From nobody Wed Feb 21 06:15:40 2018 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FDEA127419; Wed, 21 Feb 2018 06:15:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.53 X-Spam-Level: X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eOcWcKGt407V; Wed, 21 Feb 2018 06:15:37 -0800 (PST) Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5856127136; Wed, 21 Feb 2018 06:15:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4830; q=dns/txt; s=iport; t=1519222537; x=1520432137; h=from:to:cc:subject:date:message-id:mime-version; bh=sxWs1SQ8WeFb7d8yKTeJ8MLxGWCo4LzSTBP4osvHO9k=; b=SLGUzJ9AISMfzl27nQqhMKCiGhxI0UkIQt8c4288gG4OFVqbaqHXOHLr 2Ztpac71y5o19IzK25omoPkDtRGM4c97+bAZs3L8mHincL3dXmRW9SnNg /ZfsFpVG/Gv+gxQh3jpBiBFi4IxeW84z4qQJnO/oiiPug04z1Fp8bUZhJ s=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B7AQBvfo1a/4ENJK1dGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAYJadWZwMoNeiiWNd4FbgT6QboVcFIICCoU0HIJcVBgBAgE?= =?us-ascii?q?BAQEBAQJrKIVHBlYSAQw+AgQwJwQOiURkqieCJyaEWoN7ghMBAQEBAQEBAQE?= =?us-ascii?q?BAQEBAQEBAQEBAQEdhQ6CJ4FXghAMhEKDIhWDOjGCNAWSVpFlCQKCCJQDgiC?= =?us-ascii?q?GKYt8l3kCERkBgTsBHzmBUXAVZAGCGYJfghaMZ4EZAQEB?= X-IronPort-AV: E=Sophos;i="5.46,543,1511827200"; d="scan'208,217";a="348188432" Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Feb 2018 14:15:36 +0000 Received: from XCH-RTP-015.cisco.com (xch-rtp-015.cisco.com [64.101.220.155]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id w1LEFaal025155 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 21 Feb 2018 14:15:36 GMT Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-015.cisco.com (64.101.220.155) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 21 Feb 2018 09:15:35 -0500 Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1320.000; Wed, 21 Feb 2018 09:15:35 -0500 From: "Eric Vyncke (evyncke)" To: OPSEC CC: "opsec-chairs@ietf.org" Thread-Topic: Call for agenda Items @ IETF101 Thread-Index: AQHTqx5wsEwjDSuGCE+54tfFH8vcOg== Date: Wed, 21 Feb 2018 14:15:35 +0000 Message-ID: Accept-Language: fr-FR, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.1e.0.170107 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.228.42.89] Content-Type: multipart/alternative; boundary="_000_A9597C4108004CE59791F03A02B3AF57ciscocom_" MIME-Version: 1.0 Archived-At: Subject: [OPSEC] Call for agenda Items @ IETF101 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 14:15:39 -0000 --_000_A9597C4108004CE59791F03A02B3AF57ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 RGVhciBhbGwsDQoNCg0KDQpUaGUgY2hhaXJzIGFyZSBwdWxsaW5nIHRvZ2V0aGVyIHRoZSBhZ2Vu ZGEgZm9yIElFVEYgMTAxLg0KDQoNCg0KSW4gcHJlcGFyYXRpb24gZm9yIHRoZSBPUFNFQyBXRyBt ZWV0aW5nIChjdXJyZW50bHkgc2NoZWR1bGVkIG9uIFdlZG5lc2RheSAyMXN0KSBwbGVhc2Ugc2Vu ZCBhZ2VuZGEgcmVxdWVzdHMgdG8gdGhlIGNoYWlycy4NCg0KDQoNCl9fUGxlYXNlIGluZGljYXRl IHNob3J0IGFic3RyYWN0LCBkcmFmdCBuYW1lLCBhbmQgdGltZSByZXF1ZXN0ZWQuX18NCg0KDQoN ClRoYW5rIHlvdSwgYW5kIHNlZSB5b3UgaW4gTG9uZG9uDQoNCg0KDQotw6lyaWMgYW5kIC1ndW50 ZXINCg0KDQoNCg0KDQoNCg0KDQo= --_000_A9597C4108004CE59791F03A02B3AF57ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <67616184D3830B4581FC0C11ECE4AF41@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iVGl0bGUiIGNvbnRlbnQ9IiI+DQo8bWV0YSBuYW1lPSJLZXl3b3JkcyIgY29udGVu dD0iIj4NCjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUg KGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxlPjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8N CkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0 IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJ cGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8N CnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsN CgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWls eTpDYWxpYnJpO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLk1z b1BsYWluVGV4dCwgbGkuTXNvUGxhaW5UZXh0LCBkaXYuTXNvUGxhaW5UZXh0DQoJe21zby1zdHls ZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiUGxhaW4gVGV4dCBDaGFyIjsNCgltYXJn aW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZv bnQtZmFtaWx5OkNhbGlicmk7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTcNCgl7bXNvLXN0eWxlLXR5cGU6 cGVyc29uYWw7DQoJZm9udC1mYW1pbHk6Q2FsaWJyaTsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnNw YW4uYXBwbGUtY29udmVydGVkLXNwYWNlDQoJe21zby1zdHlsZS1uYW1lOmFwcGxlLWNvbnZlcnRl ZC1zcGFjZTt9DQpzcGFuLlBsYWluVGV4dENoYXINCgl7bXNvLXN0eWxlLW5hbWU6IlBsYWluIFRl eHQgQ2hhciI7DQoJbXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJQbGFp biBUZXh0IjsNCglmb250LWZhbWlseTpDYWxpYnJpO30NCnNwYW4ubXNvSW5zDQoJe21zby1zdHls ZS10eXBlOmV4cG9ydC1vbmx5Ow0KCW1zby1zdHlsZS1uYW1lOiIiOw0KCXRleHQtZGVjb3JhdGlv bjp1bmRlcmxpbmU7DQoJY29sb3I6dGVhbDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUt dHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseTpDYWxpYnJpO30NCkBwYWdlIFdvcmRTZWN0 aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDcyLjBwdCA3Mi4w cHQgNzIuMHB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+ PC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIiBsYW5nPSJFTi1VUyIgbGlu az0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPkRlYXIgYWxsLDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij5UaGUgY2hhaXJzIGFyZSBwdWxsaW5nIHRvZ2V0aGVyIHRoZSBhZ2VuZGEgZm9yIElF VEYgMTAxLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij5JbiBwcmVwYXJhdGlvbiBmb3Ig dGhlIE9QU0VDIFdHIG1lZXRpbmcgKGN1cnJlbnRseSBzY2hlZHVsZWQgb24gV2VkbmVzZGF5IDIx c3QpIHBsZWFzZSBzZW5kIGFnZW5kYSByZXF1ZXN0cyB0byB0aGUgY2hhaXJzLiZuYnNwOzxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PG86cD4mbmJzcDs8L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij5fX1BsZWFzZSBpbmRpY2F0ZSBzaG9ydCBhYnN0cmFj dCwgZHJhZnQgbmFtZSwgYW5kIHRpbWUgcmVxdWVzdGVkLl9fDQo8bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+VGhhbmsgeW91LCBhbmQgc2VlIHlvdSBpbiBMb25kb248bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+LcOpcmljIGFuZCAtZ3VudGVyPG86cD48L286cD48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48bzpwPiZuYnNw OzwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_A9597C4108004CE59791F03A02B3AF57ciscocom_-- From nobody Sun Feb 25 14:36:13 2018 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5505124207 for ; Sun, 25 Feb 2018 14:36:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vbCiEJoRRQJt for ; Sun, 25 Feb 2018 14:36:10 -0800 (PST) Received: from mail-wr0-x22f.google.com (mail-wr0-x22f.google.com [IPv6:2a00:1450:400c:c0c::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBA791201F8 for ; Sun, 25 Feb 2018 14:36:09 -0800 (PST) Received: by mail-wr0-x22f.google.com with SMTP id m12so1537136wrm.13 for ; Sun, 25 Feb 2018 14:36:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=Z5JD8h30vqsO9CpwUEWXdi2iSYS/aPyhFxYT86vBKOQ=; b=ggkhiM+AmUJ42p46LP2D1WGEioAQ79qtcmo+Rbi7Dc4oEuLzmeoLFVIMEOfRflPVtO RJKmvzL9PGGpd3pFojbfC0i5jwgwj9PXKubszjkKGBJmJnWyaUSrUR5tTPdC11f98uj/ r8uIAw2xW63AteF6V8QnuloUVk45qEpk/OAjaECvVC1myQ191G2wZ0VDiQfjG2YGwEFa TAoX0f0KAyZc9nfK8SXlwVibzSIqT552a9Eio0ULmhMEKdQ/ubhAfFC++87Y2OskSPYd +X8o46eKMpRkkW+/0Ln5y97Cc2txHl4CSFc3lv51R0F/Z3zEWL9dxJKkWhxn7vd5cNFK HDmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Z5JD8h30vqsO9CpwUEWXdi2iSYS/aPyhFxYT86vBKOQ=; b=aAy4pQHQLOtJRv+USippoPvtpd0ZvkqdubzxGGGjeup6ujhA869K1/mTCsUbIEHaXy ivEE4HMH4ttEeLHLeeCZyoYYHM08ILwDChPk8jvbXRVQa7HtBdoDQ7Z/9Nu/PidtHme6 BvGHlaIzdDsq5mdcDDuFNUldfmJFdQ8MuZVSdyHTHo7YohoXTazypKiAUu7hWlIjSW6q E68UeyZ19Uq9OGms61RFw/Wk6EcgjLR/wPaTWrWwj6V+10C1bbjNgGfgXGmFvGdBpcdo WW74j3DQ3KHttbO8VQ0OGBuoX+iW/koB2Zy3zw2Dd3HxcLdLEyI7SbHln9v8KIe0eX7m 9xSg== X-Gm-Message-State: APf1xPDnrvN/Vs4ai8Vc/KpTy1SAe10imv0fjiNPEXOsL/Nze9Yx2tOp FL04JXoBYjI26O1okRrXZpGt8SIGQVGKcYA8KHkWqvni X-Google-Smtp-Source: AH8x225biF4PgR9WjUs5O9JXfQACRFbLpvK4rUA5+YMRdOoxk8yY5IsewmLaahlAQnJUoNTGAHa4BdVr4mEGE37UIeU= X-Received: by 10.223.162.152 with SMTP id s24mr7351056wra.148.1519598167771; Sun, 25 Feb 2018 14:36:07 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.152.235 with HTTP; Sun, 25 Feb 2018 14:35:27 -0800 (PST) From: Warren Kumari Date: Sun, 25 Feb 2018 17:35:27 -0500 Message-ID: To: opsec wg mailing list Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: [OPSEC] Interested in co-chairing OpSec? X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2018 22:36:12 -0000 Hi there all, I'm sad to report that, due to LSVR being chartered, and having limited time, Gunter has let me know that he will be stepping down from chairing OpSec in London. I'd like to first thank Gunter for his many years of service, and also ask if there is anyone who would be interested in volunteering. OpSec is somewhat of a "training wheels" working group - I *think* that I'm correct that Ron Bonica, Joel Jaeggli and myself all chaired OpSec as our first (or one of our first) working groups. I *do* already have a candidate in mind, but please let me know if you'd be interested in being considered. ... and, again, thanks to Gunter, W -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf From nobody Tue Feb 27 15:11:52 2018 Return-Path: X-Original-To: opsec@ietf.org Delivered-To: opsec@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CF6E12E957; Tue, 27 Feb 2018 15:11:07 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: "\"IETF Secretariat\"" To: , Cc: opsec@ietf.org, warren@kumari.net X-Test-IDTracker: no X-IETF-IDTracker: 6.73.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151977306718.5200.4691724092271369745.idtracker@ietfa.amsl.com> Date: Tue, 27 Feb 2018 15:11:07 -0800 Archived-At: Subject: [OPSEC] opsec - Requested session has been scheduled for IETF 101 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.22 List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 23:11:07 -0000 Dear Éric Vyncke, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. opsec Session 1 (1:30:00) Wednesday, Afternoon Session II 1520-1650 Room Name: Palace C size: 50 --------------------------------------------- Request Information: --------------------------------------------------------- Working Group Name: Operational Security Capabilities for IP Network Infrastructure Area Name: Operations and Management Area Session Requester: Éric Vyncke Number of Sessions: 1 Length of Session(s): 1.5 Hours Number of Attendees: 40 Conflicts to Avoid: First Priority: 6man dcrouting v6ops intarea Second Priority: alto capport cdni sacm saag taps Third Priority: grow homenet maprg quic People who must be present: Eric Vyncke Gunter Van de Velde Warren Kumari Resources Requested: Special Requests: --------------------------------------------------------- From nobody Wed Feb 28 00:25:09 2018 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD9571243F3 for ; Wed, 28 Feb 2018 00:25:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4PCGKudJ1n1K for ; Wed, 28 Feb 2018 00:25:06 -0800 (PST) Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A73C124207 for ; Wed, 28 Feb 2018 00:25:06 -0800 (PST) Received: from [192.168.3.68] (unknown [186.138.211.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 05394825E7; Wed, 28 Feb 2018 09:25:01 +0100 (CET) To: Michael Richardson , "C. M. Heard" Cc: OPSEC , Pascal Thubert , Ines Robles References: <674.1511883811@obiwan.sandelman.ca> From: Fernando Gont Message-ID: <31dd06ae-d314-15af-8ff2-9a05547c457b@si6networks.com> Date: Wed, 28 Feb 2018 05:24:35 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <674.1511883811@obiwan.sandelman.ca> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [OPSEC] Filtering advice for RPI option in draft-ietf-opsec-ipv6-eh-filtering-04 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 08:25:08 -0000 On 11/28/2017 12:43 PM, Michael Richardson wrote: > > C. M. Heard wrote: > > It seems to me that the option description and filtering advice given > > in > > https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh-filtering-04#section-4.3.4 > > a) it only coverts 0x63, and we are changing to 0x23. > b) yes, the advice to drop is not good. > > I'm unclear from a quick read if this the black-list advice, or the > white-list advice. This is meant to be black-list advice. The current advice in our document is to drop packets with this option at non-RPL routers. Isn't this advice aligned with the fact that the option type bits note that nodes that do not support this option should drop the corresponding packets? Thanks! Cheers, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 From nobody Wed Feb 28 08:29:30 2018 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E1E412D946 for ; Wed, 28 Feb 2018 08:29:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.711 X-Spam-Level: X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=heard@pobox.com header.d=pobox.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2CRUlr7QM-Pw for ; Wed, 28 Feb 2018 08:29:27 -0800 (PST) Received: from pb-smtp2.pobox.com (pb-smtp2.pobox.com [64.147.108.71]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DBFD12D871 for ; Wed, 28 Feb 2018 08:29:27 -0800 (PST) Received: from pb-smtp2.pobox.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 5F5F1D7FB2 for ; Wed, 28 Feb 2018 11:29:26 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=sasl; bh=BBuooebEyzHmEvyyYZ1OKUYUlJo=; b=vcIC5E 8nYCFp64sSQy7wK94Z2SufDtI3C/ZOUedY7XqgBJzyfEhX3J74CdI+6A0T/DzARf XasIF2TaaNdBW4sar7V45gSLqXBd/mmO59EfzH/WI8pGozpnhDyHhx5ORy2aJIBm 7kzG9y120Bp6kk7wLDltuCxMWmMsEp+L1mrg8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; q=dns; s=sasl; b=aIipGhqWFKe2HaROHFGP1m1qtTAKJGRy jL8l9gM29ttIinwt+pICPFcuXEqXt+gHJ3a5bU27ARamDqdJ8SKvpuFMjGY8yq68 uYvvHzvneEIafKiZ6HbJ05elGVjXHAvrxv30D/y3Sd+LrDLiYauOBXhWnfpmGHNr FBXm6dqVFkM= Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 56E6AD7FB1 for ; Wed, 28 Feb 2018 11:29:26 -0500 (EST) Received: from mail-qk0-f182.google.com (unknown [209.85.220.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp2.pobox.com (Postfix) with ESMTPSA id D9F7CD7FAA for ; Wed, 28 Feb 2018 11:29:25 -0500 (EST) Received: by mail-qk0-f182.google.com with SMTP id g2so3687346qkd.12 for ; Wed, 28 Feb 2018 08:29:25 -0800 (PST) X-Gm-Message-State: APf1xPCa5+Stbm+dpqIophoPVjBgUjWm6OXMQTCO2zZDDWBKkqnDC2Ap 7iY5SZmPBkbHANHTzcxan43Sn2w0O4HdH1ovx4w= X-Google-Smtp-Source: AG47ELvP2hnETrAdqeGphKDOLp5CotxxEZjZ1D1kYwyl4JXej93LiyNGt0l/zDo13/Lv/naDftcy+YdKckpcBViZoDA= X-Received: by 10.55.73.140 with SMTP id w134mr29673893qka.215.1519835365393; Wed, 28 Feb 2018 08:29:25 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.31.132 with HTTP; Wed, 28 Feb 2018 08:29:05 -0800 (PST) In-Reply-To: <31dd06ae-d314-15af-8ff2-9a05547c457b@si6networks.com> References: <674.1511883811@obiwan.sandelman.ca> <31dd06ae-d314-15af-8ff2-9a05547c457b@si6networks.com> From: "C. M. Heard" Date: Wed, 28 Feb 2018 08:29:05 -0800 X-Gmail-Original-Message-ID: Message-ID: To: Fernando Gont Cc: OPSEC , Michael Richardson , Pascal Thubert , Ines Robles Content-Type: text/plain; charset="UTF-8" X-Pobox-Relay-ID: 8A86C8E4-1CA4-11E8-85C6-67830C78B957-06080547!pb-smtp2.pobox.com Archived-At: Subject: Re: [OPSEC] Filtering advice for RPI option in draft-ietf-opsec-ipv6-eh-filtering-04 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 16:29:29 -0000 On Wed, Feb 28, 2018 at 12:24 AM, Fernando Gont wrote: > On 11/28/2017 12:43 PM, Michael Richardson wrote: >> >> C. M. Heard wrote: >> > It seems to me that the option description and filtering advice given in >> > https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh-filtering-04#section-4.3.4 >> >> a) it only covers 0x63, and we are changing to 0x23. >> b) yes, the advice to drop is not good. >> >> I'm unclear from a quick read if this the black-list advice, or the >> white-list advice. > > This is meant to be black-list advice. The current advice in our > document is to drop packets with this option at non-RPL routers. Isn't > this advice aligned with the fact that the option type bits note that > nodes that do not support this option should drop the corresponding packets? The option type is being changed from 0x63 to 0x23 precisely so that non-RPL routers will NOT drop packets with that option. See https://tools.ietf.org/html/draft-ietf-roll-useofrplinfo-21, which has recently been submitted to the IESG for publication. Thanks Mike Heard From nobody Wed Feb 28 08:45:31 2018 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F02812D963 for ; Wed, 28 Feb 2018 08:45:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OIm3bkdAj4ZG for ; Wed, 28 Feb 2018 08:45:23 -0800 (PST) Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EBE112D965 for ; Wed, 28 Feb 2018 08:45:20 -0800 (PST) Received: from [192.168.3.68] (unknown [186.138.211.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 65A4E8630E; Wed, 28 Feb 2018 17:45:15 +0100 (CET) To: "C. M. Heard" Cc: OPSEC , Michael Richardson , Pascal Thubert , Ines Robles References: <674.1511883811@obiwan.sandelman.ca> <31dd06ae-d314-15af-8ff2-9a05547c457b@si6networks.com> From: Fernando Gont Message-ID: <5679d8f1-b643-a862-69c1-eb6664e8edeb@si6networks.com> Date: Wed, 28 Feb 2018 13:39:35 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [OPSEC] Filtering advice for RPI option in draft-ietf-opsec-ipv6-eh-filtering-04 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 16:45:25 -0000 On 02/28/2018 01:29 PM, C. M. Heard wrote: > On Wed, Feb 28, 2018 at 12:24 AM, Fernando Gont wrote: >> On 11/28/2017 12:43 PM, Michael Richardson wrote: >>> >>> C. M. Heard wrote: >>> > It seems to me that the option description and filtering advice given in >>> > https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh-filtering-04#section-4.3.4 >>> >>> a) it only covers 0x63, and we are changing to 0x23. >>> b) yes, the advice to drop is not good. >>> >>> I'm unclear from a quick read if this the black-list advice, or the >>> white-list advice. >> >> This is meant to be black-list advice. The current advice in our >> document is to drop packets with this option at non-RPL routers. Isn't >> this advice aligned with the fact that the option type bits note that >> nodes that do not support this option should drop the corresponding packets? > > The option type is being changed from 0x63 to 0x23 precisely so > that non-RPL routers will NOT drop packets with that option. > See https://tools.ietf.org/html/draft-ietf-roll-useofrplinfo-21, > which has recently been submitted to the IESG for publication. It would seem that such decision has been a response to publication of RFC8200... but I don't follow. What's the reason for which 0x63 was required to be dropped, but 0x23 is required not to? Am I missing something, or is the motivation of the change to "comply with RFC8200"? -- f so, such change is not really required. Thoughts? Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 From nobody Wed Feb 28 19:04:56 2018 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B49F312DB6C for ; Wed, 28 Feb 2018 19:04:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.71 X-Spam-Level: X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=heard@pobox.com header.d=pobox.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tD3rICSZCdOB for ; Wed, 28 Feb 2018 19:04:54 -0800 (PST) Received: from pb-smtp1.pobox.com (pb-smtp1.pobox.com [64.147.108.70]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 156DF12DA73 for ; Wed, 28 Feb 2018 19:04:54 -0800 (PST) Received: from pb-smtp1.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 65680DDA72 for ; Wed, 28 Feb 2018 22:04:52 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=sasl; bh=y+WrWskExtYrh5AKlCy191Zj13Q=; b=j58xSw 6eG1YgP+CAsRmfPAlrbLGx8cDstGe+9pgC0lpmWso+ZrcXI9GKi/iieJQvk2i1Eh txbRWARnylxZ9LV8ZWdcLWtb0w2lwxMOxARIVRcP43a5fzeZKA8DgWeydZRCDDIB f49NPy65JcdaqaM0hYIHdkD9/JUQO7iOle+HE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; q=dns; s=sasl; b=TVrrV4GHmFntl5p6zpKU1A+LFfFBP0Hk EhX6o61W5SvkDx57DJkvbAJw+V7tc6Cdz+2AgykcJokYW/Ppdp9GY2QhSsyXlYTs jXVyeTUt4gZB9E1NFWwYUrAlk7v6FcYlhXJ383d87fmcT2E6juZnf5ZNm+vdzQa3 2YIlSWT2k20= Received: from pb-smtp1.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 5DC84DDA71 for ; Wed, 28 Feb 2018 22:04:52 -0500 (EST) Received: from mail-qk0-f169.google.com (unknown [209.85.220.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id 00F4FDDA70 for ; Wed, 28 Feb 2018 22:04:51 -0500 (EST) Received: by mail-qk0-f169.google.com with SMTP id d206so5826852qkb.3 for ; Wed, 28 Feb 2018 19:04:51 -0800 (PST) X-Gm-Message-State: AElRT7HEPk+u1rwhMfG6oFblPRPdSke98iR/PnEUa8iUH+znPpqJ7lZ+ A0TS7x4ymOh6jEO3o0WV1Wd6u9z8dby9HiJ9gJU= X-Google-Smtp-Source: AG47ELvLaHsiLixvqd6XrJc0dXTQR3I7Ef2kvWOxO9ccIneTKtrm80H7+BA61l15eI0b3j5z31+ozKlsZX7p42Zhhts= X-Received: by 10.55.154.207 with SMTP id c198mr508976qke.313.1519873491462; Wed, 28 Feb 2018 19:04:51 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.31.132 with HTTP; Wed, 28 Feb 2018 19:04:31 -0800 (PST) In-Reply-To: <5679d8f1-b643-a862-69c1-eb6664e8edeb@si6networks.com> References: <674.1511883811@obiwan.sandelman.ca> <31dd06ae-d314-15af-8ff2-9a05547c457b@si6networks.com> <5679d8f1-b643-a862-69c1-eb6664e8edeb@si6networks.com> From: "C. M. Heard" Date: Wed, 28 Feb 2018 19:04:31 -0800 X-Gmail-Original-Message-ID: Message-ID: To: Fernando Gont Cc: OPSEC , Michael Richardson , Pascal Thubert , Ines Robles Content-Type: text/plain; charset="UTF-8" X-Pobox-Relay-ID: 4F74F7A4-1CFD-11E8-846E-44CE1968708C-06080547!pb-smtp1.pobox.com Archived-At: Subject: Re: [OPSEC] Filtering advice for RPI option in draft-ietf-opsec-ipv6-eh-filtering-04 X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 03:04:56 -0000 On Wed, Feb 28, 2018 at 8:39 AM, Fernando Gont wrote: > On 02/28/2018 01:29 PM, C. M. Heard wrote: >> The option type is being changed from 0x63 to 0x23 precisely so >> that non-RPL routers will NOT drop packets with that option. >> See https://tools.ietf.org/html/draft-ietf-roll-useofrplinfo-21, >> which has recently been submitted to the IESG for publication. > > It would seem that such decision has been a response to publication of > RFC8200... but I don't follow. The wording of the draft can certainly give that impression, but that is not the case. The change was made to prevent packets with the RPI option that exit from an RPL domain from being discarded by a non-RPL node. > What's the reason for which 0x63 was required to be dropped, but 0x23 is > required not to? Because 0x63 has the upper two bits that say "discard the packet" if the option is unrecognized, which would be the case for a non-RPL aware node, while 0x23 has the upper two bits that say "skip over this option and continue processing the header." > Am I missing something, or is the motivation of the change to "comply > with RFC8200"? -- [i]f so, such change is not really required. The motivation is not to comply with RFC 8200, but rather to make it possible for an RPL-aware end node to send an IPv6 datagram to a non-RPL aware node on the general Internet without the need for IP-in-IP encapsulation. See the example in Section 6.2.1 of the above-referenced draft. If a firewall were to (un)helpfully filter packets with the RPI option, then that objective could not be realized. Mike Heard