From warren@kumari.net Wed Sep 11 07:17:16 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39B8411E81AD for ; Wed, 11 Sep 2013 07:17:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O7znNj8XUwBW for ; Wed, 11 Sep 2013 07:17:11 -0700 (PDT) Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EF2E11E8220 for ; Wed, 11 Sep 2013 07:17:02 -0700 (PDT) Received: from [192.168.1.153] (unknown [66.84.81.103]) by vimes.kumari.net (Postfix) with ESMTPSA id 4D9371B400DE; Wed, 11 Sep 2013 10:17:01 -0400 (EDT) From: Warren Kumari Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Wed, 11 Sep 2013 10:17:00 -0400 Message-Id: <522B3D9F-07EA-4595-80E4-50B406F0B3A0@kumari.net> To: "OpSec@ietf.org" , draft-gont-opsec-ipv6-nd-security-01@tools.ietf.org Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) X-Mailer: Apple Mail (2.1508) Cc: Warren Kumari Subject: [OPSEC] Call for Adoption: draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Sep 2013 14:17:16 -0000 Dear OpSec WG, This starts a Call for Adoption for = draft-gont-opsec-ipv6-nd-security-01. The draft is available here: = https://datatracker.ietf.org/doc/draft-gont-opsec-ipv6-nd-security-01/ Please review this draft to see if you think it is suitable for adoption = by OpSec, and comments to the list, clearly stating your view. Please also indicate if you are willing to contribute text, review, etc. This WGLC ends Wed 25-Sep-2013. Thanks, Warren Kumari (as OpSec WG co-chair) -- After you'd known Christine for any length of time, you found yourself = fighting a desire to look into her ear to see if you could spot daylight = coming the other way. -- (Terry Pratchett, Maskerade) From warren@kumari.net Wed Sep 11 07:18:30 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AA3611E81A9 for ; Wed, 11 Sep 2013 07:18:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.625 X-Spam-Level: X-Spam-Status: No, score=-100.625 tagged_above=-999 required=5 tests=[AWL=-1.975, BAYES_40=-0.185, FRT_STRONG2=1.535, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ofpMGMeeheQb for ; Wed, 11 Sep 2013 07:18:25 -0700 (PDT) Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2CED21F9EDB for ; Wed, 11 Sep 2013 07:18:25 -0700 (PDT) Received: from [192.168.1.153] (unknown [66.84.81.103]) by vimes.kumari.net (Postfix) with ESMTPSA id 283BE1B400DE; Wed, 11 Sep 2013 10:18:25 -0400 (EDT) From: Warren Kumari Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Wed, 11 Sep 2013 10:18:24 -0400 Message-Id: To: "OpSec@ietf.org" , "draft-gont-opsec-ipv6-nd-security-01@tools.ietf.org" Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) X-Mailer: Apple Mail (2.1508) Cc: Warren Kumari Subject: [OPSEC] Reminder about IPR relating to draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Sep 2013 14:18:30 -0000 Dear OpSec WG, Be not alarmed. The authors of draft-gont-opsec-ipv6-nd-security-01 have asked for it to = be adopted as a OpSec document -- we would like to check whether any = claims of Intellectual Property Rights (IPR) on the document have not = yet been disclosed. Are you personally aware of any IPR that applies to = draft-gont-opsec-ipv6-nd-security-01? If so, has this IPR been = disclosed in compliance with IETF IPR rules? (See RFCs 3979, 4879, 3669, and 5378 for more details.) If you are a document author or listed contributor on this document, = please reply to this email regardless of whether or not you are = personally aware of any relevant IPR. If you are on the OpSec WG email list but are not an author or listed = contributor for this document, you are reminded of your opportunity for = a voluntary IPR disclosure under BCP 79. Please do not reply unless you = want to make such a voluntary disclosure. Online tools for filing IPR disclosures can be found at = . We will be doing this all again when (and if) the document goes to WGLC = -- we are doing it now because a script generated it and it is easy :-) Thanks, Warren Kumari (as OpSec WG co-chair) -- There were such things as dwarf gods. Dwarfs were not a naturally = religious species, but in a world where pit props could crack without = warning and pockets of fire damp could suddenly explode they'd seen the = need for gods as the sort of supernatural equivalent of a hard hat. = Besides, when you hit your thumb with an eight-pound hammer it's nice to = be able to blaspheme. It takes a very special and straong-minded kind of = atheist to jump up and down with their hand clasped under their other = armpit and shout, "Oh, random-fluctuations-in-the-space-time-continuum!" = or "Aaargh, primitive-and-outmoded-concept on a crutch!" -- Terry Pratchett From fgont@si6networks.com Wed Sep 11 07:54:33 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 271AA11E819C for ; Wed, 11 Sep 2013 07:54:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xLed99m789y6 for ; Wed, 11 Sep 2013 07:54:32 -0700 (PDT) Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id 79F6011E816F for ; Wed, 11 Sep 2013 07:54:32 -0700 (PDT) Received: from 202-175-17-190.fibertel.com.ar ([190.17.175.202] helo=[192.168.1.104]) by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1VJloJ-0003RW-EX; Wed, 11 Sep 2013 16:54:27 +0200 Message-ID: <5230841E.8070001@si6networks.com> Date: Wed, 11 Sep 2013 11:54:22 -0300 From: Fernando Gont User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8 MIME-Version: 1.0 To: Warren Kumari References: In-Reply-To: X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "draft-gont-opsec-ipv6-nd-security-01@tools.ietf.org" , "OpSec@ietf.org" Subject: Re: [OPSEC] Reminder about IPR relating to draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Sep 2013 14:54:33 -0000 On 09/11/2013 11:18 AM, Warren Kumari wrote: > The authors of draft-gont-opsec-ipv6-nd-security-01 have asked for it > to be adopted as a OpSec document -- we would like to check whether > any claims of Intellectual Property Rights (IPR) on the document have > not yet been disclosed. > > Are you personally aware of any IPR that applies to > draft-gont-opsec-ipv6-nd-security-01? If so, has this IPR been > disclosed in compliance with IETF IPR rules? (See RFCs 3979, 4879, > 3669, and 5378 for more details.) I know of no IPR claims on the aforementioned document (and would be disappointed if there were any, I should say :-) ). Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 From warren@kumari.net Wed Sep 11 08:45:32 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27C1411E81B5 for ; Wed, 11 Sep 2013 08:45:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.204 X-Spam-Level: X-Spam-Status: No, score=-102.204 tagged_above=-999 required=5 tests=[AWL=0.395, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kR9SvyRMN7Sr for ; Wed, 11 Sep 2013 08:45:25 -0700 (PDT) Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3059C11E81CE for ; Wed, 11 Sep 2013 08:45:15 -0700 (PDT) Received: from [192.168.1.153] (unknown [66.84.81.103]) by vimes.kumari.net (Postfix) with ESMTPSA id 824AA1B4008B; Wed, 11 Sep 2013 11:45:13 -0400 (EDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) From: Warren Kumari In-Reply-To: <5230841E.8070001@si6networks.com> Date: Wed, 11 Sep 2013 11:45:13 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <97DF5BF5-F528-4049-A19F-8DAFBA2235B3@kumari.net> References: <5230841E.8070001@si6networks.com> To: Fernando Gont X-Mailer: Apple Mail (2.1508) Cc: "draft-gont-opsec-ipv6-nd-security-01@tools.ietf.org" , "OpSec@ietf.org" , Warren Kumari Subject: Re: [OPSEC] Reminder about IPR relating to draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Sep 2013 15:45:32 -0000 On Sep 11, 2013, at 10:54 AM, Fernando Gont = wrote: > On 09/11/2013 11:18 AM, Warren Kumari wrote: >> The authors of draft-gont-opsec-ipv6-nd-security-01 have asked for it >> to be adopted as a OpSec document -- we would like to check whether >> any claims of Intellectual Property Rights (IPR) on the document have >> not yet been disclosed. >>=20 >> Are you personally aware of any IPR that applies to >> draft-gont-opsec-ipv6-nd-security-01? If so, has this IPR been >> disclosed in compliance with IETF IPR rules? (See RFCs 3979, 4879, >> 3669, and 5378 for more details.) >=20 > I know of no IPR claims on the aforementioned document (and would be > disappointed if there were any, I should say :-) ). Fair 'nuff. =20 =20 I assumed that, but it doesn't hurt to ask (especially because I have a = script to do so :-)) -- having this info available allows the WG to make = a decision if they want to adopt or not[0]. It also makes it harder for = folk to later claim that they didn't know about the IPR requirements. W [0]: Many folk (myself included) would prefer not to adopt an IPR = encumbered draft if at all possible. >=20 > Thanks, > --=20 > Fernando Gont > SI6 Networks > e-mail: fgont@si6networks.com > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 >=20 >=20 >=20 >=20 > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec >=20 -- My memory is failing, so I changed my password to "incorrect". That way, when I login with the wrong password the computer tells me=85 = "Your password is incorrect". From warren@kumari.net Wed Sep 11 10:20:59 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98ED911E8215 for ; Wed, 11 Sep 2013 10:20:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.27 X-Spam-Level: X-Spam-Status: No, score=-102.27 tagged_above=-999 required=5 tests=[AWL=0.329, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gp9F1qLbgfwv for ; Wed, 11 Sep 2013 10:20:54 -0700 (PDT) Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A5CF11E80D2 for ; Wed, 11 Sep 2013 10:20:42 -0700 (PDT) Received: from [192.168.1.153] (unknown [66.84.81.103]) by vimes.kumari.net (Postfix) with ESMTPSA id 2488C1B400DE; Wed, 11 Sep 2013 13:20:41 -0400 (EDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) From: Warren Kumari In-Reply-To: <97DF5BF5-F528-4049-A19F-8DAFBA2235B3@kumari.net> Date: Wed, 11 Sep 2013 13:20:40 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <72A228D6-AA0A-4A50-A26B-6304352F7ABD@kumari.net> References: <5230841E.8070001@si6networks.com> <97DF5BF5-F528-4049-A19F-8DAFBA2235B3@kumari.net> To: Fernando Gont X-Mailer: Apple Mail (2.1508) Cc: "draft-gont-opsec-ipv6-nd-security-01@tools.ietf.org" , "OpSec@ietf.org" , Warren Kumari Subject: Re: [OPSEC] Reminder about IPR relating to draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Sep 2013 17:20:59 -0000 On Sep 11, 2013, at 11:45 AM, Warren Kumari wrote: >=20 > On Sep 11, 2013, at 10:54 AM, Fernando Gont = wrote: >=20 >> On 09/11/2013 11:18 AM, Warren Kumari wrote: >>> The authors of draft-gont-opsec-ipv6-nd-security-01 have asked for = it >>> to be adopted as a OpSec document -- we would like to check whether >>> any claims of Intellectual Property Rights (IPR) on the document = have >>> not yet been disclosed. >>>=20 >>> Are you personally aware of any IPR that applies to >>> draft-gont-opsec-ipv6-nd-security-01? If so, has this IPR been >>> disclosed in compliance with IETF IPR rules? (See RFCs 3979, 4879, >>> 3669, and 5378 for more details.) >>=20 >> I know of no IPR claims on the aforementioned document (and would be >> disappointed if there were any, I should say :-) ). >=20 > Fair 'nuff. =20 >=20 > I assumed that, but it doesn't hurt to ask (especially because I have = a script to do so :-)) -- having this info available allows the WG to = make a decision if they want to adopt or not[0]. It also makes it harder = for folk to later claim that they didn't know about the IPR = requirements. >=20 > W >=20 =85 and it wasn't clear to at least one participant that I was speaking = as an individual (I didn't explicitly state so). =20 > [0]: Many folk (myself included) would prefer not to adopt an IPR = encumbered draft if at all possible. This was a flippant statement. IPR stuff is complex and subtle. Personally if I was choosing between two drafts, one with (disclosed) = IPR and one without, I would probably choose the draft with no IPR = (assuming all else is equal). Of course, there is a chance that there is undisclosed IPR on both -- so = perhaps the one with the disclosed IPR is actually better (it shows that = someone IPR-aware has considered the issue)! Then there all all the = considerations about licensing, FRAND, etc. As I said, complex and = subtle=85. As a chair I will (of course) adopt, progress, etc drafts with IPR. 'tis = the WGs decision=85 W >=20 >=20 >>=20 >> Thanks, >> --=20 >> Fernando Gont >> SI6 Networks >> e-mail: fgont@si6networks.com >> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 >>=20 >>=20 >>=20 >>=20 >> _______________________________________________ >> OPSEC mailing list >> OPSEC@ietf.org >> https://www.ietf.org/mailman/listinfo/opsec >>=20 >=20 > -- > My memory is failing, so I changed my password to "incorrect". > That way, when I login with the wrong password the computer tells me=85 = "Your password is incorrect". >=20 >=20 >=20 > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec >=20 -- Curse the dark, or light a match. You decide, it's your dark. -- Valdis Kletnieks From wesley.george@twcable.com Wed Sep 11 13:16:14 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCF6511E822C for ; Wed, 11 Sep 2013 13:16:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.463 X-Spam-Level: X-Spam-Status: No, score=-0.463 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5MgK6oXbl1+X for ; Wed, 11 Sep 2013 13:16:09 -0700 (PDT) Received: from cdpipgw02.twcable.com (cdpipgw02.twcable.com [165.237.59.23]) by ietfa.amsl.com (Postfix) with ESMTP id A5F4C11E820C for ; Wed, 11 Sep 2013 13:16:09 -0700 (PDT) X-SENDER-IP: 10.136.163.13 X-SENDER-REPUTATION: None X-IronPort-AV: E=Sophos;i="4.90,886,1371096000"; d="scan'208";a="129938919" Received: from unknown (HELO PRVPEXHUB04.corp.twcable.com) ([10.136.163.13]) by cdpipgw02.twcable.com with ESMTP/TLS/RC4-MD5; 11 Sep 2013 16:14:04 -0400 Received: from PRVPEXVS15.corp.twcable.com ([10.136.163.78]) by PRVPEXHUB04.corp.twcable.com ([10.136.163.13]) with mapi; Wed, 11 Sep 2013 16:16:08 -0400 From: "George, Wes" To: Warren Kumari , "OpSec@ietf.org" , "draft-gont-opsec-ipv6-nd-security-01@tools.ietf.org" Date: Wed, 11 Sep 2013 16:16:07 -0400 Thread-Topic: [OPSEC] Call for Adoption: draft-gont-opsec-ipv6-nd-security-01 Thread-Index: Ac6u+dfIXlfeJm2cQjGMqqbpvMrNTgALoKUg Message-ID: <2671C6CDFBB59E47B64C10B3E0BD5923043A688E64@PRVPEXVS15.corp.twcable.com> References: <522B3D9F-07EA-4595-80E4-50B406F0B3A0@kumari.net> In-Reply-To: <522B3D9F-07EA-4595-80E4-50B406F0B3A0@kumari.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [OPSEC] Call for Adoption: draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Sep 2013 20:16:14 -0000 I think that this is worthwhile work for Opsec to undertake, because ND sec= urity is definitely something that not all vendors and SPs have a handle on= yet, and it's really useful to have all of the information in one place to= be able to point vendors at when trying to improve the state of ND securit= y. That said, I have some concern about the current format of this document vs= . its name and intent. This is supposed to be a security assessment, but ra= ther than simply identifying the current vulnerabilities, it also provides = recommendations on how to secure against them. This is certainly good infor= mation that I support being in a document, we just need to decide if it bel= ongs in this document and whether that drives a title and abstract change t= o reflect the document's purpose more accurately, or whether we want to spl= it out mitigation from assessment. The doc is currently informational, and does not include any RFC2119 boiler= plate, but it makes recommendations for behaviors that are not explicitly r= equired by the existing protocol implementation. Many of the places where "= ...should..." appears in the document look prescriptive/normative to me, an= d it's not always clear from the text/references whether this is simply rei= terating what is already in the standard, or making a new recommendation fo= r better security. e.g. section 3.1: " If the packet does not pass this check, it should be silently dropped. While this is not explicitly required in [RFC4861] this provides an additional counter-measure (other than the validation of the Hop Limit) for non-local malicious nodes willing to make use of Router Solicitation messages for reconnaissance purposes." Perhaps BCP would be a better choice, or info with 2119 keywords, I don't k= now. I'd also recommend moving the current section 6 much earlier in the documen= t, so that you start by discussing the vulnerabilities, and then you can go= into the recommendations on ND validations (current section 3). I'm not su= re how sections 4 and 5 fit into that framework, since they appear to be ta= lking about vulnerabilities as well, but I know that the current one doesn'= t seem very intuitive to me. Thanks, Wes George > -----Original Message----- > From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf > Of Warren Kumari > Sent: Wednesday, September 11, 2013 10:17 AM > To: OpSec@ietf.org; draft-gont-opsec-ipv6-nd-security-01@tools.ietf.org > Cc: Warren Kumari > Subject: [OPSEC] Call for Adoption: draft-gont-opsec-ipv6-nd-security-01 > > Dear OpSec WG, > > This starts a Call for Adoption for draft-gont-opsec-ipv6-nd-security- > 01. > Anything below this line has been added by my company's mail server, I have= no control over it. ----------------- This E-mail and any of its attachments may contain Time Warner Cable propri= etary information, which is privileged, confidential, or subject to copyrig= ht belonging to Time Warner Cable. This E-mail is intended solely for the u= se of the individual or entity to which it is addressed. If you are not the= intended recipient of this E-mail, you are hereby notified that any dissem= ination, distribution, copying, or action taken in relation to the contents= of and attachments to this E-mail is strictly prohibited and may be unlawf= ul. If you have received this E-mail in error, please notify the sender imm= ediately and permanently delete the original and any copy of this E-mail an= d any printout. From internet-drafts@ietf.org Mon Sep 16 10:11:13 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC9DB11E82AC; Mon, 16 Sep 2013 10:11:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.572 X-Spam-Level: X-Spam-Status: No, score=-102.572 tagged_above=-999 required=5 tests=[AWL=0.028, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TGv+Jfb0BPYu; Mon, 16 Sep 2013 10:11:13 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4855E21F8E85; Mon, 16 Sep 2013 10:11:13 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.71.p1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20130916171113.17140.42385.idtracker@ietfa.amsl.com> Date: Mon, 16 Sep 2013 10:11:13 -0700 Cc: opsec@ietf.org Subject: [OPSEC] I-D Action: draft-ietf-opsec-ip-options-filtering-05.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 17:11:13 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Operational Security Capabilities for IP = Network Infrastructure Working Group of the IETF. Title : Recommendations on filtering of IPv4 packets containing = IPv4 options. Author(s) : Fernando Gont RJ Atkinson Carlos Pignataro Filename : draft-ietf-opsec-ip-options-filtering-05.txt Pages : 33 Date : 2013-09-16 Abstract: This document provides advice on the filtering of IPv4 packets based on the IPv4 options they contain. Additionally, it discusses the operational and interoperability implications of dropping packets based on the IP options they contain. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-opsec-ip-options-filtering There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-opsec-ip-options-filtering-05 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-opsec-ip-options-filtering-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From iesg-secretary@ietf.org Mon Sep 16 12:05:44 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 241F711E8321; Mon, 16 Sep 2013 12:05:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.449 X-Spam-Level: X-Spam-Status: No, score=-102.449 tagged_above=-999 required=5 tests=[AWL=0.151, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CxraZpFBmAzM; Mon, 16 Sep 2013 12:05:43 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0995C11E830D; Mon, 16 Sep 2013 12:05:04 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IETF-Announce X-Test-IDTracker: no X-IETF-IDTracker: 4.71.p1 Auto-Submitted: auto-generated Precedence: bulk Sender: Message-ID: <20130916190502.31537.46859.idtracker@ietfa.amsl.com> Date: Mon, 16 Sep 2013 12:05:02 -0700 Cc: opsec@ietf.org Subject: [OPSEC] Last Call: (Recommendations on filtering of IPv4 packets containing IPv4 options.) to Best Current Practice X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Reply-To: ietf@ietf.org List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 19:05:44 -0000 The IESG has received a request from the Operational Security Capabilities for IP Network Infrastructure WG (opsec) to consider the following document: - 'Recommendations on filtering of IPv4 packets containing IPv4 options.' as Best Current Practice The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-09-30. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document provides advice on the filtering of IPv4 packets based on the IPv4 options they contain. Additionally, it discusses the operational and interoperability implications of dropping packets based on the IP options they contain. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-opsec-ip-options-filtering/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-opsec-ip-options-filtering/ballot/ No IPR declarations have been submitted directly on this I-D. From warren@kumari.net Mon Sep 16 15:01:27 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70CD411E81C6 for ; Mon, 16 Sep 2013 15:01:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.405 X-Spam-Level: X-Spam-Status: No, score=-102.405 tagged_above=-999 required=5 tests=[AWL=0.194, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N9Sa5nc+G0Cr for ; Mon, 16 Sep 2013 15:01:22 -0700 (PDT) Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA3A211E819C for ; Mon, 16 Sep 2013 15:01:22 -0700 (PDT) Received: from [192.168.1.153] (unknown [66.84.81.103]) by vimes.kumari.net (Postfix) with ESMTPSA id 2C7BA1B401BE; Mon, 16 Sep 2013 18:01:22 -0400 (EDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) From: Warren Kumari In-Reply-To: <522B3D9F-07EA-4595-80E4-50B406F0B3A0@kumari.net> Date: Mon, 16 Sep 2013 18:01:21 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <522B3D9F-07EA-4595-80E4-50B406F0B3A0@kumari.net> To: "OpSec@ietf.org" , draft-gont-opsec-ipv6-nd-security-01@tools.ietf.org X-Mailer: Apple Mail (2.1508) Cc: Warren Kumari Subject: Re: [OPSEC] Call for Adoption: draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 22:01:27 -0000 A reminder that this adoption call is ongoing=85 Please review the draft and comment if you think that this should be = adopted (or not) W On Sep 11, 2013, at 10:17 AM, Warren Kumari wrote: > Dear OpSec WG, >=20 > This starts a Call for Adoption for = draft-gont-opsec-ipv6-nd-security-01. >=20 > The draft is available here: = https://datatracker.ietf.org/doc/draft-gont-opsec-ipv6-nd-security-01/ >=20 > Please review this draft to see if you think it is suitable for = adoption by OpSec, > and comments to the list, clearly stating your view. >=20 > Please also indicate if you are willing to contribute text, review, = etc. >=20 > This WGLC ends Wed 25-Sep-2013. >=20 > Thanks, > Warren Kumari > (as OpSec WG co-chair) >=20 >=20 > -- > After you'd known Christine for any length of time, you found yourself = fighting a desire to look into her ear to see if you could spot daylight = coming the other way. >=20 > -- (Terry Pratchett, Maskerade) >=20 >=20 >=20 >=20 > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec >=20 --=20 "I think it would be a good idea."=20 - Mahatma Ghandi, when asked what he thought of Western civilization From swmike@swm.pp.se Mon Sep 16 23:19:35 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCB7E11E836E for ; Mon, 16 Sep 2013 23:19:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.337 X-Spam-Level: X-Spam-Status: No, score=-5.337 tagged_above=-999 required=5 tests=[AWL=0.912, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GwI+bu101hoP for ; Mon, 16 Sep 2013 23:19:30 -0700 (PDT) Received: from uplift.swm.pp.se (swm.pp.se [212.247.200.143]) by ietfa.amsl.com (Postfix) with ESMTP id 605B911E8373 for ; Mon, 16 Sep 2013 23:19:30 -0700 (PDT) Received: by uplift.swm.pp.se (Postfix, from userid 501) id A76289C; Tue, 17 Sep 2013 08:19:28 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id 9EC299A; Tue, 17 Sep 2013 08:19:28 +0200 (CEST) Date: Tue, 17 Sep 2013 08:19:28 +0200 (CEST) From: Mikael Abrahamsson To: Warren Kumari In-Reply-To: Message-ID: References: <522B3D9F-07EA-4595-80E4-50B406F0B3A0@kumari.net> User-Agent: Alpine 2.02 (DEB 1266 2009-07-14) Organization: People's Front Against WWW MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="-137064504-384277260-1379398768=:32315" Cc: draft-gont-opsec-ipv6-nd-security-01@tools.ietf.org, "OpSec@ietf.org" Subject: Re: [OPSEC] Call for Adoption: draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2013 06:19:35 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. ---137064504-384277260-1379398768=:32315 Content-Type: TEXT/PLAIN; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8BIT On Mon, 16 Sep 2013, Warren Kumari wrote: > A reminder that this adoption call is ongoing… > > Please review the draft and comment if you think that this should be adopted (or not) I have read this draft, I have sent comments to authors, and I support its adoption. -- Mikael Abrahamsson email: swmike@swm.pp.se ---137064504-384277260-1379398768=:32315-- From heard@pobox.com Sat Sep 21 16:24:06 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C3AE21F8F07 for ; Sat, 21 Sep 2013 16:24:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.649 X-Spam-Level: X-Spam-Status: No, score=-0.649 tagged_above=-999 required=5 tests=[AWL=-0.650, BAYES_50=0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pXfH8MKORrg5 for ; Sat, 21 Sep 2013 16:24:01 -0700 (PDT) Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2740921F99D0 for ; Sat, 21 Sep 2013 16:24:00 -0700 (PDT) Received: (qmail 301 invoked from network); 21 Sep 2013 16:23:54 -0700 Received: from shell4.bayarea.net (209.128.82.1) by shell4.bayarea.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 21 Sep 2013 16:23:54 -0700 Date: Sat, 21 Sep 2013 16:23:54 -0700 (PDT) From: "C. M. Heard" X-X-Sender: heard@shell4.bayarea.net To: IETF In-Reply-To: <20130916190502.31537.46859.idtracker@ietfa.amsl.com> Message-ID: References: <20130916190502.31537.46859.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: OPSEC Subject: Re: [OPSEC] Last Call: (Recommendations on filtering of IPv4 packets containing IPv4 options) to Best Current Practice X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Sep 2013 23:24:06 -0000 On Mon, 16 Sep 2013, The IESG wrote: > The IESG has received a request from the Operational Security > Capabilities for IP Network Infrastructure WG (opsec) to consider the > following document: > - 'Recommendations on filtering of IPv4 packets containing IPv4 options.' > as Best Current Practice > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@ietf.org mailing lists by 2013-09-30. I would like to see the following issues addressed before this document is approved for publication. I have suggested specific replacement text in most cases, but I recognize that there are other ways to address the concerns that I raise. Sections 4.3 (LSRR) and 4.4 (SSRR): OLD: 4.3.5. Advice Routers, security gateways, and firewalls SHOULD implement an option- specific configuration knob whether packets with this option are dropped, packets with this IP option are forwarded as if they did not contain this IP option, or packets with this option are processed and forwarded as per [RFC0791]. The default setting for this knob SHOULD be "drop", and the default setting MUST be documented. NEW: 4.3.5. Advice Routers, security gateways, and firewalls SHOULD implement an option- specific configuration knob whether packets with this option are dropped or whether packets with this option are processed and forwarded as per [RFC0791]. The default setting for this knob SHOULD be "drop", and the default setting MUST be documented. The same change should be applied to 4.4.5. Rationale: pretending that the option is not present will result in violation of the semantics of the option. More specifically, if a node is specified in the dettination address of the IPv4 header ignores an unexpired source route option, then it will consume a packet that is actually addressed to another node. Section 4.6 (Stream ID): Editorial: OLD: However, as stated by Section 3.2.1.8 of RFC 1122 [RFC1122] and Section 4.2.2.1 of RFC 1812 [RFC1812], this option is obsolete. Therefore, it must be ignored by the processing systems. See also Section 5. NEW: However, as stated by Section 3.2.1.8 of RFC 1122 [RFC1122] and Section 4.2.2.1 of RFC 1812 [RFC1812], this option is obsolete. Therefore, it must be ignored by the processing systems. Rationale: Section 5 is the IANA Considerations section. RFC 6814 requested IANA to mark this option as obsolete, and that has been done. No change is needed to Section 5 as it does not request any actions from IANA. Misuse of RFC 2119 language: Section 4.6.3, Threats, says: No specific security issues are known for this IPv4 option. while Section 4.6.5, Advice, says: Routers, security gateways, and firewalls SHOULD drop IP packets containing a Stream Identifier option. Note that RFC 2119, Section 6 says: Imperatives of the type defined in this memo must be used with care and sparingly. In particular, they MUST only be used where it is actually required for interoperation or to limit behavior which has potential for causing harm (e.g., limiting retransmisssions). For example, they must not be used to try to impose a particular method on implementors where the method is not required for interoperability. The document does not identify any interoperability problems or potential harm that would be mitigated by dropping packets with this option. The SHOULD in Section 4.6.5 is therefore unjustified. Possible fixes: either provide a valid justification for the SHOULD, change it to a MAY, or specify that the Stream ID option SHOULD be treated in the same manner as an unknown option, i.e., as specified in Section 4.23.4. My vote would be for the latter; possible replacement text along those lines is as follows: NEW: 4.6.5. Advice Routers, security gateways, and firewalls SHOULD process IP packets containing this option in the same manner as those containing unknown options (see Section 4.23.4). Section 4.7: The Internet Timestamp option has similar uses as the Record Route option, and should be treated similarly. Specifically: OLD: 4.7.1. Uses This option provides a means for recording the time at which each system processed this datagram. NEW: 4.7.1. Uses This option provides a means for recording the time at which each system (or a specified set of systems) processed this datagram, and may optionally record the addresses of the systems providing the timestamps. OLD: 4.7.4. Operational and Interoperability Impact if Blocked None. 4.7.5. Advice Routers, security gateways, and firewalls SHOULD drop IP packets containing an Internet Timestamp option. NEW: 4.7.4. Operational and Interoperability Impact if Blocked Network troubleshooting techniques that may employ the Internet Timestamp option (such as ping with the Timestamp option) would break when using the Timestamp option (ping without IPv4 options is not impacted). Nevertheless, it should be noted that it is virtually impossible to use such techniques due to widespread dropping of packets that contain Internet Timestamp options. 4.7.5. Advice Routers, security gateways, and firewalls SHOULD implement an option- specific configuration knob whether packets with this option are dropped, packets with this IP option are forwarded as if they did not contain this IP option, or packets with this option are processed and forwarded as per [RFC0791]. The default setting for this knob SHOULD be "drop", and the default setting MUST be documented. Sections 4.9 (Probe MTU) and 4.10 (Reply MTU): OLD: 4.9.3. Threats No specific security issues are known for this IPv4 option. NEW: 4.9.3. Threats This option could have been exploited to cause a host to set its PMTU estimate to an inordinately low or an inordinately high value, thereby causing performance problems. The same change should be applied to Section 4.10.3. In the absence of this change (or something like it), the advice in Sections 4.9.5 and 4.10.5 to drop packets containing these options lacks sufficient justification. Section 4.11 (Traceroute): OLD: 4.11.3. Threats No specific security issues are known for this IPv4 option. NEW: 4.11.3. Threats Because this option required each router in the path both to provide special processing and to send an ICMP message, it could have been exploited to perform a Denial of Service (DoS) attack by exhausting CPU resources at the processing routers. In the absence of of this change (or something like it), the advice in Sections 4.11.5 to drop packets containing this option lacks sufficient justification. Section 4.15 (VISA): OLD: 4.15.5. Advice Routers, security gateways, and firewalls SHOULD drop IP packets that contain this option. NEW: 4.15.5. Advice Routers, security gateways, and firewalls SHOULD process IP packets containing this option in the same manner as those containing unknown options (see Section 4.23.4). Rationale: the identifiable security issues are identical with those associated with unknown options. Section 4.16 (Extended Internet Protocol): OLD: 4.16.3. Threats There are no know threats arising from this option, other than the general security implications of IP options discussed in Section 3. NEW: 4.16.3. Threats This option was used (or was intended to be used) to signal that a packet superficially similar to an IPv4 packet actually containted a different protocol, opening up the possibility that an IPv4 node that simply ignored this option would process a received packet in a manner inconsistent with the intent of the sender. In the absence of of this change (or something like it), the advice in Sections 4.16.5 to drop packets containing this option lacks sufficient justification. Section 4.17 (Address Extension): OLD: 4.17.5. Advice Routers, security gateways, and firewalls SHOULD drop IP packets that contain this option. NEW: 4.17.5. Advice Routers, security gateways, and firewalls SHOULD process IP packets containing this option in the same manner as those containing unknown options (see Section 4.23.4). Rationale: my reading of RFC 1475 reveals no specific security threats from this option, as is stated in Section 4.17.3. The identifiable security issues are therefore no worse than those associated with unknown options. 4.18 (Sender-Directed Mult-Destination Delivery) OLD: 4.18.3. Threats This option could have been exploited for bandwidth-amplification in Denial of Service (DoS) attacks. NEW: 4.18.3. Threats This option could have been exploited for bandwidth-amplification in Denial of Service (DoS) attacks. In addition, end nodes that simply ignored this option (instead of performing destination address filtering as specified in [RFC1770]) could have processed a received packet in a manner inconsistent with the intent of the sender. 4.20 (Upstream Multicast): OLD: 4.20.3. Threats None. NEW: 4.20.3. Threats A router that ignored this option instead of processing it as specified in [I-D.farinacci-bidir-pim] could have forwarded multicast packets to an unintended destination. In the absence of of this change (or something like it), the advice in Sections 4.20.5 to drop packets containing this option lacks sufficient justification. Section 4.21, Quick-Start: The last paragraph of 4.21.5 seems to belong in 4.21.3. Thanks and regards, Mike Heard From rja.lists@gmail.com Wed Sep 25 11:50:25 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49B8621F9DCE for ; Wed, 25 Sep 2013 11:50:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CnX7E2WJTZPY for ; Wed, 25 Sep 2013 11:50:24 -0700 (PDT) Received: from mail-ye0-x22e.google.com (mail-ye0-x22e.google.com [IPv6:2607:f8b0:4002:c04::22e]) by ietfa.amsl.com (Postfix) with ESMTP id BF7B621F9D9C for ; Wed, 25 Sep 2013 11:50:24 -0700 (PDT) Received: by mail-ye0-f174.google.com with SMTP id q4so33133yen.33 for ; Wed, 25 Sep 2013 11:50:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=j9OEgSIt2vG/md8KzJZ0VIqjmhl7qe7U3u2N9ZijWLI=; b=tWdfpEKkCKkakZyrLtMk03gnWPo5TnkPM8/nGDFiRLjnievrDdMyDSy2i0BI1UI/JR G4YF3o0ytnN7Cnd6Vp7blz2p8sl988jSPuvT1KPCem9IOcrWUwG2rTGVxjhLI76jSu86 3CbbbYBfJxF5Dtl4N+Deu50QhwOXjaq15jLtDX+QYk3ppMLYRZFbmIxr8MWj9EWGIwuo NIQhITZ7qA2whrR71Yx+Fj/MC5G9NJ8byIr+qxcJuuPPYG3YaMT1em+Qdx2GoBRwfHCK qI1jDKorjH/aMGs+gM4DlpOynxD63U2OwrCRxUFVdqOLDTQlI5C7StfH1IvOH36TQPNn QXtQ== X-Received: by 10.236.83.69 with SMTP id p45mr7786684yhe.40.1380135024238; Wed, 25 Sep 2013 11:50:24 -0700 (PDT) Received: from [10.30.20.11] (pool-96-255-149-117.washdc.fios.verizon.net. [96.255.149.117]) by mx.google.com with ESMTPSA id e10sm55737319yhj.1.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 25 Sep 2013 11:50:23 -0700 (PDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Apple Message framework v1283) From: RJ Atkinson In-Reply-To: <52420285.4050104@si6networks.com> Date: Wed, 25 Sep 2013 14:50:22 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <1AE83396-EB5E-4EF8-9F43-F1CB05CD1ED2@gmail.com> References: <52420285.4050104@si6networks.com> To: opsec@ietf.org X-Mailer: Apple Mail (2.1283) Subject: Re: [OPSEC] Call for Adoption: draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Sep 2013 18:50:25 -0000 Earlier, Warren Kumari wrote, in part: > A reminder that this adoption call is ongoing=85 >=20 > Please review the draft and comment > if you think that this should be > adopted (or not) >=20 > W Yes, please. Ran From Tina.Tsou.Zouting@huawei.com Wed Sep 25 12:03:29 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3330D21F9CC8 for ; Wed, 25 Sep 2013 12:03:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.722 X-Spam-Level: X-Spam-Status: No, score=-5.722 tagged_above=-999 required=5 tests=[AWL=-0.876, BAYES_00=-2.599, MIME_BASE64_TEXT=1.753, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MVojA0Mmc2Ym for ; Wed, 25 Sep 2013 12:03:25 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id 9FFD321F9C4D for ; Wed, 25 Sep 2013 12:03:20 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml203-edg.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id AYG03787; Wed, 25 Sep 2013 19:03:18 +0000 (GMT) Received: from LHREML401-HUB.china.huawei.com (10.201.5.240) by lhreml203-edg.huawei.com (172.18.7.221) with Microsoft SMTP Server (TLS) id 14.3.146.0; Wed, 25 Sep 2013 20:02:24 +0100 Received: from SJCEML402-HUB.china.huawei.com (10.212.94.43) by lhreml401-hub.china.huawei.com (10.201.5.240) with Microsoft SMTP Server (TLS) id 14.3.146.0; Wed, 25 Sep 2013 20:03:17 +0100 Received: from SJCEML501-MBS.china.huawei.com ([169.254.2.42]) by sjceml402-hub.china.huawei.com ([10.212.94.43]) with mapi id 14.03.0146.000; Wed, 25 Sep 2013 12:03:10 -0700 From: Tina TSOU To: RJ Atkinson Thread-Topic: [OPSEC] Call for Adoption: draft-gont-opsec-ipv6-nd-security-01 Thread-Index: AQHOuiAW8dN60r7qrU2GF9jcQ40SyJnWz4Aw Date: Wed, 25 Sep 2013 19:03:10 +0000 Message-ID: <7AC64741-4A9C-4EAD-993A-6BCB26E8E960@huawei.com> References: <52420285.4050104@si6networks.com>, <1AE83396-EB5E-4EF8-9F43-F1CB05CD1ED2@gmail.com> In-Reply-To: <1AE83396-EB5E-4EF8-9F43-F1CB05CD1ED2@gmail.com> Accept-Language: en-US, zh-CN Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected Cc: "opsec@ietf.org" Subject: Re: [OPSEC] Call for Adoption: draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Sep 2013 19:03:29 -0000 RGVhciBhbGwsDQpJIHJldmlld2VkIHRoaXMgdmVyc2lvbiBvZiB0aGUgZHJhZnQuDQpUaGlzIGRv Y3VtZW50IHByb3ZpZGVzIGEgdGhvcm91Z2ggYXNzZXNzbWVudCBvZiBJUHY2IE5laWdoYm9yIERp c2NvdmVyeQ0KYW5kIHRoZSBjb3JyZXNwb25kaW5nIGltcGxlbWVudGF0aW9ucy4gDQpJdCBkb2N1 bWVudHMgZmxhd3MgdGhhdCBoYXZlIGFmZmVjdGVkIHBvcHVsYXIgaW1wbGVtZW50YXRpb25zLCBh bG9uZyB3aXRoIHdvcmthcm91bmRzIHRvIG1pdGlnYXRlIHRoZW0uIFRoaXMgaXMgYSB2YWx1YWJs ZSBjb250cmlidXRpb24gdG8gaGVscCBpbXByb3ZlIHRoZSBtYXR1cml0eSBvZiBJUHY2IE5laWdo Ym9yIERpc2NvdmVyeSBpbXBsZW1lbnRhdGlvbnMsIHN1Y2ggdGhhdCBpc3N1ZXMgbGlrZSBSRkMg NjU4MyBjYW4gYmUgcHJvYWN0aXZlbHkgYWRkcmVzc2VkLg0KDQpUaGFuayB5b3UsDQpUaW5hDQoN Ck9uIFNlcCAyNSwgMjAxMywgYXQgMTE6NTAgQU0sICJSSiBBdGtpbnNvbiIgPHJqYS5saXN0c0Bn bWFpbC5jb20+IHdyb3RlOg0KDQo+IEVhcmxpZXIsIFdhcnJlbiBLdW1hcmkgd3JvdGUsIGluIHBh cnQ6DQo+PiBBIHJlbWluZGVyIHRoYXQgdGhpcyBhZG9wdGlvbiBjYWxsIGlzIG9uZ29pbmehrQ0K Pj4gDQo+PiBQbGVhc2UgcmV2aWV3IHRoZSBkcmFmdCBhbmQgY29tbWVudA0KPj4gaWYgeW91IHRo aW5rIHRoYXQgdGhpcyBzaG91bGQgYmUNCj4+IGFkb3B0ZWQgKG9yIG5vdCkNCj4+IA0KPj4gVw0K PiANCj4gWWVzLCBwbGVhc2UuDQo+IA0KPiBSYW4NCj4gDQo+IA0KPiANCj4gX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gT1BTRUMgbWFpbGluZyBsaXN0 DQo+IE9QU0VDQGlldGYub3JnDQo+IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGlu Zm8vb3BzZWMNCg== From sm@resistor.net Wed Sep 25 16:35:22 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0B6611E8117 for ; Wed, 25 Sep 2013 16:35:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.677 X-Spam-Level: X-Spam-Status: No, score=-102.677 tagged_above=-999 required=5 tests=[AWL=-0.078, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GNYv6-kzz1dR for ; Wed, 25 Sep 2013 16:35:21 -0700 (PDT) Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C0D811E8111 for ; Wed, 25 Sep 2013 16:35:08 -0700 (PDT) Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r8PNZ1jQ025555; Wed, 25 Sep 2013 16:35:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1380152106; bh=+KogSokeITsp3kKeeXBdBZKHDtisZ4awOtSCBaxQE8Q=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=uprX76AOz0apN3RxccqlCw566jdEPRHjWJY3ENcTnH1/5Kja0staTd+BBnj1vi9LC hNjsDoljEFX8eKa3eL/EtTqorztdoLc5HPvtnqvUSmwhLHYa6Pl/IaENt7leS3/oIu yqcT/s+rRLAAKazURr35S0tilgMhA4Y7xque5msU= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1380152106; i=@resistor.net; bh=+KogSokeITsp3kKeeXBdBZKHDtisZ4awOtSCBaxQE8Q=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=26lFcd3sQcjlw+NooC0Qmd2t94oa1WrQMQZq2pWsHV298rQ6ZpE8giYXjTDLRfBqo fZ7HRuKeqJ4J9SQJB0XVcgxMnCbHTeOK2LO0ZL9NS7G9nfKhhZggLXbSBbYceK9+5l WttpwVQd8yieX65q2NyMjnFC8w+KFEKGv8vmHM4U= Message-Id: <6.2.5.6.2.20130925155253.0d5f02f0@resistor.net> X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6 Date: Wed, 25 Sep 2013 16:03:48 -0700 To: OpSec@ietf.org From: SM In-Reply-To: References: <522B3D9F-07EA-4595-80E4-50B406F0B3A0@kumari.net> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable Cc: Warren Kumari Subject: Re: [OPSEC] Call for Adoption: draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Sep 2013 23:35:22 -0000 At 15:01 16-09-2013, Warren Kumari wrote: >A reminder that this adoption call is ongoing=85 > >Please review the draft and comment if you think=20 >that this should be adopted (or not) I'll volunteer to review=20 draft-gont-opsec-ipv6-nd-security [1]. It's a=20 good idea of having a document about security=20 assessment of Neighbour Discovery. Regards, -sm 1. draft-gont-opsec-ipv6-nd-security-01 is an expired draft.=20 From aservin@lacnic.net Thu Sep 26 06:01:21 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 691D421F9B8A for ; Thu, 26 Sep 2013 06:01:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lbJY9v5MPk9d for ; Thu, 26 Sep 2013 06:01:17 -0700 (PDT) Received: from mail.lacnic.net.uy (mail.lacnic.net.uy [IPv6:2001:13c7:7001:4000::3]) by ietfa.amsl.com (Postfix) with ESMTP id D879F21F9BD0 for ; Thu, 26 Sep 2013 06:01:08 -0700 (PDT) Received: from Arturos-MacBook-Pro.local (unknown [IPv6:2001:13c7:7001:7000:e5d5:33e6:cdb7:d97b]) by mail.lacnic.net.uy (Postfix) with ESMTP id 7FF9B30849A for ; Thu, 26 Sep 2013 10:00:32 -0300 (UYT) Message-ID: <52443007.6050000@lacnic.net> Date: Thu, 26 Sep 2013 10:00:55 -0300 From: Arturo Servin Organization: LACNIC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: opsec@ietf.org References: <522B3D9F-07EA-4595-80E4-50B406F0B3A0@kumari.net> In-Reply-To: X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-LACNIC.uy-MailScanner-Information: Please contact the ISP for more information X-LACNIC.uy-MailScanner: Found to be clean X-LACNIC.uy-MailScanner-SpamCheck: X-LACNIC.uy-MailScanner-From: aservin@lacnic.net Subject: Re: [OPSEC] Call for Adoption: draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Sep 2013 13:01:21 -0000 Yes, adopt. This document presents a good assestment of the challenges/problems/vulnerabilities that ND has. Regards, as On 9/16/13 7:01 PM, Warren Kumari wrote: > A reminder that this adoption call is ongoing… > > Please review the draft and comment if you think that this should be adopted (or not) > > W > On Sep 11, 2013, at 10:17 AM, Warren Kumari wrote: > >> Dear OpSec WG, >> >> This starts a Call for Adoption for draft-gont-opsec-ipv6-nd-security-01. >> >> The draft is available here: https://datatracker.ietf.org/doc/draft-gont-opsec-ipv6-nd-security-01/ >> >> Please review this draft to see if you think it is suitable for adoption by OpSec, >> and comments to the list, clearly stating your view. >> >> Please also indicate if you are willing to contribute text, review, etc. >> >> This WGLC ends Wed 25-Sep-2013. >> >> Thanks, >> Warren Kumari >> (as OpSec WG co-chair) >> >> >> -- >> After you'd known Christine for any length of time, you found yourself fighting a desire to look into her ear to see if you could spot daylight coming the other way. >> >> -- (Terry Pratchett, Maskerade) >> >> >> >> >> _______________________________________________ >> OPSEC mailing list >> OPSEC@ietf.org >> https://www.ietf.org/mailman/listinfo/opsec >> > From warren@kumari.net Mon Sep 30 09:27:38 2013 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5494621F92B2 for ; Mon, 30 Sep 2013 09:27:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.444 X-Spam-Level: X-Spam-Status: No, score=-102.444 tagged_above=-999 required=5 tests=[AWL=0.155, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o6h6DLIArWO1 for ; Mon, 30 Sep 2013 09:27:33 -0700 (PDT) Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4B9321F8F6D for ; Mon, 30 Sep 2013 09:27:30 -0700 (PDT) Received: from [192.168.1.153] (unknown [66.84.81.70]) by vimes.kumari.net (Postfix) with ESMTPSA id 5BF1C1B40538; Mon, 30 Sep 2013 12:27:28 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) From: Warren Kumari In-Reply-To: <522B3D9F-07EA-4595-80E4-50B406F0B3A0@kumari.net> Date: Mon, 30 Sep 2013 12:27:27 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <23B491C4-EEB6-4341-BC65-252479D77187@kumari.net> References: <522B3D9F-07EA-4595-80E4-50B406F0B3A0@kumari.net> To: "OpSec@ietf.org" , draft-gont-opsec-ipv6-nd-security-01@tools.ietf.org X-Mailer: Apple Mail (2.1510) Cc: Warren Kumari Subject: Re: [OPSEC] Call for Adoption: draft-gont-opsec-ipv6-nd-security-01 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Sep 2013 16:27:38 -0000 And the call for adoption has completed. We see sufficient support to adopt this work. Authors, please resubmit the document as a draft-ietf-opsec-* document = (either before or after addressing Wes's comments). Thank you everyone for review and submitting feedback, we really = appreciate it. Warren Kumari (as OpSec WG co-chair) On Sep 11, 2013, at 10:17 AM, Warren Kumari wrote: > Dear OpSec WG, >=20 > This starts a Call for Adoption for = draft-gont-opsec-ipv6-nd-security-01. >=20 > The draft is available here: = https://datatracker.ietf.org/doc/draft-gont-opsec-ipv6-nd-security-01/ >=20 > Please review this draft to see if you think it is suitable for = adoption by OpSec, > and comments to the list, clearly stating your view. >=20 > Please also indicate if you are willing to contribute text, review, = etc. >=20 > This WGLC ends Wed 25-Sep-2013. >=20 > Thanks, > Warren Kumari > (as OpSec WG co-chair) >=20 >=20 > -- > After you'd known Christine for any length of time, you found yourself = fighting a desire to look into her ear to see if you could spot daylight = coming the other way. >=20 > -- (Terry Pratchett, Maskerade) >=20 >=20 >=20 >=20 -- For every complex problem, there is a solution that is simple, neat, and = wrong. -- H. L. Mencken