From Fred.L.Templin@boeing.com Fri Mar 1 08:15:38 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36C1921F9148 for ; Fri, 1 Mar 2013 08:15:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.504 X-Spam-Level: X-Spam-Status: No, score=-2.504 tagged_above=-999 required=5 tests=[AWL=0.095, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XAd-2OAP6ZWZ for ; Fri, 1 Mar 2013 08:15:37 -0800 (PST) Received: from slb-mbsout-02.boeing.com (slb-mbsout-02.boeing.com [130.76.64.129]) by ietfa.amsl.com (Postfix) with ESMTP id 252F421F913F for ; Fri, 1 Mar 2013 08:15:36 -0800 (PST) Received: from slb-mbsout-02.boeing.com (localhost.localdomain [127.0.0.1]) by slb-mbsout-02.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id r21GFZ54003845 for ; Fri, 1 Mar 2013 08:15:35 -0800 Received: from XCH-NWHT-11.nw.nos.boeing.com (xch-nwht-11.nw.nos.boeing.com [130.247.25.114]) by slb-mbsout-02.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id r21GFXvg003836 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Fri, 1 Mar 2013 08:15:34 -0800 Received: from XCH-PHX-413.sw.nos.boeing.com (10.57.37.45) by XCH-NWHT-11.nw.nos.boeing.com (130.247.25.114) with Microsoft SMTP Server (TLS) id 8.3.297.1; Fri, 1 Mar 2013 08:15:34 -0800 Received: from XCH-BLV-504.nw.nos.boeing.com ([169.254.4.245]) by XCH-PHX-413.sw.nos.boeing.com ([169.254.13.119]) with mapi id 14.02.0328.011; Fri, 1 Mar 2013 08:15:34 -0800 From: "Templin, Fred L" To: Fernando Gont Thread-Topic: [OPSEC] comment on 'draft-ietf-opsec-ipv6-implications-on-ipv4-nets' Thread-Index: Ac4VGLawnms/XfNvRyuAsQEKPKG3yQBZVngAAAYI8AA= Date: Fri, 1 Mar 2013 16:15:32 +0000 Message-ID: <2134F8430051B64F815C691A62D98318015445@XCH-BLV-504.nw.nos.boeing.com> References: <2134F8430051B64F815C691A62D9831801380F@XCH-BLV-504.nw.nos.boeing.com> <51303822.50108@si6networks.com> In-Reply-To: <51303822.50108@si6networks.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [130.247.104.6] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-TM-AS-MML: No Cc: "opsec@ietf.org" Subject: Re: [OPSEC] comment on 'draft-ietf-opsec-ipv6-implications-on-ipv4-nets' X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Mar 2013 16:15:38 -0000 Hi Fernando, > -----Original Message----- > From: Fernando Gont [mailto:fgont@si6networks.com] > Sent: Thursday, February 28, 2013 9:10 PM > To: Templin, Fred L > Cc: opsec@ietf.org > Subject: Re: [OPSEC] comment on 'draft-ietf-opsec-ipv6-implications-on- > ipv4-nets' >=20 > Hi, Fred, >=20 > On 02/27/2013 03:31 PM, Templin, Fred L wrote: > > > > "As a result, blocking ISATAP by preventing hosts from > > successfully performing name resolution for the > > aforementioned names and/or by filtering packets with > > specific IPv4 destination addresses is both difficult > > and undesirable." > > > > I would like to understand this better. In particular, the > > ISATAP service is by design disabled by disabling name > > resolution for the name "isatap.domainname" and/or by > > disabling the ISATAP router advertisement service. Can > > you say why this would be difficult and undesirable? >=20 > Preventing name resolution is virtually impossible, since Windows nodes > not only try to perform such resolution with DNS, but also with LLMNR. > In order to block the latter, you should be able to achieve such > filtering at layer 2 -- and that would be a bit onerous (not to mention > how difficult that would be if fragmentation is employed). Nodes that send RAs in response to LLMNR queries for ISATAP when they shouldn't are rogue IPv6 "routers" that have somehow gained access to what should be a protected link. The concern is no different than for any rogue IPv6 router that gains access to an ordinary link. In the case of ISATAP, the router can be located by its IPv4 address. For ordinary routers, the router can be located by its MAC address. The mitigations for the attack profile are the same in either case. Thanks - Fred fred.l.templin@boeing.com > Since you never know what the isata domain names may resolve to, it's > essentially impossible to block isatap packets based on a specific > destination address (you'd need to know such address in advance in order > to create the ACL). >=20 > Please do let me know if this clarification has been of any help. >=20 > Thanks, > -- > Fernando Gont > SI6 Networks > e-mail: fgont@si6networks.com > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 >=20 >=20 >=20 From simoneng@outlook.com Mon Mar 4 02:30:15 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB82321F8922 for ; Mon, 4 Mar 2013 02:30:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.845 X-Spam-Level: X-Spam-Status: No, score=-0.845 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_BASE64_TEXT=1.753] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hn2uUABTWOlh for ; Mon, 4 Mar 2013 02:30:15 -0800 (PST) Received: from bay0-omc2-s17.bay0.hotmail.com (bay0-omc2-s17.bay0.hotmail.com [65.54.190.92]) by ietfa.amsl.com (Postfix) with ESMTP id 3ECC621F88F0 for ; Mon, 4 Mar 2013 02:30:15 -0800 (PST) Received: from BAY176-W6 ([65.54.190.125]) by bay0-omc2-s17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 4 Mar 2013 02:30:14 -0800 X-EIP: [R3t4Un6rBjgSi0czwApk2zPva8cmkysI] X-Originating-Email: [simoneng@outlook.com] Message-ID: Content-Type: multipart/alternative; boundary="_873f0e18-1aac-4e7f-a8b2-da8dbb044b0d_" From: Simon Eng Sender: To: "opsec@ietf.org" Date: Mon, 4 Mar 2013 18:30:14 +0800 Importance: Normal In-Reply-To: <20130225063651.2962.82837.idtracker@ietfa.amsl.com> References: <20130225063651.2962.82837.idtracker@ietfa.amsl.com> MIME-Version: 1.0 X-OriginalArrivalTime: 04 Mar 2013 10:30:14.0840 (UTC) FILETIME=[422F2B80:01CE18C3] Subject: [OPSEC] FW: I-D Action: draft-ietf-opsec-v6-02.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2013 01:42:57 -0000 --_873f0e18-1aac-4e7f-a8b2-da8dbb044b0d_ Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 SGksDQpNYXkgSSBzdWdnZXN0IHNvbWUgZGlzY3Vzc2lvbiBvbiBJUHY2IGNvbnNpZGVyYXRpb24g Zm9yIGFwcGxpY2F0aW9ucyBhbmQgT1MgdG9vPyAgRm9yIGV4YW1wbGUsIHdoYXQgYXJlIHRoZSBj b25zaWRlcmF0aW9ucyB0byBjaGFuZ2UgcHJpb3JpdHkgb2YgdXNpbmcgSVB2NiBhbmQgd2hldGhl ciB3ZSBzaG91bGQgZGlzYWJsZSBETlMgQUFBQSBsb29rIHVwIGluIGJyb3dzZXJzPw0KUmVnYXJk cy4NClNpbW9uDQoNCj4gRnJvbTogaW50ZXJuZXQtZHJhZnRzQGlldGYub3JnDQo+IFRvOiBpLWQt YW5ub3VuY2VAaWV0Zi5vcmcNCj4gRGF0ZTogU3VuLCAyNCBGZWIgMjAxMyAyMjozNjo1MSAtMDgw MA0KPiBDQzogb3BzZWNAaWV0Zi5vcmcNCj4gU3ViamVjdDogW09QU0VDXSBJLUQgQWN0aW9uOiBk cmFmdC1pZXRmLW9wc2VjLXY2LTAyLnR4dA0KPiANCj4gDQo+IEEgTmV3IEludGVybmV0LURyYWZ0 IGlzIGF2YWlsYWJsZSBmcm9tIHRoZSBvbi1saW5lIEludGVybmV0LURyYWZ0cyBkaXJlY3Rvcmll cy4NCj4gIFRoaXMgZHJhZnQgaXMgYSB3b3JrIGl0ZW0gb2YgdGhlIE9wZXJhdGlvbmFsIFNlY3Vy aXR5IENhcGFiaWxpdGllcyBmb3IgSVAgTmV0d29yayBJbmZyYXN0cnVjdHVyZSBXb3JraW5nIEdy b3VwIG9mIHRoZSBJRVRGLg0KPiANCj4gCVRpdGxlICAgICAgICAgICA6IE9wZXJhdGlvbmFsIFNl Y3VyaXR5IENvbnNpZGVyYXRpb25zIGZvciBJUHY2IE5ldHdvcmtzDQo+IAlBdXRob3IocykgICAg ICAgOiBLaXJhbiBLdW1hciBDaGl0dGltYW5lbmkNCj4gICAgICAgICAgICAgICAgICAgICAgICAg ICBNZXJpa2UgS2Flbw0KPiAgICAgICAgICAgICAgICAgICAgICAgICAgIEVyaWMgVnluY2tlDQo+ IAlGaWxlbmFtZSAgICAgICAgOiBkcmFmdC1pZXRmLW9wc2VjLXY2LTAyLnR4dA0KPiAJUGFnZXMg ICAgICAgICAgIDogNDANCj4gCURhdGUgICAgICAgICAgICA6IDIwMTMtMDItMjQNCj4gDQo+IEFi c3RyYWN0Og0KPiAgICBLbm93bGVkZ2UgYW5kIGV4cGVyaWVuY2Ugb24gaG93IHRvIG9wZXJhdGUg SVB2NCBzZWN1cmVseSBpcw0KPiAgICBhdmFpbGFibGU6IHdoZXRoZXIgaXQgaXMgdGhlIEludGVy bmV0IG9yIGFuIGVudGVycHJpc2UgaW50ZXJuYWwNCj4gICAgbmV0d29yay4gIEhvd2V2ZXIsIElQ djYgcHJlc2VudHMgc29tZSBuZXcgc2VjdXJpdHkgY2hhbGxlbmdlcy4gIFJGQw0KPiAgICA0OTQy IGRlc2NyaWJlcyB0aGUgc2VjdXJpdHkgaXNzdWVzIGluIHRoZSBwcm90b2NvbCBidXQgbmV0d29y aw0KPiAgICBtYW5hZ2VycyBhbHNvIG5lZWQgYSBtb3JlIHByYWN0aWNhbCwgb3BlcmF0aW9ucy1t aW5kZWQgYmVzdCBjb21tb24NCj4gICAgcHJhY3RpY2VzLg0KPiANCj4gICAgVGhpcyBkb2N1bWVu dCBhbmFseXplcyB0aGUgb3BlcmF0aW9uYWwgc2VjdXJpdHkgaXNzdWVzIGluIGFsbCBwbGFjZXMN Cj4gICAgb2YgYSBuZXR3b3JrIChzZXJ2aWNlIHByb3ZpZGVycywgZW50ZXJwcmlzZXMgYW5kIHJl c2lkZW50aWFsIHVzZXJzKQ0KPiAgICBhbmQgcHJvcG9zZXMgdGVjaG5pY2FsIGFuZCBwcm9jZWR1 cmFsIG1pdGlnYXRpb25zIHRlY2huaXF1ZXMuDQo+IA0KPiANCj4gVGhlIElFVEYgZGF0YXRyYWNr ZXIgc3RhdHVzIHBhZ2UgZm9yIHRoaXMgZHJhZnQgaXM6DQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIu aWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtb3BzZWMtdjYNCj4gDQo+IFRoZXJlJ3MgYWxzbyBhIGh0 bWxpemVkIHZlcnNpb24gYXZhaWxhYmxlIGF0Og0KPiBodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRt bC9kcmFmdC1pZXRmLW9wc2VjLXY2LTAyDQo+IA0KPiBBIGRpZmYgZnJvbSB0aGUgcHJldmlvdXMg dmVyc2lvbiBpcyBhdmFpbGFibGUgYXQ6DQo+IGh0dHA6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91 cmwyPWRyYWZ0LWlldGYtb3BzZWMtdjYtMDINCj4gDQo+IA0KPiBJbnRlcm5ldC1EcmFmdHMgYXJl IGFsc28gYXZhaWxhYmxlIGJ5IGFub255bW91cyBGVFAgYXQ6DQo+IGZ0cDovL2Z0cC5pZXRmLm9y Zy9pbnRlcm5ldC1kcmFmdHMvDQo+IA0KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fXw0KPiBPUFNFQyBtYWlsaW5nIGxpc3QNCj4gT1BTRUNAaWV0Zi5vcmcN Cj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9vcHNlYw0KIAkJIAkgICAJ CSAg --_873f0e18-1aac-4e7f-a8b2-da8dbb044b0d_ Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxzdHlsZT48IS0tDQouaG1tZXNzYWdlIFANCnsNCm1hcmdpbjowcHg7 DQpwYWRkaW5nOjBweA0KfQ0KYm9keS5obW1lc3NhZ2UNCnsNCmZvbnQtc2l6ZTogMTJwdDsNCmZv bnQtZmFtaWx5OkNhbGlicmkNCn0NCi0tPjwvc3R5bGU+PC9oZWFkPg0KPGJvZHkgY2xhc3M9J2ht bWVzc2FnZSc+PGRpdiBkaXI9J2x0cic+SGksPGRpdj48YnI+PC9kaXY+PGRpdj5NYXkgSSBzdWdn ZXN0IHNvbWUgZGlzY3Vzc2lvbiBvbiBJUHY2IGNvbnNpZGVyYXRpb24gZm9yIGFwcGxpY2F0aW9u cyBhbmQgT1MgdG9vPyAmbmJzcDtGb3IgZXhhbXBsZSwgd2hhdCBhcmUgdGhlIGNvbnNpZGVyYXRp b25zIHRvIGNoYW5nZSBwcmlvcml0eSBvZiB1c2luZyBJUHY2IGFuZCB3aGV0aGVyIHdlIHNob3Vs ZCBkaXNhYmxlIEROUyBBQUFBIGxvb2sgdXAgaW4gYnJvd3NlcnM/PC9kaXY+PGRpdj48YnI+UmVn YXJkcy48L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2PlNpbW9uPGJyPjxkaXY+PGJyPjxkaXY+PGRp diBpZD0iU2t5RHJpdmVQbGFjZWhvbGRlciI+PC9kaXY+Jmd0OyBGcm9tOiBpbnRlcm5ldC1kcmFm dHNAaWV0Zi5vcmc8YnI+Jmd0OyBUbzogaS1kLWFubm91bmNlQGlldGYub3JnPGJyPiZndDsgRGF0 ZTogU3VuLCAyNCBGZWIgMjAxMyAyMjozNjo1MSAtMDgwMDxicj4mZ3Q7IENDOiBvcHNlY0BpZXRm Lm9yZzxicj4mZ3Q7IFN1YmplY3Q6IFtPUFNFQ10gSS1EIEFjdGlvbjogZHJhZnQtaWV0Zi1vcHNl Yy12Ni0wMi50eHQ8YnI+Jmd0OyA8YnI+Jmd0OyA8YnI+Jmd0OyBBIE5ldyBJbnRlcm5ldC1EcmFm dCBpcyBhdmFpbGFibGUgZnJvbSB0aGUgb24tbGluZSBJbnRlcm5ldC1EcmFmdHMgZGlyZWN0b3Jp ZXMuPGJyPiZndDsgIFRoaXMgZHJhZnQgaXMgYSB3b3JrIGl0ZW0gb2YgdGhlIE9wZXJhdGlvbmFs IFNlY3VyaXR5IENhcGFiaWxpdGllcyBmb3IgSVAgTmV0d29yayBJbmZyYXN0cnVjdHVyZSBXb3Jr aW5nIEdyb3VwIG9mIHRoZSBJRVRGLjxicj4mZ3Q7IDxicj4mZ3Q7IAlUaXRsZSAgICAgICAgICAg OiBPcGVyYXRpb25hbCBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyBmb3IgSVB2NiBOZXR3b3Jrczxi cj4mZ3Q7IAlBdXRob3IocykgICAgICAgOiBLaXJhbiBLdW1hciBDaGl0dGltYW5lbmk8YnI+Jmd0 OyAgICAgICAgICAgICAgICAgICAgICAgICAgIE1lcmlrZSBLYWVvPGJyPiZndDsgICAgICAgICAg ICAgICAgICAgICAgICAgICBFcmljIFZ5bmNrZTxicj4mZ3Q7IAlGaWxlbmFtZSAgICAgICAgOiBk cmFmdC1pZXRmLW9wc2VjLXY2LTAyLnR4dDxicj4mZ3Q7IAlQYWdlcyAgICAgICAgICAgOiA0MDxi cj4mZ3Q7IAlEYXRlICAgICAgICAgICAgOiAyMDEzLTAyLTI0PGJyPiZndDsgPGJyPiZndDsgQWJz dHJhY3Q6PGJyPiZndDsgICAgS25vd2xlZGdlIGFuZCBleHBlcmllbmNlIG9uIGhvdyB0byBvcGVy YXRlIElQdjQgc2VjdXJlbHkgaXM8YnI+Jmd0OyAgICBhdmFpbGFibGU6IHdoZXRoZXIgaXQgaXMg dGhlIEludGVybmV0IG9yIGFuIGVudGVycHJpc2UgaW50ZXJuYWw8YnI+Jmd0OyAgICBuZXR3b3Jr LiAgSG93ZXZlciwgSVB2NiBwcmVzZW50cyBzb21lIG5ldyBzZWN1cml0eSBjaGFsbGVuZ2VzLiAg UkZDPGJyPiZndDsgICAgNDk0MiBkZXNjcmliZXMgdGhlIHNlY3VyaXR5IGlzc3VlcyBpbiB0aGUg cHJvdG9jb2wgYnV0IG5ldHdvcms8YnI+Jmd0OyAgICBtYW5hZ2VycyBhbHNvIG5lZWQgYSBtb3Jl IHByYWN0aWNhbCwgb3BlcmF0aW9ucy1taW5kZWQgYmVzdCBjb21tb248YnI+Jmd0OyAgICBwcmFj dGljZXMuPGJyPiZndDsgPGJyPiZndDsgICAgVGhpcyBkb2N1bWVudCBhbmFseXplcyB0aGUgb3Bl cmF0aW9uYWwgc2VjdXJpdHkgaXNzdWVzIGluIGFsbCBwbGFjZXM8YnI+Jmd0OyAgICBvZiBhIG5l dHdvcmsgKHNlcnZpY2UgcHJvdmlkZXJzLCBlbnRlcnByaXNlcyBhbmQgcmVzaWRlbnRpYWwgdXNl cnMpPGJyPiZndDsgICAgYW5kIHByb3Bvc2VzIHRlY2huaWNhbCBhbmQgcHJvY2VkdXJhbCBtaXRp Z2F0aW9ucyB0ZWNobmlxdWVzLjxicj4mZ3Q7IDxicj4mZ3Q7IDxicj4mZ3Q7IFRoZSBJRVRGIGRh dGF0cmFja2VyIHN0YXR1cyBwYWdlIGZvciB0aGlzIGRyYWZ0IGlzOjxicj4mZ3Q7IGh0dHBzOi8v ZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtb3BzZWMtdjY8YnI+Jmd0OyA8YnI+ Jmd0OyBUaGVyZSdzIGFsc28gYSBodG1saXplZCB2ZXJzaW9uIGF2YWlsYWJsZSBhdDo8YnI+Jmd0 OyBodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLW9wc2VjLXY2LTAyPGJyPiZn dDsgPGJyPiZndDsgQSBkaWZmIGZyb20gdGhlIHByZXZpb3VzIHZlcnNpb24gaXMgYXZhaWxhYmxl IGF0Ojxicj4mZ3Q7IGh0dHA6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0LWlldGYt b3BzZWMtdjYtMDI8YnI+Jmd0OyA8YnI+Jmd0OyA8YnI+Jmd0OyBJbnRlcm5ldC1EcmFmdHMgYXJl IGFsc28gYXZhaWxhYmxlIGJ5IGFub255bW91cyBGVFAgYXQ6PGJyPiZndDsgZnRwOi8vZnRwLmll dGYub3JnL2ludGVybmV0LWRyYWZ0cy88YnI+Jmd0OyA8YnI+Jmd0OyBfX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4mZ3Q7IE9QU0VDIG1haWxpbmcgbGlz dDxicj4mZ3Q7IE9QU0VDQGlldGYub3JnPGJyPiZndDsgaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFp bG1hbi9saXN0aW5mby9vcHNlYzxicj48L2Rpdj48L2Rpdj48L2Rpdj4gCQkgCSAgIAkJICA8L2Rp dj48L2JvZHk+DQo8L2h0bWw+ --_873f0e18-1aac-4e7f-a8b2-da8dbb044b0d_-- From simoneng@outlook.com Mon Mar 4 17:47:05 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D8AC21F86F5 for ; Mon, 4 Mar 2013 17:47:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.722 X-Spam-Level: X-Spam-Status: No, score=-1.722 tagged_above=-999 required=5 tests=[AWL=0.877, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5wdcerHKJ1DN for ; Mon, 4 Mar 2013 17:47:05 -0800 (PST) Received: from bay0-omc2-s10.bay0.hotmail.com (bay0-omc2-s10.bay0.hotmail.com [65.54.190.85]) by ietfa.amsl.com (Postfix) with ESMTP id E49CA21F8628 for ; Mon, 4 Mar 2013 17:47:04 -0800 (PST) Received: from BAY176-W42 ([65.54.190.123]) by bay0-omc2-s10.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 4 Mar 2013 17:47:03 -0800 X-EIP: [PGqpPev0WPMYeE97elUYZEA8/9lGW2Uw] X-Originating-Email: [simoneng@outlook.com] Message-ID: From: Simon Eng Sender: To: "opsec@ietf.org" Date: Tue, 5 Mar 2013 09:47:03 +0800 Importance: Normal In-Reply-To: References: <20130225063651.2962.82837.idtracker@ietfa.amsl.com>, Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 05 Mar 2013 01:47:03.0619 (UTC) FILETIME=[55F8B930:01CE1943] Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-02.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2013 01:47:05 -0000 Hi=2C=0A= =0A= May I suggest some discussion on IPv6 consideration for applications and OS= too? =A0For example=2C what are the considerations to change priority of u= sing IPv6 and whether we should disable DNS AAAA look up in browsers?=0A= =0A= Regards.=0A= =0A= Simon Eng=0A= (simon_sg_eng@nyp.gov.sg)=0A= =0A= > From: internet-drafts@ietf.org=0A= > To: i-d-announce@ietf.org=0A= > Date: Sun=2C 24 Feb 2013 22:36:51 -0800=0A= > CC: opsec@ietf.org=0A= > Subject: [OPSEC] I-D Action: draft-ietf-opsec-v6-02.txt=0A= > =0A= > =0A= > A New Internet-Draft is available from the on-line Internet-Drafts direct= ories.=0A= > This draft is a work item of the Operational Security Capabilities for I= P Network Infrastructure Working Group of the IETF.=0A= > =0A= > Title : Operational Security Considerations for IPv6 Networks= =0A= > Author(s) : Kiran Kumar Chittimaneni=0A= > Merike Kaeo=0A= > Eric Vyncke=0A= > Filename : draft-ietf-opsec-v6-02.txt=0A= > Pages : 40=0A= > Date : 2013-02-24=0A= > =0A= > Abstract:=0A= > Knowledge and experience on how to operate IPv4 securely is=0A= > available: whether it is the Internet or an enterprise internal=0A= > network. However=2C IPv6 presents some new security challenges. RFC= =0A= > 4942 describes the security issues in the protocol but network=0A= > managers also need a more practical=2C operations-minded best common= =0A= > practices.=0A= > =0A= > This document analyzes the operational security issues in all places= =0A= > of a network (service providers=2C enterprises and residential users)= =0A= > and proposes technical and procedural mitigations techniques.=0A= > =0A= > =0A= > The IETF datatracker status page for this draft is:=0A= > https://datatracker.ietf.org/doc/draft-ietf-opsec-v6=0A= > =0A= > There's also a htmlized version available at:=0A= > http://tools.ietf.org/html/draft-ietf-opsec-v6-02=0A= > =0A= > A diff from the previous version is available at:=0A= > http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-opsec-v6-02=0A= > =0A= > =0A= > Internet-Drafts are also available by anonymous FTP at:=0A= > ftp://ftp.ietf.org/internet-drafts/=0A= > =0A= > _______________________________________________=0A= > OPSEC mailing list=0A= > OPSEC@ietf.org=0A= > https://www.ietf.org/mailman/listinfo/opsec = From pkampana@cisco.com Tue Mar 5 20:14:22 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DF5521F84EF for ; Tue, 5 Mar 2013 20:14:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g6vQWT4klDNO for ; Tue, 5 Mar 2013 20:14:21 -0800 (PST) Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) by ietfa.amsl.com (Postfix) with ESMTP id A7C8121F84E7 for ; Tue, 5 Mar 2013 20:14:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1135; q=dns/txt; s=iport; t=1362543261; x=1363752861; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=T8sCuz+Gnmr2AQ9/2TYtUShYw7E+dbCFUUNAT4N1uM8=; b=A/VJVBRiBOjUk9kwlb5NxEN0RephebfUCGSPnuuBPWd947gIpUTPCkV2 VDx7cmjUU7qDqagU/YtqP7uvJ184GdJzFRg+rmzPP8kHOXD0flXcMxBro jS3M1sRQssDKgAp+hSOCvQZXmbPogziCLPlcwlYbcDUzq+TTdnD2RTU/l 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgEFALrBNlGtJV2b/2dsb2JhbABExQ2BdBZzgisBAQEEAQEBGh00FwQCAQgRBAEBCxQJBycLFAkIAgQBEgiICwy7OASOXCYSBoJZYQOnOIMIgic X-IronPort-AV: E=Sophos;i="4.84,791,1355097600"; d="scan'208";a="184216273" Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-7.cisco.com with ESMTP; 06 Mar 2013 04:14:21 +0000 Received: from xhc-rcd-x07.cisco.com (xhc-rcd-x07.cisco.com [173.37.183.81]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id r264ELEo010343 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 6 Mar 2013 04:14:21 GMT Received: from xmb-rcd-x10.cisco.com ([169.254.15.195]) by xhc-rcd-x07.cisco.com ([173.37.183.81]) with mapi id 14.02.0318.004; Tue, 5 Mar 2013 22:14:20 -0600 From: "Panos Kampanakis (pkampana)" To: Warren Kumari , "opsec@ietf.org" , "draft-ietf-opsec-ip-options-filtering@tools.ietf.org" Thread-Topic: [OPSEC] Start of WGLC for draft-ietf-opsec-ip-options-filtering Thread-Index: AQHODghL/L4a5wkw8Uq7XoASpovGsZiYJarg Date: Wed, 6 Mar 2013 04:14:20 +0000 Message-ID: <1C9F17D1873AFA47A969C4DD98F98A7518B207@xmb-rcd-x10.cisco.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.116.63.178] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [OPSEC] Start of WGLC for draft-ietf-opsec-ip-options-filtering X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2013 04:14:22 -0000 My comments from some time ago have been addressed.=20 I support the doc. Panos -----Original Message----- From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf Of W= arren Kumari Sent: Monday, February 18, 2013 1:46 PM To: opsec@ietf.org; draft-ietf-opsec-ip-options-filtering@tools.ietf.org Cc: Warren Kumari Subject: [OPSEC] Start of WGLC for draft-ietf-opsec-ip-options-filtering Dear OpSec WG, This starts a Working Group Last Call for draft-ietf-opsec-ip-options-filte= ring. The draft is available here: https://datatracker.ietf.org/doc/draft-ietf-op= sec-ip-options-filtering/ Please review this draft to see if you think it is ready for publication. Send comments to the list, clearly stating your view. This WGLC ends Mon 04-Mar-2013. Thanks, Warren Kumari (as OpSec WG co-chair) -- "Real children don't go hoppity-skip unless they are on drugs." -- Susan, the ultimate sensible governess (Terry Pratchett, Hogfather) _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec From radarbha@cisco.com Wed Mar 6 19:11:01 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3AF921F84F7 for ; Wed, 6 Mar 2013 19:11:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pQm2-TGAM5PX for ; Wed, 6 Mar 2013 19:11:00 -0800 (PST) Received: from av-tac-rtp.cisco.com (av-tac-rtp.cisco.com [64.102.19.209]) by ietfa.amsl.com (Postfix) with ESMTP id 227F321F84D8 for ; Wed, 6 Mar 2013 19:11:00 -0800 (PST) X-TACSUNS: Virus Scanned Received: from rooster.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r273AwSt009067 for ; Wed, 6 Mar 2013 22:10:58 -0500 (EST) Received: from [10.116.50.244] (rtp-radarbha-8713.cisco.com [10.116.50.244]) by rooster.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r273Aq2X015565 for ; Wed, 6 Mar 2013 22:10:53 -0500 (EST) Message-ID: <5138053C.9060407@cisco.com> Date: Wed, 06 Mar 2013 22:10:52 -0500 From: Rama Darbha User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130216 Thunderbird/17.0.3 MIME-Version: 1.0 To: opsec@ietf.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [OPSEC] Start of WGLC for draft-ietf-opsec-ip-options-filtering X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Mar 2013 03:11:01 -0000 This document looks good, and given Panos's and Donald's feedback it looks good to publish. - Rama On 2/18/13 1:46 PM, Warren Kumari wrote: > Dear OpSec WG, > > This starts a Working Group Last Call for draft-ietf-opsec-ip-options-filtering. > > The draft is available here: https://datatracker.ietf.org/doc/draft-ietf-opsec-ip-options-filtering/ > > Please review this draft to see if you think it is ready for publication. > > Send comments to the list, clearly stating your view. > > This WGLC ends Mon 04-Mar-2013. > > Thanks, > Warren Kumari > (as OpSec WG co-chair) > > > -- > "Real children don't go hoppity-skip unless they are on drugs." > > -- Susan, the ultimate sensible governess (Terry Pratchett, Hogfather) > > > > > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > -- Rama Darbha, CCIE #28006 919-574-5071 radarbha@cisco.com Cisco TAC - Security Solutions RTP, NC, USA Hours: 8h30 - 17h00 (EST) http://www.cisco.com/tac From fcalabri@cisco.com Thu Mar 7 07:37:23 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C7B021F8C98 for ; Thu, 7 Mar 2013 07:37:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FyIeK1lXn+0K for ; Thu, 7 Mar 2013 07:37:22 -0800 (PST) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id 5938221F8D14 for ; Thu, 7 Mar 2013 07:37:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=773; q=dns/txt; s=iport; t=1362670642; x=1363880242; h=from:to:subject:date:message-id:in-reply-to:content-id: content-transfer-encoding:mime-version; bh=PGJx66UlHISeY30hstUz13WmNfPpixb/oQdVkYF2/rs=; b=JLLHVta80hAGk3pIDFMwvrbZzNl/vbcnHtqV9/rPT5dG5f4ZF7MD9kag 9oL9wY2tTST/wYN+xxtPYFP311WzySFnw2GCo6bFs+g5QsQZP7QGiFA2Q SwIpLXDL0sihurhAA+So2N49j7A0AjavT/Zzpl32XrFIaz/gNX4jQfXpd w=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AlkFAMOxOFGtJV2Y/2dsb2JhbABDh2K8ZoFhFnOCLgEEHR1RAQgiFEIlAgQBEgiICwy6awSOWziCX2EDpzyDCYIn X-IronPort-AV: E=Sophos;i="4.84,803,1355097600"; d="scan'208";a="181891011" Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-9.cisco.com with ESMTP; 07 Mar 2013 15:37:21 +0000 Received: from xhc-aln-x11.cisco.com (xhc-aln-x11.cisco.com [173.36.12.85]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id r27FbLc1002443 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 7 Mar 2013 15:37:21 GMT Received: from xmb-aln-x03.cisco.com ([169.254.6.8]) by xhc-aln-x11.cisco.com ([173.36.12.85]) with mapi id 14.02.0318.004; Thu, 7 Mar 2013 09:37:21 -0600 From: "Fernando Calabria (fcalabri)" To: Warren Kumari , "opsec@ietf.org" , "draft-ietf-opsec-ip-options-filtering@tools.ietf.org" Thread-Topic: Start of WGLC for draft-ietf-opsec-ip-options-filtering Thread-Index: AQHOG0movz8tZqpWHEmEAxlf+exgww== Date: Thu, 7 Mar 2013 15:37:20 +0000 Message-ID: <0C48A5C715C20C4D8F94B6E3268CB21BD172B5@xmb-aln-x03.cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.1.130117 x-originating-ip: [10.150.54.21] Content-Type: text/plain; charset="us-ascii" Content-ID: <22E44E61AF8E12408BDC54CFF4881CEC@cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 07 Mar 2013 09:59:21 -0800 Subject: Re: [OPSEC] Start of WGLC for draft-ietf-opsec-ip-options-filtering X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Mar 2013 15:37:23 -0000 IMHO , this work is ready for publication + support=20 Rgds=20 Fernando=20 On 2/18/13 1:46 PM, "Warren Kumari" wrote: >Dear OpSec WG, > >This starts a Working Group Last Call for >draft-ietf-opsec-ip-options-filtering. > >The draft is available here: >https://datatracker.ietf.org/doc/draft-ietf-opsec-ip-options-filtering/ > >Please review this draft to see if you think it is ready for publication. > >Send comments to the list, clearly stating your view. > >This WGLC ends Mon 04-Mar-2013. > >Thanks, >Warren Kumari >(as OpSec WG co-chair) > > >-- >"Real children don't go hoppity-skip unless they are on drugs." > > -- Susan, the ultimate sensible governess (Terry Pratchett, Hogfather) > > > > > From kkumar@google.com Tue Mar 12 10:10:02 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A5FB21F8B75 for ; Tue, 12 Mar 2013 10:10:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.976 X-Spam-Level: X-Spam-Status: No, score=-102.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fWm-22zSLQCE for ; Tue, 12 Mar 2013 10:10:01 -0700 (PDT) Received: from mail-qa0-f42.google.com (mail-qa0-f42.google.com [209.85.216.42]) by ietfa.amsl.com (Postfix) with ESMTP id 8245721F8B74 for ; Tue, 12 Mar 2013 10:10:01 -0700 (PDT) Received: by mail-qa0-f42.google.com with SMTP id cr7so1724550qab.15 for ; Tue, 12 Mar 2013 10:10:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:from:date:message-id:subject:to :content-type; bh=f6TrDm3Q1T6o3JcvhE5I1ch3psEWXIwqOWhUUacrZ5k=; b=e7y0vkSdUVY7Us7GAVqBJlUwaM/I07Ud/hg1XdGICvN5klj+aIAz8nnEV956pKiCez yGid8eVzWEb0MJc5utw5ivn2TMvPpNQLO2ke5crVh1WKAKrT3d5QLVdhuZflgnnaozYY 74fxjG8fdntGkVGpszKlQjnhWqFgIb8H8d/pMn9o19KoFNhPYhXhx5m30AE2fYZcmKd9 KS7/tt3J8Vt6S54MtF4Bk+2dh3Nyfh1bqouBE+Duzwd/RDxf6FGDBUkYmGnwee0GOS2y tSvwFu2IJrfZsPtkbF7AKY0WQfqDzDHJy9KvVUPKZ2FZ7c9ZTDtdSKh8O5hfuXbyJJWG ztZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:from:date:message-id:subject:to :content-type:x-gm-message-state; bh=f6TrDm3Q1T6o3JcvhE5I1ch3psEWXIwqOWhUUacrZ5k=; b=B6qpfFfnV6xa83R3cZVmXleRnENo3/VeM2CVNCDW9+P5B6HHXHBibGexbt6Z76mPeF Zqi2HGHMxrfhYxHkoVdKnBWLzmoaSxzYyi6iXQFBOPFTrzXUD+1bMXC7F1AsLIVfmNTU 2QCSqW+1odMqb/vuNxeSMP9CwFI0a+6OoZa1jEaWjYQAbzmxI2E4ehXXROQhoay1Y+Ry Rjel5iDQT4pqYy4iTC5yRitQlCL3nFahsucYUw2yC+BY6hu5TJcIE0AA/eSg5iQb0GGG 9t/MoRovSF1e5JHGN0NeQA1bUYcVvHEdgbh7ekOC2wWfDe8gjENVIT3Pp56o9fG8UsRX Wg7Q== X-Received: by 10.224.219.69 with SMTP id ht5mr139483qab.88.1363108200920; Tue, 12 Mar 2013 10:10:00 -0700 (PDT) MIME-Version: 1.0 Received: by 10.49.83.233 with HTTP; Tue, 12 Mar 2013 10:09:39 -0700 (PDT) From: KK Date: Tue, 12 Mar 2013 10:09:39 -0700 Message-ID: To: "opsec@ietf.org" Content-Type: multipart/alternative; boundary=20cf3010ed891b52ab04d7bd5c50 X-Gm-Message-State: ALoCoQkcIk0yodqaozAu4XtyTvfWeeHBfcQ4id/v1IMiTuP+AmXyRP6Uz0P7bvihsd3RhS8KF1msHyFuBHs8PKuy5yIcXJBJEYtY+PECHxtCazkQwf+rPBI5jLORGI4r6wKmyWdbsNQk4gSXaxy3oXWbLfsy0psb7hD6IIkU/zASpFtjPTBZsVKrHbLDjBgLYzJGDVSlfNYW Subject: [OPSEC] Volunteer for taking Minutes X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 17:10:02 -0000 --20cf3010ed891b52ab04d7bd5c50 Content-Type: text/plain; charset=ISO-8859-1 Hey Folks, The co-chairs would love to get a volunteer who could take meeting minutes on Thursday. The meeting agenda has been posted at http://datatracker.ietf.org/meeting/86/agenda/opsec/ We don't anticipate needing more than an hour to go over the topics on the agenda. Thanks, KK, Gunter, Warren --20cf3010ed891b52ab04d7bd5c50 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hey Folks,

The co-chairs would love to = get a volunteer who could take meeting minutes on Thursday.

<= /div>
The meeting agenda has been posted at=A0http://datatracke= r.ietf.org/meeting/86/agenda/opsec/

We don't anticipate needing more than an hour to go= over the topics on the agenda.

Thanks,
KK, Gunter, Warren

--20cf3010ed891b52ab04d7bd5c50-- From fgont@si6networks.com Tue Mar 12 12:53:19 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52A4911E8184 for ; Tue, 12 Mar 2013 12:53:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xirCA64WfG3K for ; Tue, 12 Mar 2013 12:53:18 -0700 (PDT) Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id 1070A11E80F2 for ; Tue, 12 Mar 2013 12:53:17 -0700 (PDT) Received: from [2001:df8:0:16:8c4d:b71c:40fb:5eef] by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1UFVG6-0001CO-E0; Tue, 12 Mar 2013 20:53:14 +0100 Message-ID: <513F87A3.4030008@si6networks.com> Date: Tue, 12 Mar 2013 15:53:07 -0400 From: Fernando Gont User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130221 Thunderbird/17.0.3 MIME-Version: 1.0 To: KK References: In-Reply-To: X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "opsec@ietf.org" Subject: Re: [OPSEC] Volunteer for taking Minutes X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 19:53:19 -0000 On 03/12/2013 01:09 PM, KK wrote: > > The co-chairs would love to get a volunteer who could take meeting > minutes on Thursday. > > The meeting agenda has been posted > at http://datatracker.ietf.org/meeting/86/agenda/opsec/ > > We don't anticipate needing more than an hour to go over the topics on > the agenda. I could help with that. -- I'll be doing a presentation, but I could listen to the recordings afterwards to cover that -- I'll probably have to do that, anyway Please do let me know if that'd be of help. Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 From ietf@meetecho.com Wed Mar 13 16:33:33 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DBAA11E8135 for ; Wed, 13 Mar 2013 16:33:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.516 X-Spam-Level: X-Spam-Status: No, score=-0.516 tagged_above=-999 required=5 tests=[AWL=-0.103, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_IT=0.635, RDNS_NONE=0.1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id im0z5tE4QG5u for ; Wed, 13 Mar 2013 16:33:33 -0700 (PDT) Received: from smtpdg8.aruba.it (unknown [62.149.158.226]) by ietfa.amsl.com (Postfix) with ESMTP id BCD2611E810D for ; Wed, 13 Mar 2013 16:33:32 -0700 (PDT) Received: from dell-tcastaldi ([130.129.16.136]) by smtpcmd03.ad.aruba.it with bizsmtp id BBZU1l00M2w8SR601BZWN4; Thu, 14 Mar 2013 00:33:30 +0100 Date: Wed, 13 Mar 2013 19:33:26 -0400 (EDT) From: Meetecho Team To: opsec@ietf.org Message-ID: <2884607.25.1363217606166.JavaMail.tcastaldi@dell-tcastaldi> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_24_7958044.1363217606164" Subject: [OPSEC] Meetecho support for OPSEC session X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Mar 2013 23:33:33 -0000 ------=_Part_24_7958044.1363217606164 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Dear all, a virtual room has been reserved on the Meetecho system for the OPSEC WG meeting session. Access to the on-line session (including audio and video streams) will be made available (just a couple of minutes before session start time) at: http://www.meetecho.com/ietf86/opsec The Meetecho session automatically logs you into the standard IETF jabber room. So, from there, you can have an integrated experience involving all media and allowing you to interact with the room. A tutorial of interactivity features of the tool can be found at: http://www.meetecho.com/ietf86 Cheers, the Meetecho Team This email has been automatically generated by The Meetecho Conferencing System ------=_Part_24_7958044.1363217606164-- From warren@kumari.net Thu Mar 14 12:54:36 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C43F11E821B for ; Thu, 14 Mar 2013 12:54:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fiR3rB78Py+W for ; Thu, 14 Mar 2013 12:54:34 -0700 (PDT) Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id E210E11E81E4 for ; Thu, 14 Mar 2013 12:54:30 -0700 (PDT) Received: from [130.129.0.147] (unknown [130.129.0.147]) by vimes.kumari.net (Postfix) with ESMTPSA id 9CEFF1B400DE; Thu, 14 Mar 2013 15:54:29 -0400 (EDT) From: Warren Kumari Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Thu, 14 Mar 2013 15:54:28 -0400 Message-Id: <3C773E2E-F7D3-40F2-BC21-B534A01D6F58@kumari.net> To: "opsec@ietf.org" , draft-ietf-opsec-lla-only-03@tools.ietf.org Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) X-Mailer: Apple Mail (2.1499) Cc: Warren Kumari Subject: [OPSEC] DON'T PANIC: Reminder about IPR relating to draft-ietf-opsec-lla-only-03 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2013 19:54:36 -0000 Dear OpSec WG, Be not alarmed. This email was created to satisfy RFC 6702 "Promoting Compliance with = Intellectual Property Rights (IPR)" = (http://tools.ietf.org/rfc/rfc6702.txt). The authors of draft-ietf-opsec-lla-only-03 have asked for a Working = Group Last Call. Before issuing the Working Group Last Call, we would = like to check whether any claims of Intellectual Property Rights (IPR) = on the document have not yet been disclosed. Are you personally aware of any IPR that applies to = draft-ietf-opsec-lla-only-03? If so, has this IPR been disclosed in = compliance with IETF IPR rules? (See RFCs 3979, 4879, 3669, and 5378 for more details.) If you are a document author or listed contributor on this document, = please reply to this email regardless of whether or not you are = personally aware of any relevant IPR. We might not be able to advance = this document to the next stage until we have received a reply from each = author and listed contributor. If you are on the OpSec WG email list but are not an author or listed = contributor for this document, you are reminded of your opportunity for = a voluntary IPR disclosure under BCP 79. Please do not reply unless you = want to make such a voluntary disclosure. Online tools for filing IPR disclosures can be found at = . Thanks, Warren Kumari (as OpSec WG co-chair) --=20 Do not meddle in the affairs of wizards, for they are subtle and quick = to anger. =20 -- J.R.R. Tolkien From warren@kumari.net Sat Mar 16 07:10:26 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AD1A21F8A08 for ; Sat, 16 Mar 2013 07:10:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YO2Vpj2C9Bln for ; Sat, 16 Mar 2013 07:10:25 -0700 (PDT) Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7832D21F89E9 for ; Sat, 16 Mar 2013 07:10:25 -0700 (PDT) Received: from [130.129.129.87] (unknown [130.129.129.87]) by vimes.kumari.net (Postfix) with ESMTPSA id 457BB1B40014; Sat, 16 Mar 2013 10:10:24 -0400 (EDT) From: Warren Kumari Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Sat, 16 Mar 2013 10:10:23 -0400 Message-Id: To: "opsec@ietf.org" , draft-ietf-opsec-lla-only@tools.ietf.org Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) X-Mailer: Apple Mail (2.1499) Cc: Warren Kumari Subject: [OPSEC] Start of WGLC for draft-ietf-opsec-lla-only X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Mar 2013 14:10:26 -0000 Dear OpSec WG, This starts a Working Group Last Call for draft-ietf-opsec-lla-only. Both authors have replied, stating that they do not know of any IPR = associated with this draft. The draft is available here: = https://datatracker.ietf.org/doc/draft-ietf-opsec-lla-only/ Please review this draft to see if you think it is ready for publication = and comments to the list, clearly stating your view. This WGLC ends 3-April-2013 -- I have extended the period slightly to = allow folk to travel home, decompress and still have time to review. Thanks, Warren Kumari (as OpSec WG co-chair) -- "I think perhaps the most important problem is that we are trying to = understand the fundamental workings of the universe via a language = devised for telling one another when the best fruit is." --Terry = Prachett=20 From joelja@bogus.com Thu Mar 21 22:03:45 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0E3421F8936 for ; Thu, 21 Mar 2013 22:03:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f69BhCZ0riR2 for ; Thu, 21 Mar 2013 22:03:45 -0700 (PDT) Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id A9CAB21F8928 for ; Thu, 21 Mar 2013 22:03:44 -0700 (PDT) Received: from joels-MacBook-Air.local (c-24-5-127-59.hsd1.ca.comcast.net [24.5.127.59]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id r2M53h5b094219 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Fri, 22 Mar 2013 05:03:44 GMT (envelope-from joelja@bogus.com) Message-ID: <514BE62A.7000905@bogus.com> Date: Thu, 21 Mar 2013 22:03:38 -0700 From: joel jaeggli User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:19.0) Gecko/20130117 Thunderbird/19.0 MIME-Version: 1.0 To: Warren Kumari , "opsec@ietf.org" References: <236CB0F0-60A6-4986-AF0C-22439C036A57@kumari.net> In-Reply-To: <236CB0F0-60A6-4986-AF0C-22439C036A57@kumari.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [147.28.0.81]); Fri, 22 Mar 2013 05:03:44 +0000 (UTC) Subject: Re: [OPSEC] Requesting publication of draft-ietf-opsec-ipv6-implications-on-ipv4-nets X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Mar 2013 05:03:46 -0000 I reviewed this document in wglc, and I think it's acceptable. that constitutes the AD review. will kick towards the IESG. thanks joel On 3/20/13 1:00 PM, Warren Kumari wrote: > Hi there, > > We are requesting publication of draft-ietf-opsec-ipv6-implications-on-ipv4-nets. I will be the document shepherd. > I am trying to use the "new" datatracker stuff to manage workflow, but am not sure if changing the state there actually informs you, so I'm doing so via email as well… > > W > > > > > Below is the shepherd writeup: > > (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? > > Informational -- this document is for the general information of the Internet community and does not have protocol or requirements. > > (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: > > Technical Summary: > > This document discusses the security implications (and provides possible mitigations) of native IPv6 support and IPv6 transition/co-existence technologies on "IPv4-only" networks. > It details a number of operational security concerns, and provides mitigations for many of them. In many cases operators of IPv4 only networks have not considered the security implications of an attacker (or an automatic tunneling mechanism) enabling IPv6 on their network / hosts. > > Working Group Summary: > > There was no drama in the WG on this topic. > > Document Quality: > This document does not describe any protocol/ specifications, and so there are no existing implementations / things to implement. > The document is of good quality. It is easily read and clear. > > Personnel: > > Warren Kumari is the Document Shepherd. Joel Jaeggli is RAD. > > > (3) Briefly describe the review of this document that was performed by the Document Shepherd. > The Document Shepherd has had a number of discussions with the authors on this topic, and has followed the progression of the draft through revisions and the WG. > The Document Shepherd also sat in the bath with a highlighter and carefully reviewed the document. A number of grammar suggestions / nits were provided to the authors. > > > (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? > A WGLC was initiated, and then extended to get additional review. The Shepherd believes that there is now sufficient review, both in terms of volume, and expertise. > > > (5) Do portions of the document need review from a particular or from broader perspective? > Nope. > > > (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? > None. > > > (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. > Yes. > > > (8) Has an IPR disclosure been filed that references this document? > No IPR disclosures have been filed (phew!) > > > (9) How solid is the WG consensus behind this document? > The most involved / active WG participants did respond and their comments were supportive. The rest of the WG was silent (we are working on this!) > > > (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? > Not at all. > > (11) Identify any ID nits the Document Shepherd has found in this document. > The nits tool made grumpy-face about non-RFC2606-compliant FQDNs and non-RFC5735-compliant IPv4 addresses. > These were checked -- the document refers to specific addresses (such as 192.88.99.0/24) and FQDNs that should not be replaces with RFC 2606 / RFC 5735 examples. > > (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. > N/A. > > > (13) Have all references within this document been identified as either normative or informative? > Yes. > > > (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? > No - all normative references are to RFCs. > > > (15) Are there downward normative references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. > None. > > (16) Will publication of this document change the status of any existing RFCs? > Nope / N/A. > > (17) Describe the Document Shepherd's review of the IANA considerations section. > No IANA action requested or required. This matches the text of the document. > > > (18) List any new IANA registries that require Expert Review for future allocations. > None. > > (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. > N/A. > From kkumar@google.com Sun Mar 24 12:39:32 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69B6021F8CD6 for ; Sun, 24 Mar 2013 12:39:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.977 X-Spam-Level: X-Spam-Status: No, score=-101.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WJAiF+i4HSvw for ; Sun, 24 Mar 2013 12:39:31 -0700 (PDT) Received: from mail-qc0-x22b.google.com (mail-qc0-x22b.google.com [IPv6:2607:f8b0:400d:c01::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 4777B21F8BF0 for ; Sun, 24 Mar 2013 12:39:31 -0700 (PDT) Received: by mail-qc0-f171.google.com with SMTP id q2so2357070qch.2 for ; Sun, 24 Mar 2013 12:39:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:from:date:message-id:subject:to :content-type; bh=5kSR+R+Xpx5O3/UxruuLS9Lv9wH7EvgAOtXgyHS0pyc=; b=brRnw3R5zKkf5c8K5mayTd17TBGJQsdfJYN+KhFFlgqmxQ2iZkoT3A0RLDCASXnptm cbjCr9nSW96iG1WHkbdipiYI9dxYdvcjNuRuFfwlq44g+mwmIhqvFg4yLOMJSK6dr3WJ PGSgTa7V9xHGr6m7IHQsuDNex0DCw1aKl6ri3wHc/BdVqTNaYfivtdIC0qpC548B549e 0P1a9CEKVXgtpI8K3LHZMA0jkKDkT6djfmnmbY6t2sThNpGI5lZDMbdjLrFSsB9I187A T6RxawPM/b9XCOLF/uQxLU1WnwelQG5h02sQxIAxNpS0XrooOR0JIezf9blwAFxEb8uF V5MA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:from:date:message-id:subject:to :content-type:x-gm-message-state; bh=5kSR+R+Xpx5O3/UxruuLS9Lv9wH7EvgAOtXgyHS0pyc=; b=nKbGVxdwmgywFh2Wrfs435mM5xYZNgeqfSqFJHu83aJY69jLnZUjd1qQAIRUQMvVF+ 7llaYHhgwYZMRZBbcQC/tckA2luP57EPbPCo+l9H5vZikX4a9PKykTw1sQrMjEQo3nrZ tYd9s1j7qY6XylUV8GWbd+fX5C8FfhCl1kIMjN/I3YVbcdJwxJhcwxXq+Lb6s/FnhPIs +Czug2cMNN1HeWCfpd5YEQSsmbELQwTL3OShHN4oii7T2qIx4LChCoWwHtBkUrlA52Jp yCMFUqHNX4A+txFBCxUTl97mvcPI1dsbYuaKjnfhs2FUZUgO4h4oD3LLshVzFYfr4th8 /t0Q== X-Received: by 10.224.216.135 with SMTP id hi7mr2417544qab.28.1364153963151; Sun, 24 Mar 2013 12:39:23 -0700 (PDT) MIME-Version: 1.0 Received: by 10.49.106.233 with HTTP; Sun, 24 Mar 2013 12:39:03 -0700 (PDT) From: KK Date: Sun, 24 Mar 2013 12:39:03 -0700 Message-ID: To: "opsec@ietf.org" , "" Content-Type: multipart/alternative; boundary=20cf300fb05f648e4504d8b0d89d X-Gm-Message-State: ALoCoQnBbTo8yPqhzE9B9JVL4LkDD9LpSHGOTCymEDjxqFgkk450E86K4r3noB9tJ5vzh4KpBqh6H1SdW+GHeJvSArztkuNLwaUn5mI4QDayclj9P7ZwE67Yo7Pw3BqkB9ltGgfWx4KTKtOa0YkSfupX5OkOFCiU1WJb5+l2/W7PzGzvEXvhe8f7jsgy67q24kQi5vEil2gb Subject: [OPSEC] DON'T PANIC: Reminder about IPR relating to draft-ietf-opsec-bgp-security X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Mar 2013 19:39:32 -0000 --20cf300fb05f648e4504d8b0d89d Content-Type: text/plain; charset=ISO-8859-1 Dear OpSec WG, Be not alarmed. This email was created to satisfy RFC 6702 "Promoting Compliance with Intellectual Property Rights (IPR)" (http://tools.ietf.org/rfc/rfc6702.txt ). The authors of draft-ietf-opsec-bgp-security have asked for a Working Group Last Call. Before issuing the Working Group Last Call, we would like to check whether any claims of Intellectual Property Rights (IPR) on the document have not yet been disclosed. Are you personally aware of any IPR that applies to draft-ietf-opsec-bgp-security? If so, has this IPR been disclosed in compliance with IETF IPR rules? (See RFCs 3979, 4879, 3669, and 5378 for more details.) If you are a document author or listed contributor on this document, please reply to this email regardless of whether or not you are personally aware of any relevant IPR. We might not be able to advance this document to the next stage until we have received a reply from each author and listed contributor. If you are on the OpSec WG email list but are not an author or listed contributor for this document, you are reminded of your opportunity for a voluntary IPR disclosure under BCP 79. Please do not reply unless you want to make such a voluntary disclosure. Online tools for filing IPR disclosures can be found at < http://www.ietf.org/ipr/file-disclosure>. Thanks, KK (as OpSec WG co-chair) --20cf300fb05f648e4504d8b0d89d Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

Dear OpSec WG,


Be not alarmed.

This email was created to satisfy RFC 6702 "= ;Promoting Compliance with Intellectual Property Rights (IPR)" =A0(http://tools.ietf.org/rfc/rfc6702.txt).



The authors of draft-ietf-opsec-bgp-security have asked for a Working Group Last Call. =A0Before issuing the Working Group Last Call, we would like=20 to check whether any claims of Intellectual Property Rights (IPR) on the document have not yet been disclosed.


Are you personally aware of any IPR that applies to=20 draft-ietf-opsec-bgp-security? =A0If so, has this IPR been disclosed in=20 compliance with IETF IPR rules?

(See R= FCs 3979, 4879, 3669, and 5378 for more details.)


If you are a document author or listed contributor on this document,=20 please reply to this email regardless of whether or not you are=20 personally aware of any relevant IPR. =A0We might not be able to advance=20 this document to the next stage until we have received a reply from each author and listed contributor.


If you are on the OpSec WG email list but are not an author or listed=20 contributor for this document, you are reminded of your opportunity for a voluntary IPR disclosure under BCP 79. =A0Please do not reply unless you= =20 want to make such a voluntary disclosure.


Online tools for filing IPR dis= closures can be found at <http://www.ietf.or= g/ipr/file-disclosure>.


Thanks,

KK

(as OpSec WG co-chair)
--20cf300fb05f648e4504d8b0d89d-- From ipepelnjak@gmail.com Sun Mar 24 14:18:58 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B24221F8DD9 for ; Sun, 24 Mar 2013 14:18:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.142 X-Spam-Level: X-Spam-Status: No, score=-0.142 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RDNS_NONE=0.1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3W-4hYKm+Nu5 for ; Sun, 24 Mar 2013 14:18:57 -0700 (PDT) Received: from mail-ea0-x22a.google.com (mail-ea0-x22a.google.com [IPv6:2a00:1450:4013:c01::22a]) by ietfa.amsl.com (Postfix) with ESMTP id E820821F8DA6 for ; Sun, 24 Mar 2013 14:18:56 -0700 (PDT) Received: by mail-ea0-f170.google.com with SMTP id a15so2131613eae.29 for ; Sun, 24 Mar 2013 14:18:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:to:references:in-reply-to:subject:date:message-id :mime-version:content-type:x-mailer:thread-index:content-language; bh=e5d6nw/Gz5ggJCT4GJrk4MDFAXXHsrUreNyNIKRPjwU=; b=QyaTYUACGintQfckuw7Jk4QOCsQIy9J5u3JGEoTcwQAlt44OO0XW9Q6awHIK3eE7Vx u325LFs4IfOzr0VQK+axG8Vf+E0DGlCspvlTjFUy/oYubsK602b8+KxA3K3/NYTFi6ut +jTNOWbybjnJf95doCEYJo240jXpIuJM98Q9jS2HlDopkEqQMxEFxq2MO/Ekk1OXQ0HK qxjpaNNasQNqY7ahbpscWruGY1W8Ib/j7hq6Yyk8VHhPAmStgDhyEeDSnAkCA9n+GKvV 1VakHTfvK5NEo/Hgf+TUbPc3kUay9wM79YWC5ew+cW8qFqdlky8JaxS86KbqNfhO6Jbe iibg== X-Received: by 10.14.182.72 with SMTP id n48mr917525eem.3.1364159936073; Sun, 24 Mar 2013 14:18:56 -0700 (PDT) Received: from PIPINB2009 ([89.143.150.148]) by mx.google.com with ESMTPS id d47sm15403990eem.9.2013.03.24.14.18.55 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sun, 24 Mar 2013 14:18:55 -0700 (PDT) From: "Ivan Pepelnjak" To: "'KK'" , , References: In-Reply-To: Date: Sun, 24 Mar 2013 22:18:52 +0100 Message-ID: <007101ce28d5$31207980$93616c80$@com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0072_01CE28DD.92E4E180" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ac4ox1DU66AQoskdSCGV77ttX/UPyAADZnQA Content-Language: sl Subject: Re: [OPSEC] DON'T PANIC: Reminder about IPR relating to draft-ietf-opsec-bgp-security X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Mar 2013 21:18:58 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_0072_01CE28DD.92E4E180 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I=E2=80=99m not aware of any IPR issues/claims wrt = draft-ietf-opsec-bgp-security. =20 Kind regards, Ivan Pepelnjak =20 From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf = Of KK Sent: Sunday, March 24, 2013 8:39 PM To: opsec@ietf.org; Subject: [OPSEC] DON'T PANIC: Reminder about IPR relating to = draft-ietf-opsec-bgp-security =20 Dear OpSec WG, =20 Be not alarmed. This email was created to satisfy RFC 6702 "Promoting Compliance with = Intellectual Property Rights (IPR)" ( = = http://tools.ietf.org/rfc/rfc6702.txt). =20 The authors of draft-ietf-opsec-bgp-security have asked for a Working = Group Last Call. Before issuing the Working Group Last Call, we would = like to check whether any claims of Intellectual Property Rights (IPR) = on the document have not yet been disclosed. =20 Are you personally aware of any IPR that applies to = draft-ietf-opsec-bgp-security? If so, has this IPR been disclosed in = compliance with IETF IPR rules? (See RFCs 3979, 4879, 3669, and 5378 for more details.) =20 If you are a document author or listed contributor on this document, = please reply to this email regardless of whether or not you are = personally aware of any relevant IPR. We might not be able to advance = this document to the next stage until we have received a reply from each = author and listed contributor. =20 If you are on the OpSec WG email list but are not an author or listed = contributor for this document, you are reminded of your opportunity for = a voluntary IPR disclosure under BCP 79. Please do not reply unless you = want to make such a voluntary disclosure. =20 Online tools for filing IPR disclosures can be found at < = = http://www.ietf.org/ipr/file-disclosure>. =20 Thanks, KK (as OpSec WG co-chair) ------=_NextPart_000_0072_01CE28DD.92E4E180 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

I=E2= =80=99m not aware of any IPR issues/claims wrt = draft-ietf-opsec-bgp-security.

 

Ki= nd regards,

Iv= an Pepelnjak

 

From:= = opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf Of = KK
Sent: Sunday, March 24, 2013 8:39 PM
To: = opsec@ietf.org; = <draft-ietf-opsec-bgp-security@tools.ietf.org>
Subject: = [OPSEC] DON'T PANIC: Reminder about IPR relating to = draft-ietf-opsec-bgp-security

 

D= ear OpSec WG,

 

B= e not alarmed.

T= his email was created to satisfy RFC 6702 "Promoting Compliance = with Intellectual Property Rights (IPR)"  (h= ttp://tools.ietf.org/rfc/rfc6702.txt)= .

 

T= he authors of draft-ietf-opsec-bgp-security have asked for a Working = Group Last Call.  Before issuing the Working Group Last Call, we = would like to check whether any claims of Intellectual Property Rights = (IPR) on the document have not yet been = disclosed.

 

A= re you personally aware of any IPR that applies to = draft-ietf-opsec-bgp-security?  If so, has this IPR been disclosed = in compliance with IETF IPR rules?

(= See RFCs 3979, 4879, 3669, and 5378 for more = details.)

 

I= f you are a document author or listed contributor on this document, = please reply to this email regardless of whether or not you are = personally aware of any relevant IPR.  We might not be able to = advance this document to the next stage until we have received a reply = from each author and listed contributor.

 

I= f you are on the OpSec WG email list but are not an author or listed = contributor for this document, you are reminded of your opportunity for = a voluntary IPR disclosure under BCP 79.  Please do not reply = unless you want to make such a voluntary = disclosure.

 

O= nline tools for filing IPR disclosures can be found at <h= ttp://www.ietf.org/ipr/file-disclosure&= gt;.

 

T= hanks,

K= K

(= as OpSec WG = co-chair)

------=_NextPart_000_0072_01CE28DD.92E4E180-- From jerduran@cisco.com Sun Mar 24 14:34:32 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5890E21F8A85 for ; Sun, 24 Mar 2013 14:34:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FbxeQS+4Y0dx for ; Sun, 24 Mar 2013 14:34:31 -0700 (PDT) Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id 1F96E21F8A84 for ; Sun, 24 Mar 2013 14:34:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2026; q=dns/txt; s=iport; t=1364160871; x=1365370471; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=FLB0JJXya6Mm5ShNrxsoMMHFXA9EveH19RX3EnJdYI4=; b=kw+xUDimolHRMAOOabCIshrbloKIkhaOVyf2Q0Cy01ctdEitqi11O+Gj oFrZHdg6Enta1Fg2RmfVIjSq9Od9L5USo74WmLCGr6PTx4D4iszmDPpAA +fULrjE0G7HUeDRvpc1VdhBdljKiKgtZCHN4ik09uy970+YaGskiMyPTn U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgEFAAJwT1GtJXHB/2dsb2JhbABDxXCBchZ0giQBAQEDAQEBAWsGBQULAgEIIiQnCyUCBA4FCAGIBQYMwU2NWIENAjEHgl9hA4hBj0WPZYFUgTaBczU X-IronPort-AV: E=Sophos;i="4.84,901,1355097600"; d="scan'208";a="190700105" Received: from rcdn-core2-6.cisco.com ([173.37.113.193]) by rcdn-iport-1.cisco.com with ESMTP; 24 Mar 2013 21:34:30 +0000 Received: from xhc-rcd-x15.cisco.com (xhc-rcd-x15.cisco.com [173.37.183.89]) by rcdn-core2-6.cisco.com (8.14.5/8.14.5) with ESMTP id r2OLYUNf024852 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 24 Mar 2013 21:34:30 GMT Received: from xmb-rcd-x01.cisco.com ([169.254.1.152]) by xhc-rcd-x15.cisco.com ([173.37.183.89]) with mapi id 14.02.0318.004; Sun, 24 Mar 2013 16:34:30 -0500 From: "Jerome Durand (jerduran)" To: KK Thread-Topic: [OPSEC] DON'T PANIC: Reminder about IPR relating to draft-ietf-opsec-bgp-security Thread-Index: AQHOKNddVyZJplklakW8zHBANnwI7w== Date: Sun, 24 Mar 2013 21:34:29 +0000 Message-ID: <0145702467942740A26A9633AA8B60FA3BBB49FE@xmb-rcd-x01.cisco.com> References: In-Reply-To: Accept-Language: fr-FR, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.61.87.204] Content-Type: text/plain; charset="iso-8859-1" Content-ID: <46307A0F4A081045A6E76EF517D36883@emea.cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "" , "opsec@ietf.org" Subject: Re: [OPSEC] DON'T PANIC: Reminder about IPR relating to draft-ietf-opsec-bgp-security X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Mar 2013 21:34:32 -0000 I am not aware of any IPR that applies to draft-ietf-opsec-bgp-security Thanks, Jerome Le 24 mars 2013 =E0 20:39, KK a =E9crit : > Dear OpSec WG, >=20 > Be not alarmed. > This email was created to satisfy RFC 6702 "Promoting Compliance with Int= ellectual Property Rights (IPR)" (http://tools.ietf.org/rfc/rfc6702.txt). >=20 >=20 > The authors of draft-ietf-opsec-bgp-security have asked for a Working Gro= up Last Call. Before issuing the Working Group Last Call, we would like to= check whether any claims of Intellectual Property Rights (IPR) on the docu= ment have not yet been disclosed. >=20 > Are you personally aware of any IPR that applies to draft-ietf-opsec-bgp-= security? If so, has this IPR been disclosed in compliance with IETF IPR r= ules? > (See RFCs 3979, 4879, 3669, and 5378 for more details.) >=20 > If you are a document author or listed contributor on this document, plea= se reply to this email regardless of whether or not you are personally awar= e of any relevant IPR. We might not be able to advance this document to th= e next stage until we have received a reply from each author and listed co= ntributor. >=20 > If you are on the OpSec WG email list but are not an author or listed con= tributor for this document, you are reminded of your opportunity for a volu= ntary IPR disclosure under BCP 79. Please do not reply unless you want to = make such a voluntary disclosure. >=20 > Online tools for filing IPR disclosures can be found at . >=20 > Thanks, > KK > (as OpSec WG co-chair) > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec -- Jerome Durand Consulting Systems Engineer - Routing & Switching jerduran@cisco.com - +33 6 35 11 60 50 http://reseauxblog.cisco.fr - http://ipv6blog.cisco.fr CISCO France 11, rue Camille Desmoulins 92782 Issy les Moulineaux CEDEX 9 FRANCE From warren@kumari.net Mon Mar 25 11:05:27 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E75321F9528 for ; Mon, 25 Mar 2013 11:05:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k9KBBY06fLnE for ; Mon, 25 Mar 2013 11:05:26 -0700 (PDT) Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id 963C021F9518 for ; Mon, 25 Mar 2013 11:05:26 -0700 (PDT) Received: from [192.168.1.153] (unknown [66.84.81.117]) by vimes.kumari.net (Postfix) with ESMTPSA id 529271B40150; Mon, 25 Mar 2013 14:05:25 -0400 (EDT) From: Warren Kumari Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Date: Mon, 25 Mar 2013 14:05:23 -0400 Message-Id: To: "opsec@ietf.org" Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) X-Mailer: Apple Mail (2.1499) Cc: Warren Kumari Subject: [OPSEC] Reminder: Please review draft-ietf-opsec-lla-only X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Mar 2013 18:05:27 -0000 Dear OpSec WG, This is a reminder to review draft-ietf-opsec-lla-only-03 -- The draft = is available here: = https://datatracker.ietf.org/doc/draft-ietf-opsec-lla-only/ This has been presented a number of time, and has gotten some in person = discussion. This means that it shouldn't take very long to review -- = this means that you can get brownie points for reviewing, without having = to spend a bunch of time=85. W --=20 Do not meddle in the affairs of wizards, for they are subtle and quick = to anger. =20 -- J.R.R. Tolkien From wesley.george@twcable.com Mon Mar 25 14:27:58 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8868721F8CE5 for ; Mon, 25 Mar 2013 14:27:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.463 X-Spam-Level: X-Spam-Status: No, score=-1.463 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2sdsBdQvsYi7 for ; Mon, 25 Mar 2013 14:27:57 -0700 (PDT) Received: from cdpipgw01.twcable.com (cdpipgw01.twcable.com [165.237.59.22]) by ietfa.amsl.com (Postfix) with ESMTP id 6AB0621F88B0 for ; Mon, 25 Mar 2013 14:27:53 -0700 (PDT) X-SENDER-IP: 10.136.163.15 X-SENDER-REPUTATION: None X-IronPort-AV: E=Sophos;i="4.84,907,1355115600"; d="scan'208";a="48514227" Received: from unknown (HELO PRVPEXHUB06.corp.twcable.com) ([10.136.163.15]) by cdpipgw01.twcable.com with ESMTP/TLS/RC4-MD5; 25 Mar 2013 17:27:06 -0400 Received: from PRVPEXVS15.corp.twcable.com ([10.136.163.78]) by PRVPEXHUB06.corp.twcable.com ([10.136.163.15]) with mapi; Mon, 25 Mar 2013 17:27:51 -0400 From: "George, Wes" To: Warren Kumari , "opsec@ietf.org" , "draft-ietf-opsec-lla-only@tools.ietf.org" Date: Mon, 25 Mar 2013 17:27:51 -0400 Thread-Topic: [OPSEC] Start of WGLC for draft-ietf-opsec-lla-only Thread-Index: Ac4iUAUFp1iQXd7sRAKdG7ewlIpoqgHRXm/Q Message-ID: <2671C6CDFBB59E47B64C10B3E0BD5923042C6EF38A@PRVPEXVS15.corp.twcable.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [OPSEC] Start of WGLC for draft-ietf-opsec-lla-only X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Mar 2013 21:27:58 -0000 I've reviewed prior versions of this document so I took a look at this vers= ion. While it has improved, my fundamental concern remains: That I think it= 's overselling the benefits of using LLA in the core while downplaying alte= rnate solutions (IGP passive) that provide much of the same benefit without= the nasty operational side effects that come from trying to run a network = with no "real" addresses on its interfaces. Diagnostic tools like pings and traces, as well as more important things li= ke PMTUD are brittle enough without advocating this practice for questionab= le benefit. Yes, you can configure a router to respond to ICMP via a routab= le loopback address. However, we've seen in early practice that people aren= 't even bothering with reverse DNS for IPv6 so that you can see what the pa= th actually is in a trace, so relying on such configuration being properly = implemented, let alone applied pervasively and consistently to make critica= l bits of infrastructure work seems risky. Now I have to ask whether the tr= ace failed because the router isn't responding with the right interface, or= because something's actually broken. I also have a hunch that this would e= xpose a whole new crop of routing protocol next-hop bugs and assorted weird= ness based on what (flawed) assumptions router vendors made about interface= addressing and reachability when implementing. That said - this is an informational document, so I'm less bothered by it b= eing published than were it a BCP, but I still have misgivings with it bein= g published as a WG draft as currently written, because I think it would er= roneously be interpreted as IETF consensus that this is the "right" way to = number a network for optimal security. My concerns could be addressed by removing "we propose..." and "we recommen= d..." in section 1, because that would change the tone of the document to s= imply noting that such a configuration is possible and should work if it is= appropriate for your network, instead of recommending it generically with = few exceptions as it currently does. The draft should also focus specifical= ly on advantages that are not possible to realize by simply putting the int= erfaces into passive mode in the IGP, because otherwise I would argue that = is actually the more common and more flexible practice, and this solution i= s simply solving a problem that is already solved. Some specific comments: I fundamentally disagree with the assertion in section 2 as currently worde= d: "Routers typically do not need to be reached from nodes of the network, nor from outside the network." I think I understand what you mean, but "reached from" is ambiguous, and do= wnplays the importance of the text in section 2.1. I'd agree that routers t= ypically don't need to be reachable for management, and other reachability = can be constrained down to a few critical types of traffic, but routers tha= t are completely unreachable are pretty uncommon outside of VPN networks wh= ere the added security by obscurity is beneficial. 2.1: I think the "musts" in this section should all be normative, i.e. MUST= since this is critical to the proper operation of the network and implemen= tation of this idea. Otherwise, the RFC2119 boilerplate is extraneous and s= hould be removed, as there are no normative keywords used in this draft. 2.2 - as noted above, each of the claimed advantages are caveated with one = or more alternate ways to accomplish the same benefit or to obviate the ben= efit provided. This does not make for a good argument in favor of implement= ing LLA only. 2.3 - in networks with heavy use of ECMP, having the loopback address respo= nd to pings and traces means that vital information about *which* of multip= le paths the traffic actually took is lost. " Today this does not display the specific interface the packets came in on." -- disagree. In most routers, the receiving interfa= ce is the one that responds to traces. When it has a uniquely identifiable = IP address, one can determine which interface this was. Dynamic LLA has other issues: - diagnostic pings across connected interfaces are harder to complete - ins= tead of simply typing ping [address], one must now specify the exit interfa= ce, effectively doubling the commands required. - diagnostic traceroutes are similarly harder because one must specify a ro= utable source interface and destination. - in large networks, most connected interfaces are numbered using a standar= d numbering scheme such that one can derive the address of the remote side = by simply adding or subtracting 1 from the local IP address. Pings to the r= emote side when dynamic LLAs are used require determining the address to be= pinged, either via a show interface on the remote side, or a show ipv6 nei= ghbor on the local side, and may be more prone to operator-induced failure = due to the fact that the addresses are not obviously similar to one another= . - because dynamic addresses are not present in the configuration, it is imp= ossible to search for them to determine where a given address may be if it = shows up in diagnostic information (packet captures, traces, routing updat= es, etc). Statically-assigned addresses show up in configuration, meaning t= hat simple tools like grepping a rancid config repository can find the rout= er on which that address is located. Thanks, Wes George > -----Original Message----- > From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf > Of Warren Kumari > Sent: Saturday, March 16, 2013 10:10 AM > To: opsec@ietf.org; draft-ietf-opsec-lla-only@tools.ietf.org > Cc: Warren Kumari > Subject: [OPSEC] Start of WGLC for draft-ietf-opsec-lla-only > > Dear OpSec WG, > > This starts a Working Group Last Call for draft-ietf-opsec-lla-only. > Both authors have replied, stating that they do not know of any IPR > associated with this draft. > > The draft is available here: https://datatracker.ietf.org/doc/draft- > ietf-opsec-lla-only/ > > Please review this draft to see if you think it is ready for publication > and comments to the list, clearly stating your view. > > This WGLC ends 3-April-2013 -- I have extended the period slightly to > allow folk to travel home, decompress and still have time to review. > > Thanks, > Warren Kumari > (as OpSec WG co-chair) > > > > -- > "I think perhaps the most important problem is that we are trying to > understand the fundamental workings of the universe via a language > devised for telling one another when the best fruit is." --Terry > Prachett > > > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec This E-mail and any of its attachments may contain Time Warner Cable propri= etary information, which is privileged, confidential, or subject to copyrig= ht belonging to Time Warner Cable. This E-mail is intended solely for the u= se of the individual or entity to which it is addressed. If you are not the= intended recipient of this E-mail, you are hereby notified that any dissem= ination, distribution, copying, or action taken in relation to the contents= of and attachments to this E-mail is strictly prohibited and may be unlawf= ul. If you have received this E-mail in error, please notify the sender imm= ediately and permanently delete the original and any copy of this E-mail an= d any printout. From fgont@si6networks.com Mon Mar 25 16:37:07 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 257C621F868E for ; Mon, 25 Mar 2013 16:37:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.3 X-Spam-Level: X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J8B3SQQ-8sD2 for ; Mon, 25 Mar 2013 16:37:06 -0700 (PDT) Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id 8541921F867E for ; Mon, 25 Mar 2013 16:37:06 -0700 (PDT) Received: from [2001:5c0:1000:a::60f] by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1UKGsg-00064Y-3H; Tue, 26 Mar 2013 00:35:51 +0100 Message-ID: <5150DE8F.5030506@si6networks.com> Date: Mon, 25 Mar 2013 20:32:31 -0300 From: Fernando Gont Organization: SI6 Networks User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130308 Thunderbird/17.0.4 MIME-Version: 1.0 To: Warren Kumari References: In-Reply-To: X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Cc: "opsec@ietf.org" Subject: Re: [OPSEC] Reminder: Please review draft-ietf-opsec-lla-only X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Mar 2013 23:37:07 -0000 Hi, Warren, I can review the I.D. Quick question: what's the desired deadline for reviews? Thanks! Best regards, Fernando On 03/25/2013 03:05 PM, Warren Kumari wrote: > Dear OpSec WG, > > This is a reminder to review draft-ietf-opsec-lla-only-03 -- The draft is available here: https://datatracker.ietf.org/doc/draft-ietf-opsec-lla-only/ > > This has been presented a number of time, and has gotten some in person discussion. This means that it shouldn't take very long to review -- this means that you can get brownie points for reviewing, without having to spend a bunch of time…. > > W > -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 From warren@kumari.net Tue Mar 26 07:38:57 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B12621F8A66 for ; Tue, 26 Mar 2013 07:38:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id usu4PratOjme for ; Tue, 26 Mar 2013 07:38:55 -0700 (PDT) Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF22921F89E1 for ; Tue, 26 Mar 2013 07:38:55 -0700 (PDT) Received: from [192.168.1.153] (unknown [66.84.81.117]) by vimes.kumari.net (Postfix) with ESMTPSA id E7C211B401C9; Tue, 26 Mar 2013 10:38:43 -0400 (EDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) From: Warren Kumari In-Reply-To: <5150DE8F.5030506@si6networks.com> Date: Tue, 26 Mar 2013 10:38:37 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <5150DE8F.5030506@si6networks.com> To: Fernando Gont X-Mailer: Apple Mail (2.1503) Cc: "opsec@ietf.org" , Warren Kumari Subject: Re: [OPSEC] Reminder: Please review draft-ietf-opsec-lla-only X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2013 14:38:57 -0000 On Mar 25, 2013, at 7:32 PM, Fernando Gont = wrote: > Hi, Warren, >=20 > I can review the I.D. Quick question: what's the desired deadline for > reviews? Thank you, kind sir=85 April 2nd would be great=85 W >=20 > Thanks! >=20 > Best regards, > Fernando >=20 >=20 >=20 >=20 > On 03/25/2013 03:05 PM, Warren Kumari wrote: >> Dear OpSec WG, >>=20 >> This is a reminder to review draft-ietf-opsec-lla-only-03 -- The = draft is available here: = https://datatracker.ietf.org/doc/draft-ietf-opsec-lla-only/ >>=20 >> This has been presented a number of time, and has gotten some in = person discussion. This means that it shouldn't take very long to review = -- this means that you can get brownie points for reviewing, without = having to spend a bunch of time=85. >>=20 >> W >>=20 >=20 >=20 > --=20 > Fernando Gont > SI6 Networks > e-mail: fgont@si6networks.com > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 >=20 >=20 >=20 --=20 "Does Emacs have the Buddha nature? Why not? It has bloody well = everything else..." From kkumar@google.com Wed Mar 27 10:49:06 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23B2621F9265 for ; Wed, 27 Mar 2013 10:49:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.977 X-Spam-Level: X-Spam-Status: No, score=-101.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e8U4FlajlVLm for ; Wed, 27 Mar 2013 10:49:05 -0700 (PDT) Received: from mail-qc0-x236.google.com (mail-qc0-x236.google.com [IPv6:2607:f8b0:400d:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id 7C69A21F9264 for ; Wed, 27 Mar 2013 10:49:02 -0700 (PDT) Received: by mail-qc0-f182.google.com with SMTP id k19so1591525qcs.13 for ; Wed, 27 Mar 2013 10:49:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:from:date:message-id:subject:to:cc :content-type; bh=zUj69FIwF8wI7uR7vDeSKK4QfPaXuex/vJ+8hRYaNvk=; b=FIf5ucuouSv9SDMBhYxDZ7AQCtGW+WoSH2K2FnHPmNu9uZN60RRfwiINi9p4CxmDwX nCsV7SmqnAly12lh4jRBz2SoNonMhTsXwXHI4Ccw/HV3TiEIjdkBJtKGHNdOkf4Croal Ei/tzVjad05wocLJSTLb2m1vdu5vFOpoyZLt8SjPqzHsgbSNcWTKdbt6wBbVY9TiE/UN 8ybmGxAZdhOWlZbATqjQNR3kJW9c3TCxavnECZ4KCD/96dxhPaD9f3CUxMiQEDyfGWBS guJ5ze+2xzxLhW6wa5lx7dA5ih8PmMXnEPfBLNOxdv85HSIF2ej5PQ+kIn9LbACRsDh+ 9CRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:from:date:message-id:subject:to:cc :content-type:x-gm-message-state; bh=zUj69FIwF8wI7uR7vDeSKK4QfPaXuex/vJ+8hRYaNvk=; b=lR/QeOKsOIq0ej0b8QO+Xjz2An63/87NxgLMhl3c6UZGvDURkgGW2Ww9Ztz166+/ph IBf3LedHvE+tzRTmTdBNgbZWAh8kwZJ5dZeNhXbNwf62wOw3R7iJyOZU/6suB6eW5Q+y klzWpIQWrXk3tMQJxJfSfkvFw61r5fdcVz2TAK6Xe+LhSDU3ycnWcvsaMqR3XzRVnXA7 3CxUFSyE4R9FKPjlMCVWpgT1qyxHfe5A9/vnTEtbvXy0QqRo/RqD393WOvWobGi1nfoh wAPP1nDY9QyY1tnNv7Bfw7qGvK7YTdHNhqEVIQi1bTJbYf6x5wDHaXypC/Uy5nAYLof/ pe6g== X-Received: by 10.49.86.35 with SMTP id m3mr16825741qez.13.1364406541849; Wed, 27 Mar 2013 10:49:01 -0700 (PDT) MIME-Version: 1.0 Received: by 10.49.106.233 with HTTP; Wed, 27 Mar 2013 10:48:40 -0700 (PDT) From: KK Date: Wed, 27 Mar 2013 10:48:40 -0700 Message-ID: To: "opsec@ietf.org" Content-Type: multipart/alternative; boundary=047d7bdc7f8a41d96604d8eba73d X-Gm-Message-State: ALoCoQmLYSCD5cXyTRDKd94QYz8TLTZfb4SeNM1QxX4+l54++7N/e0azbrGfgDfKzhGufttC47TRA6JQ23V56OMH3TqLClWRoaiLiRxQ1yMTb6jA85ODJ8GkuU8NgpFWNJOQ8St2FaizhGTEbzkHmHIAnwQTpP1Ztz8ubKt/K1ADZ5wgcjk6D1EVXTkPh8T0DbY2Yu183Zpz Cc: "" Subject: [OPSEC] Start of WGLC for draft-ietf-opsec-bgp-security X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2013 17:49:06 -0000 --047d7bdc7f8a41d96604d8eba73d Content-Type: text/plain; charset=ISO-8859-1 * Dear OpSec WG, This starts a Working Group Last Call for draft-ietf-opsec-bgp-security. All three authors have replied, stating that they do not know of any IPR associated with this draft. The draft is available here: https://datatracker.ietf.org/doc/draft-ietf-opsec-bgp-security/ Please review this draft to see if you think it is ready for publication and comments to the list, clearly stating your view. This WGLC ends 10-April-2013. Thanks, KK (as OpSec WG co-chair) * --047d7bdc7f8a41d96604d8eba73d Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

= Dear OpSec WG,


This starts a W= orking Group Last Call for draft-ietf-opsec-bgp-security.

All three authors have replied, stating that they do not kn= ow of any IPR associated with this draft.


The draft is av= ailable here: https://datatracker.ietf.org/doc/draft-i= etf-opsec-bgp-security/


Please review this draft to see if you thi= nk it is ready for publication and comments to the list, clearly stating yo= ur view.


This WGLC ends = 10-April-2013.


Thanks,<= /p>

KK

(as OpSec WG co-chair)



--047d7bdc7f8a41d96604d8eba73d-- From iesg-secretary@ietf.org Fri Mar 29 06:03:26 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A79F321F9405; Fri, 29 Mar 2013 06:03:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.521 X-Spam-Level: X-Spam-Status: No, score=-102.521 tagged_above=-999 required=5 tests=[AWL=0.079, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V6wBDgOgCWLn; Fri, 29 Mar 2013 06:03:26 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 24D4D21F8ED4; Fri, 29 Mar 2013 06:03:26 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IETF-Announce X-Test-IDTracker: no X-IETF-IDTracker: 4.43 Message-ID: <20130329130326.13012.1402.idtracker@ietfa.amsl.com> Date: Fri, 29 Mar 2013 06:03:26 -0700 Cc: opsec@ietf.org Subject: [OPSEC] Last Call: (Security Implications of IPv6 on IPv4 Networks) to Informational RFC X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ietf@ietf.org List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Mar 2013 13:03:26 -0000 The IESG has received a request from the Operational Security Capabilities for IP Network Infrastructure WG (opsec) to consider the following document: - 'Security Implications of IPv6 on IPv4 Networks' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-04-12. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document discusses the security implications of native IPv6 support and IPv6 transition/co-existence technologies on "IPv4-only" networks, and describes possible mitigations for the aforementioned issues. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-opsec-ipv6-implications-on-ipv4-nets/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-opsec-ipv6-implications-on-ipv4-nets/ballot/ No IPR declarations have been submitted directly on this I-D. From iesg-secretary@ietf.org Fri Mar 29 06:03:27 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67D3721F9409 for ; Fri, 29 Mar 2013 06:03:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.521 X-Spam-Level: X-Spam-Status: No, score=-102.521 tagged_above=-999 required=5 tests=[AWL=0.079, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1sNomRjHHi4m; Fri, 29 Mar 2013 06:03:26 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DA7E21F93EB; Fri, 29 Mar 2013 06:03:26 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IANA X-Test-IDTracker: no X-IETF-IDTracker: 4.43 X-IETF-Draft-string: draft-ietf-opsec-ipv6-implications-on-ipv4-nets X-IETF-Draft-revision: 03 Message-ID: <20130329130326.13012.5760.idtracker@ietfa.amsl.com> Date: Fri, 29 Mar 2013 06:03:26 -0700 Cc: opsec@ietf.org Subject: [OPSEC] Last Call: (Security Implications of IPv6 on IPv4 Networks) to Informational RFC X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: noreply@ietf.org List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Mar 2013 13:03:27 -0000 The IESG has received a request from the Operational Security Capabilities for IP Network Infrastructure WG (opsec) to consider the following document: - 'Security Implications of IPv6 on IPv4 Networks' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-04-12. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document discusses the security implications of native IPv6 support and IPv6 transition/co-existence technologies on "IPv4-only" networks, and describes possible mitigations for the aforementioned issues. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-opsec-ipv6-implications-on-ipv4-nets/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-opsec-ipv6-implications-on-ipv4-nets/ballot/ No IPR declarations have been submitted directly on this I-D. From brian.e.carpenter@gmail.com Fri Mar 29 06:38:02 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A6A621F85B3; Fri, 29 Mar 2013 06:38:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.574 X-Spam-Level: X-Spam-Status: No, score=-100.574 tagged_above=-999 required=5 tests=[AWL=1.117, BAYES_00=-2.599, RCVD_ILLEGAL_IP=1.908, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W8zxYdZBASGU; Fri, 29 Mar 2013 06:38:02 -0700 (PDT) Received: from mail-wg0-f43.google.com (mail-wg0-f43.google.com [74.125.82.43]) by ietfa.amsl.com (Postfix) with ESMTP id 0BFE721F941C; Fri, 29 Mar 2013 06:38:00 -0700 (PDT) Received: by mail-wg0-f43.google.com with SMTP id f12so429915wgh.10 for ; Fri, 29 Mar 2013 06:38:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:organization:user-agent :mime-version:to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=IBWIbj94Bh1mSMYk1Z7F8vRD8Ll/8vDqjua0DIlOm1E=; b=pjwwVp9SmmxXSYG333MFwLP+YYn+zb9hOPB/sHYeLpzPpdlWBzHK6+bOWX7O7RWUAt Uv4NmLCuSSRE44+J6VK4VpX2DCC1iYcFDGtcsNxHgstWXmX8v9xfllB9cM1TNbvRI6/O CbOTlQ5GHyG2VcyD74yu7spR+QCFQ+EuN15L5X0nPsP8dce3itfEGCJdsHfwrG8p4ncq 4A7rBKY60B19lLUXdIuOGvYi1bIeDZbebqkwbq3Pox/twYUyq1FPvZdvDGwhAfQ44Slg 0xwD0FSNRpl+bZE6ZppDxnN6U/yXmP7eHPlU58me03FpF7yK/Aw0zoeL/OTO35l4lmZ+ 3cXQ== X-Received: by 10.180.92.229 with SMTP id cp5mr22107504wib.20.1364564279881; Fri, 29 Mar 2013 06:37:59 -0700 (PDT) Received: from [192.168.1.65] (host-2-101-189-148.as13285.net. [2.101.189.148]) by mx.google.com with ESMTPS id h10sm3953154wic.8.2013.03.29.06.37.58 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 29 Mar 2013 06:37:58 -0700 (PDT) Message-ID: <51559943.1010703@gmail.com> Date: Fri, 29 Mar 2013 13:38:11 +0000 From: Brian E Carpenter Organization: University of Auckland User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: ietf@ietf.org References: <20130329130326.13012.1402.idtracker@ietfa.amsl.com> In-Reply-To: <20130329130326.13012.1402.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: opsec@ietf.org Subject: Re: [OPSEC] Last Call: (Security Implications of IPv6 on IPv4 Networks) to Informational RFC X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Mar 2013 13:38:02 -0000 Hi, My minimal request for this draft is for my name to be removed from the Acknowledgements, as I do not think that my comments have been acted on. In fact, I think that in its current state, this document is harmful to IPv6 deployment. It in effect encourage sites to fence themselves into an IPv4-only world. Particularly, it explicitly suggests a default/deny approach to IPv6-in-IPv4 tunnels, which would prevent the typical "baby steps" first approach to IPv6 deployment. I would like to see the document convey a positive message, suggesting that an IPv4 site first decides which IPv6 deployment mechanism it will use, and then configures security appropriately (to allow that mechanism and block all others). This wouldn't affect the technical recommendations much if at all. A specific aspect of this is that if a site provides one well-managed 6in4 tunnel mechanism, all tunneled IPv6 packets will pass through well-defined points where security mechanisms may be applied. We shouldn't imply that not having an IPv6 plan and blocking all IPv6 by default is a sound strategy. Regards Brian From radarbha@cisco.com Sun Mar 31 15:31:07 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE0B021F869C for ; Sun, 31 Mar 2013 15:31:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8 X-Spam-Level: X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SGyfl+lyXFMX for ; Sun, 31 Mar 2013 15:31:07 -0700 (PDT) Received: from av-tac-rtp.cisco.com (av-tac-rtp.cisco.com [64.102.19.209]) by ietfa.amsl.com (Postfix) with ESMTP id E9D0021F85B4 for ; Sun, 31 Mar 2013 15:31:06 -0700 (PDT) X-TACSUNS: Virus Scanned Received: from rooster.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r2VMV6NE029416; Sun, 31 Mar 2013 18:31:06 -0400 (EDT) Received: from [10.116.50.246] (rtp-radarbha-8715.cisco.com [10.116.50.246]) by rooster.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r2VMV4TT001382; Sun, 31 Mar 2013 18:31:04 -0400 (EDT) Message-ID: <5158B925.7030003@cisco.com> Date: Sun, 31 Mar 2013 18:31:01 -0400 From: Rama Darbha User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130307 Thunderbird/17.0.4 MIME-Version: 1.0 To: Warren Kumari References: <5150DE8F.5030506@si6networks.com> In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Cc: Fernando Gont , "opsec@ietf.org" Subject: Re: [OPSEC] Reminder: Please review draft-ietf-opsec-lla-only X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Mar 2013 22:31:07 -0000 Warren, This document looks good. Given its scope, there aren't many changes required. There is one section that I found a bit confusing. In section 2.1, the document states: "These link-local addresses SHOULD be hard-coded to prevent the change of EUI-64 addresses when changing of MAC address (such as after changing a network interface card)." This means that this document recommends configuring static LLA addresses. Then in section 2.2, the document states an advantage is: " Lower configuration complexity: LLAs require no specific configuration (except when they are statically configured), thereby lowering the complexity and size of router configurations. This also reduces the likelihood of configuration mistakes." I understand the difference between these two statements, but we should be more explicit in explaining why we recommend static LLA but then discuss the benefits of using non-static LLA addressing. Fundamentally, we are stating that we should configure static LLA, but in case we don't we have an advantage that the configuration complexity is less. I would recommend you tie these two pieces of information together in a more directed statement in section 2.2. For example: " Lower configuration complexity: Commonly, LLAs require no specific configuration and are generated automatically using eui-64 format, thereby lowering the complexity and size of router configurations. This also reduces the likelihood of configuration mistakes. But as noted above, static LLA configuration is recommended to prevent the change of MAC address when changing hardware." This is reiterated in section 2.5, when it states: "It [using LLA addresses] also simplifies router configurations." It would be good to include that this only occurs when not using static LLA addresses, thought it is not recommended. Otherwise, I think the document is clean and clearly addresses its goal. Regards, Rama On 3/26/13 10:38 AM, Warren Kumari wrote: > On Mar 25, 2013, at 7:32 PM, Fernando Gont wrote: > >> Hi, Warren, >> >> I can review the I.D. Quick question: what's the desired deadline for >> reviews? > Thank you, kind sir… > > April 2nd would be great… > > W > >> Thanks! >> >> Best regards, >> Fernando >> >> >> >> >> On 03/25/2013 03:05 PM, Warren Kumari wrote: >>> Dear OpSec WG, >>> >>> This is a reminder to review draft-ietf-opsec-lla-only-03 -- The draft is available here: https://datatracker.ietf.org/doc/draft-ietf-opsec-lla-only/ >>> >>> This has been presented a number of time, and has gotten some in person discussion. This means that it shouldn't take very long to review -- this means that you can get brownie points for reviewing, without having to spend a bunch of time…. >>> >>> W >>> >> >> -- >> Fernando Gont >> SI6 Networks >> e-mail: fgont@si6networks.com >> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 >> >> >> -- Rama Darbha, CCIE #28006 919-574-5071 radarbha@cisco.com Cisco TAC - Security Solutions RTP, NC, USA Hours: 8h30 - 17h00 (EST) http://www.cisco.com/tac