -0400 Thread-Topic: draft-ietf-grow-private-ip-sp-cores Thread-Index: Ac00R7enS8J+NXJ5TBeH1QUCwxMMRg== Message-ID: <13205C286662DE4387D9AF3AC30EF456D76BA8836D@EMBX01-WF.jnpr.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [OPSEC] draft-ietf-grow-private-ip-sp-cores X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 May 2012 16:11:47 -0000 Folks, Thanks for introducing this document!=20 I would like to bring the authors' attention to the following documents tha= t are working in OPSEC: - draft-behringer-lla-only - draft-baker-opsec-passive-ip-address To some extent, draft-grow and draft-behringer are debating with one anothe= r. While draft-baker is not directly involved in the debate, it is not unin= volved, either. It is a shame that the three documents are being considered= in different WGs.=20 For the purpose of discussing these three documents, I think that a little = cross-posting is acceptable. -------------------------- Ron Bonica vcard: www.bonica.org/ron/ronbonica.vcf From fernando.gont.netbook.win@gmail.com Sat May 19 07:36:53 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CEE821F8624 for ; Sat, 19 May 2012 07:36:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IkdcbZKar2nH for ; Sat, 19 May 2012 07:36:52 -0700 (PDT) Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id A4E7421F8621 for ; Sat, 19 May 2012 07:36:45 -0700 (PDT) Received: by ggnc4 with SMTP id c4so4194229ggn.31 for ; Sat, 19 May 2012 07:36:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=m2iWzRsbET+nWK1GgGSjagBdWmOwMmCzdd3UaU0Dhbk=; b=DYILFHzirn9YQciO9PHqz8/9gmvtN0pj3xX3/ODnjOWHHYWb2tfG39aqFZWIH0vdzP o1mb9opgl1+/ESgwaNHlW2PPH1LCuWXSw314z3yvMm+4C4EEnBiuXIw1sdmiltJVnAJl 1MyehkkdI/bA/wYlEo0jyLCtdDsDDBfNt6U/64LRQGdZe0/0d6spXBtP4EX+0oxgdM81 HFaFIAHb/iJyCX26mz2c3sJ4trRvHbFLsWjOuCMmkTrZg2X4nW1o4S2dDezXc7rOMlMn DTRKhZoGyfN64zmY3NmH1nBb4XtzIxBp5Ygxronmvjkc4fKnhwtt9ddVLzsZAt7s57IT rmaw== Received: by 10.236.80.66 with SMTP id j42mr16450199yhe.110.1337438205280; Sat, 19 May 2012 07:36:45 -0700 (PDT) Received: from [192.168.123.103] ([186.134.9.156]) by mx.google.com with ESMTPS id o10sm14586489anm.1.2012.05.19.07.36.38 (version=SSLv3 cipher=OTHER); Sat, 19 May 2012 07:36:44 -0700 (PDT) Sender: Fernando Gont Message-ID: <4FB799B4.3050906@gont.com.ar> Date: Sat, 19 May 2012 10:01:40 -0300 From: Fernando Gont User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 MIME-Version: 1.0 To: "'opsec@ietf.org'" References: <20120518052610.7838.76832.idtracker@ietfa.amsl.com> In-Reply-To: <20120518052610.7838.76832.idtracker@ietfa.amsl.com> X-Enigmail-Version: 1.5pre Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: [OPSEC] New IETF I-D: draft-gont-opsec-dhcpv6-shield-00.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 May 2012 14:36:53 -0000 Folks, We have published a new IETF I-D entitled: "DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers". It is analogous to the RA-Guard (RFC 6105) mechanism currently employed for mitigating RA-based attacks. The I-D is available at: I'm not sure in which wg I'd be pursuing this effort (v6ops, opsec, or dhcwg). If there's interest in this wg, it could be done here. However, in any case discussion of this document within opsec would be welcome. Thanks! Best regards, Fernando -------- Original Message -------- Subject: New Version Notification for draft-gont-opsec-dhcpv6-shield-00.txt Date: Thu, 17 May 2012 22:26:10 -0700 From: internet-drafts@ietf.org To: fgont@si6networks.com A new version of I-D, draft-gont-opsec-dhcpv6-shield-00.txt has been successfully submitted by Fernando Gont and posted to the IETF repository. Filename: draft-gont-opsec-dhcpv6-shield Revision: 00 Title: DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers Creation date: 2012-05-18 WG ID: Individual Submission Number of pages: 12 Abstract: This document specifies a mechanism for protecting hosts connected to a broadcast network against rogue DHCPv6 servers. The aforementioned mechanism is based on DHCPv6 packet-filtering at the layer-2 device on which the packets are received. The aforementioned mechanism has been widely deployed in IPv4 networks ("DHCP snooping"), and hence it is desirable that similar functionality be provided for IPv6 networks. The IETF Secretariat From nick@inex.ie Fri May 18 04:05:09 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBFA221F8599; Fri, 18 May 2012 04:05:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.569 X-Spam-Level: X-Spam-Status: No, score=-2.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gSl9UbtQagI2; Fri, 18 May 2012 04:05:09 -0700 (PDT) Received: from mail.acquirer.com (mail.acquirer.com [IPv6:2a03:8900:0:100::5]) by ietfa.amsl.com (Postfix) with ESMTP id 0903321F8597; Fri, 18 May 2012 04:05:08 -0700 (PDT) X-Envelope-To: opsec@ietf.org Received: from cupcake.local (inet-gw.acquirer.com [87.198.142.10]) (authenticated bits=0) by mail.acquirer.com (8.14.4/8.14.4) with ESMTP id q4IB4RDS094464 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 18 May 2012 12:04:27 +0100 (IST) (envelope-from nick@inex.ie) Message-ID: <4FB62CE1.3050805@inex.ie> Date: Fri, 18 May 2012 12:05:05 +0100 From: Nick Hilliard User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: Ronald Bonica References: <13205C286662DE4387D9AF3AC30EF456D76BA8836D@EMBX01-WF.jnpr.net> In-Reply-To: <13205C286662DE4387D9AF3AC30EF456D76BA8836D@EMBX01-WF.jnpr.net> X-Enigmail-Version: 1.4.1 X-Company-Info-1: Internet Neutral Exchange Association Limited. Registered in Ireland No. 253804 X-Company-Info-2: Registered Offices: 1-2, Marino Mart, Fairview, Dublin 3 X-Company-Info-3: Internet Neutral Exchange Association Limited is limited by guarantee X-Company-Info-4: Offices: 4027 Kingswood Road, Citywest, Dublin 24. Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sat, 19 May 2012 21:32:24 -0700 Cc: "grow@ietf.org" , "opsec@ietf.org" Subject: Re: [OPSEC] [GROW] draft-ietf-grow-private-ip-sp-cores X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2012 11:05:09 -0000 On 17/05/2012 17:11, Ronald Bonica wrote: > Thanks for introducing this document! > > I would like to bring the authors' attention to the following documents > that are working in OPSEC: > > - draft-behringer-lla-only > - draft-baker-opsec-passive-ip-address > > To some extent, draft-grow and draft-behringer are debating with one > another. While draft-baker is not directly involved in the debate, it is > not uninvolved, either. It is a shame that the three documents are being > considered in different WGs. yes, certainly draft-behringer and draft-grow are discussing a substantially similar issue - namely using non-routable interface addresses in the core. tbh, it's not really possible to manage a network without traceroute and remote interface ping. Wes George posted a more complete response here: http://www.ietf.org/mail-archive/web/grow/current/msg02191.html I agree fully with his analysis on all points. Nick From tkirkham@anthony-kirkham.com Sun May 20 03:39:14 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B88B21F8570; Sun, 20 May 2012 03:39:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BBrmHfo5XXZD; Sun, 20 May 2012 03:39:13 -0700 (PDT) Received: from nskntmtas03p.mx.bigpond.com (nskntmtas03p.mx.bigpond.com [61.9.168.143]) by ietfa.amsl.com (Postfix) with ESMTP id EF10221F856C; Sun, 20 May 2012 03:39:12 -0700 (PDT) Received: from nskntotgx04p.mx.bigpond.com ([123.211.150.122]) by nskntmtas03p.mx.bigpond.com with ESMTP id <20120520103910.DKSV10464.nskntmtas03p.mx.bigpond.com@nskntotgx04p.mx.bigpond.com>; Sun, 20 May 2012 10:39:10 +0000 Received: from Anthonys-MacBook-Pro.local ([123.211.150.122]) by nskntotgx04p.mx.bigpond.com with ESMTP id <20120520103910.JAXH9520.nskntotgx04p.mx.bigpond.com@Anthonys-MacBook-Pro.local>; Sun, 20 May 2012 10:39:10 +0000 Message-ID: <4FB8C99D.4030202@anthony-kirkham.com> Date: Sun, 20 May 2012 20:38:21 +1000 From: Anthony Kirkham Organization: Anthony-Kirkham.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: Ronald Bonica References: <13205C286662DE4387D9AF3AC30EF456D76BA8836D@EMBX01-WF.jnpr.net> In-Reply-To: <13205C286662DE4387D9AF3AC30EF456D76BA8836D@EMBX01-WF.jnpr.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH PLAIN at nskntotgx04p.mx.bigpond.com from [123.211.150.122] using ID anthony.kirkham at Sun, 20 May 2012 10:39:10 +0000 X-SIH-MSG-ID: ohg6EtD/TFOplWx72WziQVUtlUy7/yU1v8pWRYIhuRsaT1jBuMDAQs+jbaJDw56FkWBcS0vMLmMgc63kV4zYuNiwMb5RW7Lj X-Mailman-Approved-At: Sun, 20 May 2012 08:00:34 -0700 Cc: "grow@ietf.org" , "opsec@ietf.org" Subject: Re: [OPSEC] [GROW] draft-ietf-grow-private-ip-sp-cores X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: tkirkham@anthony-kirkham.com List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 May 2012 10:39:14 -0000 If we come back to the original intent of this draft. The private-ip draft was fundamentally intended to provide some useful information on a topic, which had not previously been documented. And in my experience, there was a lot of confusion in relation to the subject across many ISPs. It was certainly not designed to make recommendations as to best practice (even though I have my own views on that). I have worded the document to avoid any suggestion of good or bad practice, just documenting the effects. I would not like to see it delayed by getting caught up in these discussions. It should certainly not prevent any of these other discussions going forward. That's my 0.02c, and again thanks for all the feedback and discussion. Tony K On 18/05/12 2:11 AM, Ronald Bonica wrote: > Folks, > > Thanks for introducing this document! > > I would like to bring the authors' attention to the following documents that are working in OPSEC: > > - draft-behringer-lla-only > - draft-baker-opsec-passive-ip-address > > To some extent, draft-grow and draft-behringer are debating with one another. While draft-baker is not directly involved in the debate, it is not uninvolved, either. It is a shame that the three documents are being considered in different WGs. > > For the purpose of discussing these three documents, I think that a little cross-posting is acceptable. > > -------------------------- > Ron Bonica > vcard: www.bonica.org/ron/ronbonica.vcf > > > _______________________________________________ > GROW mailing list > GROW@ietf.org > https://www.ietf.org/mailman/listinfo/grow > > -- From robert@raszuk.net Tue May 22 05:00:15 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF19421F854D for ; Tue, 22 May 2012 05:00:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xDJ0mzcmNgdN for ; Tue, 22 May 2012 05:00:15 -0700 (PDT) Received: from mail1310.opentransfer.com (mail1310.opentransfer.com [76.162.254.103]) by ietfa.amsl.com (Postfix) with ESMTP id D791821F852B for ; Tue, 22 May 2012 05:00:14 -0700 (PDT) Received: (qmail 14599 invoked by uid 399); 22 May 2012 12:00:14 -0000 Received: from unknown (HELO ?192.168.1.91?) (pbs:m42@mojaklasa.info@83.31.233.32) by mail1310.opentransfer.com with ESMTPM; 22 May 2012 12:00:14 -0000 X-Originating-IP: 83.31.233.32 Message-ID: <4FBB7FC7.2050307@raszuk.net> Date: Tue, 22 May 2012 14:00:07 +0200 From: Robert Raszuk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: "t.petch" References: <13205C286662DE4387D9AF3AC30EF456D76BA8836D@EMBX01-WF.jnpr.net> <016b01cd37fc$9e125420$4001a8c0@gateway.2wire.net> In-Reply-To: <016b01cd37fc$9e125420$4001a8c0@gateway.2wire.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: grow@ietf.org, opsec@ietf.org Subject: Re: [OPSEC] [GROW] draft-ietf-grow-private-ip-sp-cores X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: robert@raszuk.net List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2012 12:00:15 -0000 Extremely well said Tom ! Rgs, R. > ----- Original Message ----- > From: "Ronald Bonica" > To:; > Sent: Thursday, May 17, 2012 5:11 PM >> Folks, >> >> Thanks for introducing this document! >> >> I would like to bring the authors' attention to the following > documents that are working in OPSEC: >> >> - draft-behringer-lla-only >> - draft-baker-opsec-passive-ip-address >> >> To some extent, draft-grow and draft-behringer are debating with one > another. While draft-baker is not directly involved in the debate, it is > not uninvolved, either. It is a shame that the three documents are being > considered in different WGs. > > I think it a bigger shame that draft-ietf-grow-private-ip-sp-cores is > not in the RFC Editor queue awaiting publication! > > It is a natural companion to RFC6598 and could have, should have, been > in the queue at the same time. This I-D was relevant when it was first > written 2 years ago, and I see its relevance decreasing with time, as > people stumble over the mistakes that this I-D could have prevented. It > has taken those 2 years to get this I-D IETF-ready, little has changed > in the content in that time, and it is time we got it out of the door. > > Of course there is scope for improvement, there always is, but that is > an argument for never publishing anything. If the authors of the other > I-Ds want to build on it, then of course they can produce a bis that > covers more, but let's publish what we have got. > > Tom Petch > >> >> For the purpose of discussing these three documents, I think that a > little cross-posting is acceptable. >> >> -------------------------- >> Ron Bonica >> vcard: www.bonica.org/ron/ronbonica.vcf From rbonica@juniper.net Tue May 22 14:10:51 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6564B21F8589; Tue, 22 May 2012 14:10:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.299 X-Spam-Level: X-Spam-Status: No, score=-106.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_15=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rqYi4JeSCi08; Tue, 22 May 2012 14:10:46 -0700 (PDT) Received: from exprod7og110.obsmtp.com (exprod7og110.obsmtp.com [64.18.2.173]) by ietfa.amsl.com (Postfix) with ESMTP id 4681121F8603; Tue, 22 May 2012 14:10:44 -0700 (PDT) Received: from P-EMHUB03-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob110.postini.com ([64.18.6.12]) with SMTP ID DSNKT7wA0/pdvdhUftJGAMoim5jk+RCK23ld@postini.com; Tue, 22 May 2012 14:10:45 PDT Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by P-EMHUB03-HQ.jnpr.net (172.24.192.37) with Microsoft SMTP Server (TLS) id 8.3.213.0; Tue, 22 May 2012 14:07:21 -0700 Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Tue, 22 May 2012 17:07:10 -0400 From: Ronald Bonica To: t.petch , "grow@ietf.org" , "opsec@ietf.org" Date: Tue, 22 May 2012 17:07:08 -0400 Thread-Topic: [GROW] draft-ietf-grow-private-ip-sp-cores Thread-Index: Ac03/QuUMzo/ZokMR2GmjIr9l5EgQQAYLJlA Message-ID: <13205C286662DE4387D9AF3AC30EF456D76C03EEBF@EMBX01-WF.jnpr.net> References: <13205C286662DE4387D9AF3AC30EF456D76BA8836D@EMBX01-WF.jnpr.net> <016b01cd37fc$9e125420$4001a8c0@gateway.2wire.net> In-Reply-To: <016b01cd37fc$9e125420$4001a8c0@gateway.2wire.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [OPSEC] [GROW] draft-ietf-grow-private-ip-sp-cores X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2012 21:10:51 -0000 Tom, AFAIKS, the WGLC that Chris suggested in the email below can proceed: - http://www.ietf.org/mail-archive/web/grow/current/msg02263.html The updates that Chris requested seem to be addressed in the two versions t= hat have been posted since then. Chris, do you agree? Ron > -----Original Message----- > From: t.petch [mailto:ietfc@btconnect.com] > Sent: Tuesday, May 22, 2012 5:24 AM > To: Ronald Bonica; grow@ietf.org; opsec@ietf.org > Subject: Re: [GROW] draft-ietf-grow-private-ip-sp-cores >=20 > ----- Original Message ----- > From: "Ronald Bonica" > To: ; > Sent: Thursday, May 17, 2012 5:11 PM > > Folks, > > > > Thanks for introducing this document! > > > > I would like to bring the authors' attention to the following > documents that are working in OPSEC: > > > > - draft-behringer-lla-only > > - draft-baker-opsec-passive-ip-address > > > > To some extent, draft-grow and draft-behringer are debating with one > another. While draft-baker is not directly involved in the debate, it > is not uninvolved, either. It is a shame that the three documents are > being considered in different WGs. >=20 > I think it a bigger shame that draft-ietf-grow-private-ip-sp-cores is > not in the RFC Editor queue awaiting publication! >=20 > It is a natural companion to RFC6598 and could have, should have, been > in the queue at the same time. This I-D was relevant when it was first > written 2 years ago, and I see its relevance decreasing with time, as > people stumble over the mistakes that this I-D could have prevented. > It has taken those 2 years to get this I-D IETF-ready, little has > changed in the content in that time, and it is time we got it out of > the door. >=20 > Of course there is scope for improvement, there always is, but that is > an argument for never publishing anything. If the authors of the other > I-Ds want to build on it, then of course they can produce a bis that > covers more, but let's publish what we have got. >=20 > Tom Petch >=20 > > > > For the purpose of discussing these three documents, I think that a > little cross-posting is acceptable. > > > > -------------------------- > > Ron Bonica > > vcard: www.bonica.org/ron/ronbonica.vcf > > > > > > _______________________________________________ > > GROW mailing list > > GROW@ietf.org > > https://www.ietf.org/mailman/listinfo/grow > > >=20 From warren@kumari.net Thu May 24 08:59:02 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 060B421F85EF for ; Thu, 24 May 2012 08:59:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.412 X-Spam-Level: X-Spam-Status: No, score=-106.412 tagged_above=-999 required=5 tests=[AWL=0.188, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S19hZNeBw8nJ for ; Thu, 24 May 2012 08:59:01 -0700 (PDT) Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by ietfa.amsl.com (Postfix) with ESMTP id 9120121F8597 for ; Thu, 24 May 2012 08:59:01 -0700 (PDT) Received: from dhcp-172-19-118-235.cbf.corp.google.com (unknown [64.13.52.115]) by vimes.kumari.net (Postfix) with ESMTPSA id CEFA81B402F0 for ; Thu, 24 May 2012 11:59:00 -0400 (EDT) From: Warren Kumari Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Thu, 24 May 2012 11:58:58 -0400 Message-Id: <55C66AF5-F84F-44BF-9972-8725244F3302@kumari.net> To: opsec@ietf.org Mime-Version: 1.0 (Apple Message framework v1278) X-Mailer: Apple Mail (2.1278) Subject: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2012 15:59:02 -0000 Dear Working Group, This is to start a two week poll to adopt draft-gont-opsec-ip-options-filtering ( helpful link: = http://tools.ietf.org/html/draft-gont-opsec-ip-options-filtering-04) as an OpSec Working Group draft. Please send your comments to the OpSec list (opsec@ietf.org). This adoption call closes on June 7th, 2012. (This document was discussed in the Paris meeting, and not enough people = had read the document to be able to predict consensus. Please take a = moment (or 5) to read and comment. I should mention that Memorial Day is = coming up in the US soon -- there is nothing quite so enjoyable as = reading drafts on the beach -- try it!) W --=20 With Feudalism, it's your Count that votes. From ietfc@btconnect.com Tue May 22 02:26:59 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D2F021F854F; Tue, 22 May 2012 02:26:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.74 X-Spam-Level: X-Spam-Status: No, score=-1.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I4gaDAmVZfkv; Tue, 22 May 2012 02:26:59 -0700 (PDT) Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe002.messaging.microsoft.com [216.32.180.12]) by ietfa.amsl.com (Postfix) with ESMTP id CE51321F854D; Tue, 22 May 2012 02:26:58 -0700 (PDT) Received: from mail218-va3-R.bigfish.com (10.7.14.249) by VA3EHSOBE010.bigfish.com (10.7.40.12) with Microsoft SMTP Server id 14.1.225.22; Tue, 22 May 2012 09:26:44 +0000 Received: from mail218-va3 (localhost [127.0.0.1]) by mail218-va3-R.bigfish.com (Postfix) with ESMTP id 21882100089; Tue, 22 May 2012 09:26:44 +0000 (UTC) X-Forefront-Antispam-Report: CIP:157.55.224.141; KIP:(null); UIP:(null); IPV:NLI; H:DB3PRD0702HT011.eurprd07.prod.outlook.com; RD:none; EFVD:NLI X-SpamScore: -30 X-BigFish: PS-30(zz9371I148cI542M1432N1418Izz1202hzz8275ch1033IL8275dhz2dh2a8h5a9h668h839hd24hf0ah304l) Received: from mail218-va3 (localhost.localdomain [127.0.0.1]) by mail218-va3 (MessageSwitch) id 133767880124023_13974; Tue, 22 May 2012 09:26:41 +0000 (UTC) Received: from VA3EHSMHS005.bigfish.com (unknown [10.7.14.241]) by mail218-va3.bigfish.com (Postfix) with ESMTP id 03E2B140045; Tue, 22 May 2012 09:26:41 +0000 (UTC) Received: from DB3PRD0702HT011.eurprd07.prod.outlook.com (157.55.224.141) by VA3EHSMHS005.bigfish.com (10.7.99.15) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 22 May 2012 09:26:40 +0000 Received: from BL2PRD0410HT002.namprd04.prod.outlook.com (157.56.240.85) by pod51017.outlook.com (10.3.48.170) with Microsoft SMTP Server (TLS) id 14.15.74.2; Tue, 22 May 2012 09:26:44 +0000 Message-ID: <016b01cd37fc$9e125420$4001a8c0@gateway.2wire.net> From: t.petch To: Ronald Bonica , , References: <13205C286662DE4387D9AF3AC30EF456D76BA8836D@EMBX01-WF.jnpr.net> Date: Tue, 22 May 2012 10:23:46 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Originating-IP: [157.56.240.85] X-FOPE-CRA-Verdict: 157.55.224.141$juniper.net%12218%2%btconnect.com%True%True%0$ X-OriginatorOrg: btconnect.com X-Mailman-Approved-At: Sat, 26 May 2012 07:20:19 -0700 Subject: Re: [OPSEC] [GROW] draft-ietf-grow-private-ip-sp-cores X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2012 09:26:59 -0000 ----- Original Message ----- From: "Ronald Bonica" To: ; Sent: Thursday, May 17, 2012 5:11 PM > Folks, > > Thanks for introducing this document! > > I would like to bring the authors' attention to the following documents that are working in OPSEC: > > - draft-behringer-lla-only > - draft-baker-opsec-passive-ip-address > > To some extent, draft-grow and draft-behringer are debating with one another. While draft-baker is not directly involved in the debate, it is not uninvolved, either. It is a shame that the three documents are being considered in different WGs. I think it a bigger shame that draft-ietf-grow-private-ip-sp-cores is not in the RFC Editor queue awaiting publication! It is a natural companion to RFC6598 and could have, should have, been in the queue at the same time. This I-D was relevant when it was first written 2 years ago, and I see its relevance decreasing with time, as people stumble over the mistakes that this I-D could have prevented. It has taken those 2 years to get this I-D IETF-ready, little has changed in the content in that time, and it is time we got it out of the door. Of course there is scope for improvement, there always is, but that is an argument for never publishing anything. If the authors of the other I-Ds want to build on it, then of course they can produce a bis that covers more, but let's publish what we have got. Tom Petch > > For the purpose of discussing these three documents, I think that a little cross-posting is acceptable. > > -------------------------- > Ron Bonica > vcard: www.bonica.org/ron/ronbonica.vcf > > > _______________________________________________ > GROW mailing list > GROW@ietf.org > https://www.ietf.org/mailman/listinfo/grow > From warren@kumari.net Thu May 31 06:42:28 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D062B21F8666 for ; Thu, 31 May 2012 06:42:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -105.73 X-Spam-Level: X-Spam-Status: No, score=-105.73 tagged_above=-999 required=5 tests=[AWL=-0.619, BAYES_05=-1.11, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMLX9oyyNotT for ; Thu, 31 May 2012 06:42:28 -0700 (PDT) Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by ietfa.amsl.com (Postfix) with ESMTP id 131A521F842B for ; Thu, 31 May 2012 06:42:28 -0700 (PDT) Received: from [192.168.0.12] (unknown [64.13.52.115]) by vimes.kumari.net (Postfix) with ESMTPSA id 7228D1B40819; Thu, 31 May 2012 09:42:27 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=windows-1252 From: Warren Kumari In-Reply-To: <55C66AF5-F84F-44BF-9972-8725244F3302@kumari.net> Date: Thu, 31 May 2012 09:42:24 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <55C66AF5-F84F-44BF-9972-8725244F3302@kumari.net> To: opsec@ietf.org X-Mailer: Apple Mail (2.1278) Cc: Warren Kumari Subject: Re: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2012 13:42:29 -0000 Dear Working Group, We are now halfway through the call for adoption on this draft -- please = take a moment to read and comment on if you support the adoption of this = draft=85 W On May 24, 2012, at 11:58 AM, Warren Kumari wrote: > Dear Working Group, >=20 > This is to start a two week poll to adopt > draft-gont-opsec-ip-options-filtering ( helpful link: = http://tools.ietf.org/html/draft-gont-opsec-ip-options-filtering-04) > as an OpSec Working Group draft. >=20 > Please send your comments to the OpSec list (opsec@ietf.org). >=20 > This adoption call closes on June 7th, 2012. >=20 > (This document was discussed in the Paris meeting, and not enough = people had read the document to be able to predict consensus. Please = take a moment (or 5) to read and comment. I should mention that Memorial = Day is coming up in the US soon -- there is nothing quite so enjoyable = as reading drafts on the beach -- try it!) >=20 > W >=20 > --=20 > With Feudalism, it's your Count that votes. >=20 >=20 > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec >=20 From john@jlc.net Thu May 31 11:11:38 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 360EA21F8628 for ; Thu, 31 May 2012 11:11:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.499 X-Spam-Level: X-Spam-Status: No, score=-106.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BSI6WqjQu0qe for ; Thu, 31 May 2012 11:11:36 -0700 (PDT) Received: from mailhost.jlc.net (mailhost.jlc.net [199.201.159.4]) by ietfa.amsl.com (Postfix) with ESMTP id 51CFD21F84F0 for ; Thu, 31 May 2012 11:11:36 -0700 (PDT) Received: by mailhost.jlc.net (Postfix, from userid 104) id 3CF7D33C20; Thu, 31 May 2012 14:11:36 -0400 (EDT) Date: Thu, 31 May 2012 14:11:36 -0400 From: John Leslie To: Warren Kumari Message-ID: <20120531181136.GB93700@verdi> References: <55C66AF5-F84F-44BF-9972-8725244F3302@kumari.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i Cc: opsec@ietf.org Subject: Re: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2012 18:11:38 -0000 Warren Kumari wrote: > > We are now halfway through the call for adoption on this draft -- > please take a moment to read and comment on if you support the adoption > of this draft? I have read it; and I am less than enthusiastic about adopting it. Fernando recommends dropping a lot of optioned packets, many of which I see no particular reason to drop -- the security issues seem minor. If we adopt it, I suppose we'll have to argue all those -- I'd rather pass... -- John Leslie From fernando.gont.netbook.win@gmail.com Thu May 31 11:46:24 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4025F21F86DB for ; Thu, 31 May 2012 11:46:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qm4VMMVxq8Jz for ; Thu, 31 May 2012 11:46:23 -0700 (PDT) Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 4D63821F86E0 for ; Thu, 31 May 2012 11:46:23 -0700 (PDT) Received: by yhq56 with SMTP id 56so1118081yhq.31 for ; Thu, 31 May 2012 11:46:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=yjOxlyltsmH60KklomfOed4HUTf1ZiO4109Neh/cEh8=; b=O7tZRomF16JVKlL1VoTyN2EiJhGfkHOAOlPzfd77Q48wrB+NkAc627IalIDSj4NwAl wMISPGpUWtPz8qiJRQ1N0ZcBv10HwTr53s/s/WYLADiulNGiYUvv5wtPe+IRdRrA4rI0 xxNG98hzSZbE9Yk/GVJY6wv7Ai3c3P7pA4vvBg8k7H37NhCO1y84sh9+bHLgvSkNGh+u tVihs+GEMdq7gUxZioQ+n4CpEd56884hpFDVpznKaDZz3yDY57u+1dWjmNmkj3pGKdMO aSx2ojunVA6/HVj+f/slhuqmPsgcEJ2CKAGExJifdOC0xKKpgHkh0f3rnRE+SlRdKFLm 0I5w== Received: by 10.236.177.35 with SMTP id c23mr3299821yhm.26.1338489982898; Thu, 31 May 2012 11:46:22 -0700 (PDT) Received: from [192.168.0.212] (61-128-17-190.fibertel.com.ar. [190.17.128.61]) by mx.google.com with ESMTPS id b8sm5659082anm.4.2012.05.31.11.46.02 (version=SSLv3 cipher=OTHER); Thu, 31 May 2012 11:46:21 -0700 (PDT) Sender: Fernando Gont Message-ID: <4FC7BC53.40102@gont.com.ar> Date: Thu, 31 May 2012 15:45:39 -0300 From: Fernando Gont User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 MIME-Version: 1.0 To: John Leslie References: <55C66AF5-F84F-44BF-9972-8725244F3302@kumari.net> <20120531181136.GB93700@verdi> In-Reply-To: <20120531181136.GB93700@verdi> X-Enigmail-Version: 1.5pre Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: opsec@ietf.org, Warren Kumari Subject: Re: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2012 18:46:24 -0000 On 05/31/2012 03:11 PM, John Leslie wrote: > Fernando recommends dropping a lot of optioned packets, many of which > I see no particular reason to drop -- the security issues seem minor. Could you please list a few of such? We've been very careful in not recommending dropping packets for which there's a use case, and just recommended those that have been obsoleted. Therefore, your comment kind of comes as a surprise... (but some have been recommended to be dropped in error, we'd be happy to fix the document). Thanks, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From dave@juniper.net Thu May 31 12:06:00 2012 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8829C21F8771 for ; Thu, 31 May 2012 12:06:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.999 X-Spam-Level: X-Spam-Status: No, score=-5.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67JXEzm5Iq77 for ; Thu, 31 May 2012 12:06:00 -0700 (PDT) Received: from exprod7og113.obsmtp.com (exprod7og113.obsmtp.com [64.18.2.179]) by ietfa.amsl.com (Postfix) with ESMTP id B4B6621F876F for ; Thu, 31 May 2012 12:05:59 -0700 (PDT) Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob113.postini.com ([64.18.6.12]) with SMTP ID DSNKT8fBFi3k9tZZhxjbCUxnMutlX7MJAM1B@postini.com; Thu, 31 May 2012 12:05:59 PDT Received: from p-emfe01-wf.jnpr.net (172.28.145.24) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 31 May 2012 12:04:37 -0700 Received: from [172.28.34.200] (172.28.34.200) by p-emfe01-wf.jnpr.net (172.28.145.24) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 31 May 2012 15:04:36 -0400 Message-ID: <4FC7C0C2.9080708@juniper.net> Date: Thu, 31 May 2012 15:04:34 -0400 From: Dave Dugal Organization: Juniper Networks, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: Warren Kumari References: <55C66AF5-F84F-44BF-9972-8725244F3302@kumari.net> In-Reply-To: X-Enigmail-Version: 1.4.1 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 8bit Cc: "opsec@ietf.org" Subject: Re: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2012 19:06:00 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Warren. I have also read Fernando's draft and do see the value and benefit of proposing a more granular approach to IP options filtering. Many times, the only mitigation for a particular attack or issue is to drop all optioned packets, which depending on configuration and topology can do more harm than good. BCP'ing a more finely granular approach is not without merit. Should we adopt this draft, I do agree with previous comments that perhaps more fine-tuning of recommended options, tradeoffs and caveats is warranted, but that discussion can continue within the WG. I support the adoption of this draft as an OPSEC working group document. - --- Dave Dugal Sr. Product Security Incident Wrangler On 5/31/2012 9:42 AM, Warren Kumari proclaimed ... > Dear Working Group, > > We are now halfway through the call for adoption on this draft -- > please take a moment to read and comment on if you support the > adoption of this draft… > > W On May 24, 2012, at 11:58 AM, Warren Kumari wrote: > >> Dear Working Group, >> >> This is to start a two week poll to adopt >> draft-gont-opsec-ip-options-filtering ( helpful link: >> http://tools.ietf.org/html/draft-gont-opsec-ip-options-filtering-04) >> >> as an OpSec Working Group draft. >> >> Please send your comments to the OpSec list (opsec@ietf.org). >> >> This adoption call closes on June 7th, 2012. >> >> (This document was discussed in the Paris meeting, and not enough >> people had read the document to be able to predict consensus. >> Please take a moment (or 5) to read and comment. I should mention >> that Memorial Day is coming up in the US soon -- there is nothing >> quite so enjoyable as reading drafts on the beach -- try it!) >> >> W >> >> -- With Feudalism, it's your Count that votes. >> >> >> _______________________________________________ OPSEC mailing >> list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec >> > > _______________________________________________ OPSEC mailing list > OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (MingW32) iEYEARECAAYFAk/HwMIACgkQh59lzatuAqXiuwCgtXDacC7wSx0gtdfC41JRXcJN 03MAoPf9m5FVlWOrHlOJzsPrRI117UqR =lEqG -----END PGP SIGNATURE-----