Re: [auth48] [AD] AUTH48: RFC-to-be 9288 <draft-ietf-opsec-ipv6-eh-filtering-10> for your review
Warren Kumari <warren@kumari.net> Tue, 16 August 2022 01:31 UTC
Return-Path: <warren@kumari.net>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D8A0C14F72F for <auth48archive@ietfa.amsl.com>; Mon, 15 Aug 2022 18:31:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iQeMa5HcFW97 for <auth48archive@ietfa.amsl.com>; Mon, 15 Aug 2022 18:31:33 -0700 (PDT)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02E71C14792F for <auth48archive@rfc-editor.org>; Mon, 15 Aug 2022 18:31:32 -0700 (PDT)
Received: by mail-il1-x12a.google.com with SMTP id l5so1016356iln.8 for <auth48archive@rfc-editor.org>; Mon, 15 Aug 2022 18:31:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; h=cc:to:subject:message-id:date:in-reply-to:from:references :mime-version:from:to:cc; bh=U7Uq2dmSoLK3uO49Pe2pyBtsG88fNMgcxTcJnthAVVc=; b=RII89QPpJHlTQyg4VJ0RRqn3LpgqVbaG6R6r0rz9OKHgRQplqJg8di24dBuhoXlwBF lnNVwwQxNwW1WlfrN0c7+1jVMjYfl1MvdQ15kPjXJoWmIK6x0r72GGM5bsh1w/YkJBs/ rVM1vAJN8zvZ6yVJzVmksTOkdZUqfzr3jsIOVkpuB3arOsKGqAazlKiudY8d7zId6Ti4 VO+NHmIEQrKC4Gyz6V6NvzucygiGS1b2GiB/kmPkLPzOmm4J/V+diyFOfySwQn/T9UBm Z16jwU25S6rdcJiX2lfY7mfuJ84QIu9kTKY1Svrj7fguJfVkycD7IJD7k5u/3XxHbeDV MsXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:in-reply-to:from:references :mime-version:x-gm-message-state:from:to:cc; bh=U7Uq2dmSoLK3uO49Pe2pyBtsG88fNMgcxTcJnthAVVc=; b=SSDK/6jInfCD8sf9Af0z6exSiTF2rZe0EmcM+NFBYvQ919hCRnopXCBKKsLH6PDwgF o2NYapRk2kPg+fDmk7qKuegDF91ZpVHJrSKbDE4MVVHdpCcj/kbITgMdfZB7Bo/M3Bk/ 1L/Glxe/I9lt2hYe4H4Dc2o6NeX76BfzhwFFL7KkjVFouCPdQS5J4BNc7+pESK3xnyBF vtEdRRQsbzE/2APEb9umqtwEFHPkzaoWPtvPtFEivjUyklSMP0flKxYyBgJ3HlTQrdf8 lX/3y6hcGRdPCl08h/Wd/fQ/WaTgZzviuSmNbuRHoE3Gd6Wk3AjwpcOXoPZ/5iUQFZVZ 3ddQ==
X-Gm-Message-State: ACgBeo3GZMWlusaHP40yaXRzVJ3RV2tNXG1xlvPhk083kySynhXN4I+Z CHtKEdrQDpPDCzCChOMNdA+TH4kDkNmllwY9TyPidg==
X-Google-Smtp-Source: AA6agR6XB7+YxKxpCeCEAwWLaVrcYht/RVtSoMk7eyZBd/NVFCehoxcUM2dbADkEGpHPHO02+yQYJEqdov8fANOxC5Q=
X-Received: by 2002:a92:ca07:0:b0:2e0:ec6e:a529 with SMTP id j7-20020a92ca07000000b002e0ec6ea529mr8609364ils.139.1660613491600; Mon, 15 Aug 2022 18:31:31 -0700 (PDT)
Received: from 649336022844 named unknown by gmailapi.google.com with HTTPREST; Tue, 16 Aug 2022 03:31:30 +0200
Mime-Version: 1.0
X-Mailer: Superhuman Desktop (2022-08-15T22:05:45Z)
References: <20220808235311.ED785194CBB0@rfcpa.amsl.com> <9e2b5b04-f8d3-f542-692d-2ec07e89ccca@si6networks.com> <CD1F7431-A5A7-47EF-A8FC-EA1FDA6B6166@amsl.com> <659a34e3-20e8-abba-2eaf-21e76f48971c@si6networks.com> <6F80F3A2-1C01-4215-8B5D-907DB639D6EC@amsl.com>
From: Warren Kumari <warren@kumari.net>
X-Superhuman-ID: l6vidtby.2d9f3374-ca93-4064-bc50-c5bc35ddb95d
X-Superhuman-Draft-ID: draft0074cdd6a484cffc
In-Reply-To: <6F80F3A2-1C01-4215-8B5D-907DB639D6EC@amsl.com>
Date: Tue, 16 Aug 2022 03:31:30 +0200
Message-ID: <CAHw9_iL-GM2Wq5x8vTdwfrLpqMhWxjYy+PTiTmvY8dQpsHpqiQ@mail.gmail.com>
To: Alanna Paloma <apaloma@amsl.com>
Cc: Fernando Gont <fgont@si6networks.com>, RFC Errata System <rfc-editor@rfc-editor.org>, liushucheng@huawei.com, opsec-ads@ietf.org, opsec-chairs@ietf.org, Eric Vyncke <evyncke@cisco.com>, auth48archive@rfc-editor.org, fernando@gont.com.ar
Content-Type: multipart/alternative; boundary="00000000000046c3fb05e651b552"
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/Cypo5x9fJNadUn9u0jmtxq-zPyA>
Subject: Re: [auth48] [AD] AUTH48: RFC-to-be 9288 <draft-ietf-opsec-ipv6-eh-filtering-10> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2022 01:31:38 -0000
LGTM / Approved… W On Mon, Aug 15, 2022 at 7:08 PM, Alanna Paloma <apaloma@amsl.com> wrote: > Hi *Warren and Fernando, > > We have updated the files per the XML file Fernando submitted. > > *Warren - Please review review and approve of the updates in the diff file > below: https://www.rfc-editor.org/authors/rfc9288-ad-diff.html > > The latest files are posted here (please refresh): https://www.rfc-editor. > org/authors/rfc9288.xml > https://www.rfc-editor.org/authors/rfc9288.txt > https://www.rfc-editor.org/authors/rfc9288.html > https://www.rfc-editor.org/authors/rfc9288.pdf > > https://www.rfc-editor.org/authors/rfc9288-diff.html (comprehensive diff) > https://www.rfc-editor.org/authors/rfc9288-rfcdiff.html (comprehensive > diff with changes side by side) https://www.rfc-editor.org/authors/ > rfc9288-lastdiff.html (last version to this one) https://www.rfc-editor. > org/authors/rfc9288-lastrfcdiff.html (last version to this one with > changes side by side) https://www.rfc-editor.org/authors/ > rfc9288-auth48diff.html (AUTH48 changes) > > The AUTH48 status page is here: > https://www.rfc-editor.org/auth48/rfc9288 > > Thank you, > RFC Editor/ap > > On Aug 11, 2022, at 1:35 PM, Fernando Gont <fgont@si6networks.com> wrote: > > Hello, Alana, > > I did a full-read of the document, and found a few errors, which I've > fixed (e.g., there was one (clearly incorrect) title, a reference to an > incorrect RFC, etc.) > > Where necessary, I've inserted comments marked as "[fgont]" with specific > requests or questions to the RFC-Editor. > > Thanks! > > Regards, > Fernando > > On 9/8/22 18:12, Alanna Paloma wrote: > > Hi *Warren and Fernando, > *Warren - As the AD, please review and approve of the updated text in > Sections 3.1 and 4.4.15.4 as well as the removal of “including protocols” > in Section 3.5.6.4 in the diff file below. https://www.rfc-editor.org/ > authors/rfc9288-ad-diff.html Fernando - Thank you for your reply. We have > updated as requested with a few notes: > 1) We have updated this sentence in Section 3.5.2.2 as follows. Please > review and confirm that this is the intended meaning. Previously: > The Routing Header Type 0 (RHT0) had > originally been specified in [RFC2460], which was later obsoleted by > [RFC5095], and thus removed from [RFC8200]. > Current: > The Routing Type 0 had > originally been specified in [RFC2460] and was later obsoleted by > [RFC5095]; thus, it was removed from [RFC8200]. > 2) We have reverted instances of "Experiment in the style of RFC 3692” > back to "RFC3692-style Experiment” to match usage in RFC 4727 and IANA > registries. The files have been posted here (please refresh): > https://www.rfc-editor.org/authors/rfc9288.xml > https://www.rfc-editor.org/authors/rfc9288.txt > https://www.rfc-editor.org/authors/rfc9288.html > https://www.rfc-editor.org/authors/rfc9288.pdf > The relevant diff files have been posted here: > https://www.rfc-editor.org/authors/rfc9288-diff.html (comprehensive diff) > https://www.rfc-editor.org/authors/rfc9288-auth48diff.html (AUTH48 > changes) Please review the document carefully as documents do not change > once published as RFCs. We will await any further changes you may have and > approvals from each author and the *AD prior to moving forward in the > publication process. For the AUTH48 status of this document, please see: > https://www.rfc-editor.org/auth48/rfc9288 > Thank you, > RFC Editor/ap > > On Aug 9, 2022, at 4:10 AM, Fernando Gont <fgont@si6networks.com> wrote: > > Hi, RFC-Ed, > > Attached you'll find my edits for the aforementioned upcoming RFC. You > will find my comments and responses marked with "[fgont]" within the > attached XML source. > > Some meta issues: > > 1) It seems that bullets have been removed from your edited version, but I > believe the use of bullets is good when listing items (such as IPv6 > options) > > 3) In several parts we used "RFC3692-Style experiments", since that's how > these options and EHs are marked/specified in [RFC3692] and > [RFC4727]. I've just realized that this your style guidelines recommend > against this. OTOH, that how the corresponding options/headers are defined > specified in the corresponding RFCs > (RFC3692 and RFC4927). Thoughts? > > Thanks! > > Regards, > Fernando > > On 8/8/22 20:53, rfc-editor@rfc-editor.org wrote: > > Authors, > While reviewing this document during AUTH48, please resolve (as necessary) > the following questions, which are also in the XML file. > 1) <!-- [rfced] Please insert any keywords (beyond those that appear in > the title) for use on https://www.rfc-editor.org/search. > --> > 2) <!--[rfced] We see a number of author-inserted comments in the .xml > file for this document. We are unsure if these have been resolved. Please > review and let us know if these can be deleted or if they need to be > addressed. > --> > 3) <!--[rfced] May we update this text as follows to add "IPv6" before > "option type"? Additionally, may we update instances of "IPv6 option type" > to "IPv6 Option Type" per use in RFC 7731? Original: > * Permit this IPv6 EH or IPv6 Option type. > * Drop packets containing this IPv6 EH or option type. > * Reject packets containing this IPv6 EH or option type (where the packet > drop is signaled with an ICMPv6 error message). > * Rate-limit traffic containing this IPv6 EH or option type. > * Ignore this IPv6 EH or option type (as if it was not present) and > process the packet according the rules for the remaining headers. Perhaps: > * Permit this IPv6 EH or IPv6 Option Type. > * Drop packets containing this IPv6 EH or IPv6 Option Type. > * Reject packets containing this IPv6 EH or IPv6 Option Type (where the > packet drop is signaled with an ICMPv6 error message). > * Rate-limit traffic containing this IPv6 EH or IPv6 Option Type. > * Ignore this IPv6 EH or IPv6 Option Type (as if it was not present), and > process the packet according the rules for the remaining headers. > --> > 4) <!-- [rfced] Please review whether any of the notes in this document > should be in the <aside> element. It is defined as "a container for content > that is semantically less important or tangential to the content that > surrounds it" (https://xml2rfc.tools.ietf.org/xml2rfc-doc. > html#name-aside-2). > --> > 5) <!--[rfced] Should instances of "CALIPSO option" be updated to > "CALIPSO" to avoid redundancy (if expanded, "CALIPSO option" would be read > as "Common Architecture Label IPv6 Security Option option". Please review > and let us know if any updates are needed. > --> > 6) <!--[rfced] The following introductory sentence needs more context > (i.e., why is the Quick-Start functionality being disabled?). Please let > us know if the suggested text is agreeable or if you prefer otherwise. > Original: > 4.4.9.4. Operational and Interoperability Impact if Blocked The > Quick-Start functionality would be disabled, and additional delays in TCP's > connection establishment (for example) could be introduced. (Please see > Section 4.7.2 of [RFC4782].) Perhaps: > 4.4.9.4. Operational and Interoperability Impact If Blocked If the > Quick-Start functionality is blocked, it would be disabled, and additional > delays in the TCP's connection establishment, for example, could be > introduced; please see Section 4.7.2 of [RFC4782]. > --> > 7) <!--[rfced] For consistency, we updated "Hop-by-Hop Option headers" to > "Hop-by-Hop Options headers" in the following. If that is not correct, > please let us know. Original: > This option is specified in [RFC7731], and is meant to be included only in > Hop-by-Hop Option headers. > Perhaps: > This option is specified in [RFC7731] and is meant to be included only in > Hop-by-Hop Options headers. > --> > 8) <!--[rfced] May we update the latter part of this sentence for clarity > as follows? Original: > This option is employed by Identifier-Locator Network Protocol for IPv6 > (ILNPv6) for providing protection against off-path attacks for packets when > ILNPv6 is in use, and as a signal during initial network-layer session > creation that ILNPv6 is proposed for use with this network-layer session, > rather than classic IPv6. Perhaps: > This option is employed by the Identifier-Locator Network Protocol for > IPv6 (ILNPv6) to provide protection against off-path attacks for packets > when ILNPv6 is in use and as a signal during initial network-layer session > creation where ILNPv6 is proposed for use rather than classic IPv6. > --> > 9) <!-- [rfced] Throughout the text, the following terminology appears to > be used inconsistently. Please review these occurrences and let us know > if/how they may be made consistent. > - Hop-by-Hop Options header vs. Hop-by-Hop Options EH > [Note: are these terms different or the same?] > - IPv6 packet vs. IPv6 Packet > - Routing Header Type vs. Routing Type > - IP Option vs. IP options (note: capitalized in RFC 6744) > - MPL Option vs. MPL option (note: capitalized in RFC 7731) > - RPL Option vs. RPL option (note: capitalized in RFC 9008)) > --> > 10) <!-- [rfced] Please review the "Inclusive Language" portion of the > online Style Guide <https://www.rfc-editor.org/styleguide/part2/ > #inclusive_language> and let us know if any changes are needed. > --> > Thank you. > RFC Editor/ap/kc > On Aug 8, 2022, at 4:47 PM, rfc-editor@rfc-editor.org wrote: > *****IMPORTANT***** > Updated 2022/08/08 > RFC Author(s): > -------------- > Instructions for Completing AUTH48 > Your document has now entered AUTH48. Once it has been reviewed and > approved by you and all coauthors, it will be published as an RFC. If an > author is no longer available, there are several remedies available as > listed in the FAQ (https://www.rfc-editor.org/faq/). You and you > coauthors are responsible for engaging other parties > (e.g., Contributors or Working Group) as necessary before providing your > approval. > Planning your review > --------------------- > Please review the following aspects of your document: > * RFC Editor questions > Please review and resolve any questions raised by the RFC Editor that have > been included in the XML file as comments marked as follows: > <!-- [rfced] ... --> > These questions will also be sent in a subsequent email. > * Changes submitted by coauthors > Please ensure that you review any changes submitted by your coauthors. We > assume that if you do not speak up that you agree to changes submitted by > your coauthors. > * Content > Please review the full content of the document, as this cannot change once > the RFC is published. Please pay particular attention to: > - IANA considerations updates (if applicable) > - contact information > - references > * Copyright notices and legends > Please review the copyright notice and legends as defined in RFC 5378 and > the Trust Legal Provisions > (TLP – https://trustee.ietf.org/license-info/). > * Semantic markup > Please review the markup in the XML file to ensure that elements of > content are correctly tagged. For example, ensure that <sourcecode> and > <artwork> are set correctly. See details at > <https://authors.ietf.org/rfcxml-vocabulary>. > * Formatted output > Please review the PDF, HTML, and TXT files to ensure that the formatted > output, as generated from the markup in the XML file, is reasonable. Please > note that the TXT will have formatting limitations compared to the PDF and > HTML. > Submitting changes > ------------------ > To submit changes, please reply to this email using ‘REPLY ALL’ as all the > parties CCed on this message need to see your changes. The parties include: > * your coauthors > * rfc-editor@rfc-editor.org (the RPC team) > * other document participants, depending on the stream (e.g., IETF Stream > participants are your working group chairs, the responsible ADs, and the > document shepherd). > * auth48archive@rfc-editor.org, which is a new archival mailing list to > preserve AUTH48 conversations; it is not an active discussion list: > * More info: > https://mailarchive.ietf.org/arch/msg/ietf-announce/ > yb6lpIGh-4Q9l2USxIAe6P8O4Zc > * The archive itself: > https://mailarchive.ietf.org/arch/browse/auth48archive/ > * Note: If only absolutely necessary, you may temporarily opt out of the > archiving of messages (e.g., to discuss a sensitive matter). If needed, > please add a note at the top of the message that you have dropped the > address. When the discussion is concluded, auth48archive@rfc-editor.org > will be re-added to the CC list and its addition will be noted at the top > of the message. You may submit your changes in one of two ways: > An update to the provided XML file > — OR — > An explicit list of changes in this format > Section # (or indicate Global) > OLD: > old text > NEW: > new text > You do not need to reply with both an updated XML file and an explicit > list of changes, as either form is sufficient. > We will ask a stream manager to review and approve any changes that seem > beyond editorial in nature, e.g., addition of new text, deletion of text, > and technical changes. Information about stream managers can be found in > the FAQ. Editorial changes do not require approval from a stream manager. > Approving for publication > -------------------------- > To approve your RFC for publication, please reply to this email stating > that you approve this RFC for publication. Please use ‘REPLY ALL’, as all > the parties CCed on this message need to see your approval. Files > ----- > The files are available here: > https://www.rfc-editor.org/authors/rfc9288.xml > https://www.rfc-editor.org/authors/rfc9288.html > https://www.rfc-editor.org/authors/rfc9288.pdf > https://www.rfc-editor.org/authors/rfc9288.txt > Diff file of the text: > https://www.rfc-editor.org/authors/rfc9288-diff.html > https://www.rfc-editor.org/authors/rfc9288-rfcdiff.html (side by side) > Diff of the XML: > https://www.rfc-editor.org/authors/rfc9288-xmldiff1.html The following > files are provided to facilitate creation of your own diff files of the > XML. > Initial XMLv3 created using XMLv2 as input: > https://www.rfc-editor.org/authors/rfc9288.original.v2v3.xml XMLv3 file > that is a best effort to capture v3-related format updates only: > https://www.rfc-editor.org/authors/rfc9288.form.xml Tracking progress > ----------------- > The details of the AUTH48 status of your document are here: > https://www.rfc-editor.org/auth48/rfc9288 > Please let us know if you have any questions. > Thank you for your cooperation, > RFC Editor > -------------------------------------- > RFC9288 (draft-ietf-opsec-ipv6-eh-filtering-10) > Title : Recommendations on the Filtering of IPv6 Packets Containing IPv6 > Extension Headers at Transit Routers Author(s) : F. Gont, W. LIU > WG Chair(s) : Jen Linkova, Ron Bonica > Area Director(s) : Warren Kumari, Robert Wilton > > -- > Fernando Gont > SI6 Networks > e-mail: fgont@si6networks.com > PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B > B494<rfc9288-fgont-20220808.xml> > > -- > Fernando Gont > SI6 Networks > e-mail: fgont@si6networks.com > PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B > B494<rfc9288-fgont-20220810.xml> > >
- [auth48] AUTH48: RFC-to-be 9288 <draft-ietf-opsec… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9288 <draft-ietf-o… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9288 <draft-ietf-o… Fernando Gont
- [auth48] [AD] Re: AUTH48: RFC-to-be 9288 <draft-i… Alanna Paloma
- Re: [auth48] [AD] Re: AUTH48: RFC-to-be 9288 <dra… Fernando Gont
- Re: [auth48] [AD] AUTH48: RFC-to-be 9288 <draft-i… Alanna Paloma
- Re: [auth48] [AD] AUTH48: RFC-to-be 9288 <draft-i… Warren Kumari
- Re: [auth48] [AD] AUTH48: RFC-to-be 9288 <draft-i… Fernando Gont
- Re: [auth48] [AD] AUTH48: RFC-to-be 9288 <draft-i… Liushucheng (Will LIU, Strategy & Industry Development)
- Re: [auth48] AUTH48: RFC-to-be 9288 <draft-ietf-o… Alanna Paloma