Re: [auth48] [AD] AUTH48: RFC-to-be 9288 <draft-ietf-opsec-ipv6-eh-filtering-10> for your review

[Warren Kumari <warren@kumari.net>]

LGTM / Approved…

W


On Mon, Aug 15, 2022 at 7:08 PM, Alanna Paloma <apaloma@amsl.com> wrote:

> Hi *Warren and Fernando,
>
> We have updated the files per the XML file Fernando submitted.
>
> *Warren - Please review review and approve of the updates in the diff file
> below: https://www.rfc-editor.org/authors/rfc9288-ad-diff.html
>
> The latest files are posted here (please refresh): https://www.rfc-editor.
> org/authors/rfc9288.xml
> https://www.rfc-editor.org/authors/rfc9288.txt
> https://www.rfc-editor.org/authors/rfc9288.html
> https://www.rfc-editor.org/authors/rfc9288.pdf
>
> https://www.rfc-editor.org/authors/rfc9288-diff.html (comprehensive diff)
> https://www.rfc-editor.org/authors/rfc9288-rfcdiff.html (comprehensive
> diff with changes side by side) https://www.rfc-editor.org/authors/
> rfc9288-lastdiff.html (last version to this one) https://www.rfc-editor.
> org/authors/rfc9288-lastrfcdiff.html (last version to this one with
> changes side by side) https://www.rfc-editor.org/authors/
> rfc9288-auth48diff.html (AUTH48 changes)
>
> The AUTH48 status page is here:
> https://www.rfc-editor.org/auth48/rfc9288
>
> Thank you,
> RFC Editor/ap
>
> On Aug 11, 2022, at 1:35 PM, Fernando Gont <fgont@si6networks.com> wrote:
>
> Hello, Alana,
>
> I did a full-read of the document, and found a few errors, which I've
> fixed (e.g., there was one (clearly incorrect) title, a reference to an
> incorrect RFC, etc.)
>
> Where necessary, I've inserted comments marked as "[fgont]" with specific
> requests or questions to the RFC-Editor.
>
> Thanks!
>
> Regards,
> Fernando
>
> On 9/8/22 18:12, Alanna Paloma wrote:
>
> Hi *Warren and Fernando,
> *Warren - As the AD, please review and approve of the updated text in
> Sections 3.1 and 4.4.15.4 as well as the removal of “including protocols”
> in Section 3.5.6.4 in the diff file below. https://www.rfc-editor.org/
> authors/rfc9288-ad-diff.html Fernando - Thank you for your reply. We have
> updated as requested with a few notes:
> 1) We have updated this sentence in Section 3.5.2.2 as follows. Please
> review and confirm that this is the intended meaning. Previously:
> The Routing Header Type 0 (RHT0) had
> originally been specified in [RFC2460], which was later obsoleted by
> [RFC5095], and thus removed from [RFC8200].
> Current:
> The Routing Type 0 had
> originally been specified in [RFC2460] and was later obsoleted by
> [RFC5095]; thus, it was removed from [RFC8200].
> 2) We have reverted instances of "Experiment in the style of RFC 3692”
> back to "RFC3692-style Experiment” to match usage in RFC 4727 and IANA
> registries. The files have been posted here (please refresh):
> https://www.rfc-editor.org/authors/rfc9288.xml
> https://www.rfc-editor.org/authors/rfc9288.txt
> https://www.rfc-editor.org/authors/rfc9288.html
> https://www.rfc-editor.org/authors/rfc9288.pdf
> The relevant diff files have been posted here:
> https://www.rfc-editor.org/authors/rfc9288-diff.html (comprehensive diff)
> https://www.rfc-editor.org/authors/rfc9288-auth48diff.html (AUTH48
> changes) Please review the document carefully as documents do not change
> once published as RFCs. We will await any further changes you may have and
> approvals from each author and the *AD prior to moving forward in the
> publication process. For the AUTH48 status of this document, please see:
> https://www.rfc-editor.org/auth48/rfc9288
> Thank you,
> RFC Editor/ap
>
> On Aug 9, 2022, at 4:10 AM, Fernando Gont <fgont@si6networks.com> wrote:
>
> Hi, RFC-Ed,
>
> Attached you'll find my edits for the aforementioned upcoming RFC. You
> will find my comments and responses marked with "[fgont]" within the
> attached XML source.
>
> Some meta issues:
>
> 1) It seems that bullets have been removed from your edited version, but I
> believe the use of bullets is good when listing items (such as IPv6
> options)
>
> 3) In several parts we used "RFC3692-Style experiments", since that's how
> these options and EHs are marked/specified in [RFC3692] and
> [RFC4727]. I've just realized that this your style guidelines recommend
> against this. OTOH, that how the corresponding options/headers are defined
> specified in the corresponding RFCs
> (RFC3692 and RFC4927). Thoughts?
>
> Thanks!
>
> Regards,
> Fernando
>
> On 8/8/22 20:53, rfc-editor@rfc-editor.org wrote:
>
> Authors,
> While reviewing this document during AUTH48, please resolve (as necessary)
> the following questions, which are also in the XML file.
> 1) <!-- [rfced] Please insert any keywords (beyond those that appear in
> the title) for use on https://www.rfc-editor.org/search.
> -->
> 2) <!--[rfced] We see a number of author-inserted comments in the .xml
> file for this document. We are unsure if these have been resolved. Please
> review and let us know if these can be deleted or if they need to be
> addressed.
> -->
> 3) <!--[rfced] May we update this text as follows to add "IPv6" before
> "option type"? Additionally, may we update instances of "IPv6 option type"
> to "IPv6 Option Type" per use in RFC 7731? Original:
> * Permit this IPv6 EH or IPv6 Option type.
> * Drop packets containing this IPv6 EH or option type.
> * Reject packets containing this IPv6 EH or option type (where the packet
> drop is signaled with an ICMPv6 error message).
> * Rate-limit traffic containing this IPv6 EH or option type.
> * Ignore this IPv6 EH or option type (as if it was not present) and
> process the packet according the rules for the remaining headers. Perhaps:
> * Permit this IPv6 EH or IPv6 Option Type.
> * Drop packets containing this IPv6 EH or IPv6 Option Type.
> * Reject packets containing this IPv6 EH or IPv6 Option Type (where the
> packet drop is signaled with an ICMPv6 error message).
> * Rate-limit traffic containing this IPv6 EH or IPv6 Option Type.
> * Ignore this IPv6 EH or IPv6 Option Type (as if it was not present), and
> process the packet according the rules for the remaining headers.
> -->
> 4) <!-- [rfced] Please review whether any of the notes in this document
> should be in the <aside> element. It is defined as "a container for content
> that is semantically less important or tangential to the content that
> surrounds it" (https://xml2rfc.tools.ietf.org/xml2rfc-doc.
> html#name-aside-2).
> -->
> 5) <!--[rfced] Should instances of "CALIPSO option" be updated to
> "CALIPSO" to avoid redundancy (if expanded, "CALIPSO option" would be read
> as "Common Architecture Label IPv6 Security Option option". Please review
> and let us know if any updates are needed.
> -->
> 6) <!--[rfced] The following introductory sentence needs more context
> (i.e., why is the Quick-Start functionality being disabled?). Please let
> us know if the suggested text is agreeable or if you prefer otherwise.
> Original:
> 4.4.9.4. Operational and Interoperability Impact if Blocked The
> Quick-Start functionality would be disabled, and additional delays in TCP's
> connection establishment (for example) could be introduced. (Please see
> Section 4.7.2 of [RFC4782].) Perhaps:
> 4.4.9.4. Operational and Interoperability Impact If Blocked If the
> Quick-Start functionality is blocked, it would be disabled, and additional
> delays in the TCP's connection establishment, for example, could be
> introduced; please see Section 4.7.2 of [RFC4782].
> -->
> 7) <!--[rfced] For consistency, we updated "Hop-by-Hop Option headers" to
> "Hop-by-Hop Options headers" in the following. If that is not correct,
> please let us know. Original:
> This option is specified in [RFC7731], and is meant to be included only in
> Hop-by-Hop Option headers.
> Perhaps:
> This option is specified in [RFC7731] and is meant to be included only in
> Hop-by-Hop Options headers.
> -->
> 8) <!--[rfced] May we update the latter part of this sentence for clarity
> as follows? Original:
> This option is employed by Identifier-Locator Network Protocol for IPv6
> (ILNPv6) for providing protection against off-path attacks for packets when
> ILNPv6 is in use, and as a signal during initial network-layer session
> creation that ILNPv6 is proposed for use with this network-layer session,
> rather than classic IPv6. Perhaps:
> This option is employed by the Identifier-Locator Network Protocol for
> IPv6 (ILNPv6) to provide protection against off-path attacks for packets
> when ILNPv6 is in use and as a signal during initial network-layer session
> creation where ILNPv6 is proposed for use rather than classic IPv6.
> -->
> 9) <!-- [rfced] Throughout the text, the following terminology appears to
> be used inconsistently. Please review these occurrences and let us know
> if/how they may be made consistent.
> - Hop-by-Hop Options header vs. Hop-by-Hop Options EH
> [Note: are these terms different or the same?]
> - IPv6 packet vs. IPv6 Packet
> - Routing Header Type vs. Routing Type
> - IP Option vs. IP options (note: capitalized in RFC 6744)
> - MPL Option vs. MPL option (note: capitalized in RFC 7731)
> - RPL Option vs. RPL option (note: capitalized in RFC 9008))
> -->
> 10) <!-- [rfced] Please review the "Inclusive Language" portion of the
> online Style Guide <https://www.rfc-editor.org/styleguide/part2/
> #inclusive_language> and let us know if any changes are needed.
> -->
> Thank you.
> RFC Editor/ap/kc
> On Aug 8, 2022, at 4:47 PM, rfc-editor@rfc-editor.org wrote:
> *****IMPORTANT*****
> Updated 2022/08/08
> RFC Author(s):
> --------------
> Instructions for Completing AUTH48
> Your document has now entered AUTH48. Once it has been reviewed and
> approved by you and all coauthors, it will be published as an RFC. If an
> author is no longer available, there are several remedies available as
> listed in the FAQ (https://www.rfc-editor.org/faq/). You and you
> coauthors are responsible for engaging other parties
> (e.g., Contributors or Working Group) as necessary before providing your
> approval.
> Planning your review
> ---------------------
> Please review the following aspects of your document:
> * RFC Editor questions
> Please review and resolve any questions raised by the RFC Editor that have
> been included in the XML file as comments marked as follows:
> <!-- [rfced] ... -->
> These questions will also be sent in a subsequent email.
> * Changes submitted by coauthors
> Please ensure that you review any changes submitted by your coauthors. We
> assume that if you do not speak up that you agree to changes submitted by
> your coauthors.
> * Content
> Please review the full content of the document, as this cannot change once
> the RFC is published. Please pay particular attention to:
> - IANA considerations updates (if applicable)
> - contact information
> - references
> * Copyright notices and legends
> Please review the copyright notice and legends as defined in RFC 5378 and
> the Trust Legal Provisions
> (TLP – https://trustee.ietf.org/license-info/).
> * Semantic markup
> Please review the markup in the XML file to ensure that elements of
> content are correctly tagged. For example, ensure that <sourcecode> and
> <artwork> are set correctly. See details at
> <https://authors.ietf.org/rfcxml-vocabulary>.
> * Formatted output
> Please review the PDF, HTML, and TXT files to ensure that the formatted
> output, as generated from the markup in the XML file, is reasonable. Please
> note that the TXT will have formatting limitations compared to the PDF and
> HTML.
> Submitting changes
> ------------------
> To submit changes, please reply to this email using ‘REPLY ALL’ as all the
> parties CCed on this message need to see your changes. The parties include:
> * your coauthors
> * rfc-editor@rfc-editor.org (the RPC team)
> * other document participants, depending on the stream (e.g., IETF Stream
> participants are your working group chairs, the responsible ADs, and the
> document shepherd).
> * auth48archive@rfc-editor.org, which is a new archival mailing list to
> preserve AUTH48 conversations; it is not an active discussion list:
> * More info:
> https://mailarchive.ietf.org/arch/msg/ietf-announce/
> yb6lpIGh-4Q9l2USxIAe6P8O4Zc
> * The archive itself:
> https://mailarchive.ietf.org/arch/browse/auth48archive/
> * Note: If only absolutely necessary, you may temporarily opt out of the
> archiving of messages (e.g., to discuss a sensitive matter). If needed,
> please add a note at the top of the message that you have dropped the
> address. When the discussion is concluded, auth48archive@rfc-editor.org
> will be re-added to the CC list and its addition will be noted at the top
> of the message. You may submit your changes in one of two ways:
> An update to the provided XML file
> — OR —
> An explicit list of changes in this format
> Section # (or indicate Global)
> OLD:
> old text
> NEW:
> new text
> You do not need to reply with both an updated XML file and an explicit
> list of changes, as either form is sufficient.
> We will ask a stream manager to review and approve any changes that seem
> beyond editorial in nature, e.g., addition of new text, deletion of text,
> and technical changes. Information about stream managers can be found in
> the FAQ. Editorial changes do not require approval from a stream manager.
> Approving for publication
> --------------------------
> To approve your RFC for publication, please reply to this email stating
> that you approve this RFC for publication. Please use ‘REPLY ALL’, as all
> the parties CCed on this message need to see your approval. Files
> -----
> The files are available here:
> https://www.rfc-editor.org/authors/rfc9288.xml
> https://www.rfc-editor.org/authors/rfc9288.html
> https://www.rfc-editor.org/authors/rfc9288.pdf
> https://www.rfc-editor.org/authors/rfc9288.txt
> Diff file of the text:
> https://www.rfc-editor.org/authors/rfc9288-diff.html
> https://www.rfc-editor.org/authors/rfc9288-rfcdiff.html (side by side)
> Diff of the XML:
> https://www.rfc-editor.org/authors/rfc9288-xmldiff1.html The following
> files are provided to facilitate creation of your own diff files of the
> XML.
> Initial XMLv3 created using XMLv2 as input:
> https://www.rfc-editor.org/authors/rfc9288.original.v2v3.xml XMLv3 file
> that is a best effort to capture v3-related format updates only:
> https://www.rfc-editor.org/authors/rfc9288.form.xml Tracking progress
> -----------------
> The details of the AUTH48 status of your document are here:
> https://www.rfc-editor.org/auth48/rfc9288
> Please let us know if you have any questions.
> Thank you for your cooperation,
> RFC Editor
> --------------------------------------
> RFC9288 (draft-ietf-opsec-ipv6-eh-filtering-10)
> Title : Recommendations on the Filtering of IPv6 Packets Containing IPv6
> Extension Headers at Transit Routers Author(s) : F. Gont, W. LIU
> WG Chair(s) : Jen Linkova, Ron Bonica
> Area Director(s) : Warren Kumari, Robert Wilton
>
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B
> B494<rfc9288-fgont-20220808.xml>
>
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B
> B494<rfc9288-fgont-20220810.xml>
>
>