Re: [auth48] AUTH48: RFC-to-be 9288 <draft-ietf-opsec-ipv6-eh-filtering-10> for your review

[Fernando Gont <fgont@si6networks.com>]

Hi, RFC-Ed,

Attached you'll find my edits for the aforementioned upcoming RFC. You 
will find my comments and responses marked with "[fgont]" within the 
attached XML source.

Some meta issues:

1) It seems that bullets have been removed from your edited version, but
    I believe the use of bullets is good when listing items (such as IPv6
    options)

3) In several parts we used "RFC3692-Style experiments", since that's
    how these options and EHs are marked/specified in [RFC3692] and
    [RFC4727].  I've just realized that this your style guidelines
    recommend against this. OTOH, that how the corresponding
    options/headers are defined specified in the corresponding RFCs
    (RFC3692 and RFC4927). Thoughts?

Thanks!

Regards,
Fernando




On 8/8/22 20:53, rfc-editor@rfc-editor.org wrote:
> Authors,
> 
> While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file.
> 
> 1) <!-- [rfced] Please insert any keywords (beyond those that appear in
> the title) for use on https://www.rfc-editor.org/search.
> -->
> 
> 
> 2) <!--[rfced] We see a number of author-inserted comments in the .xml file for this
> document. We are unsure if these have been resolved. Please review and let us know
> if these can be deleted or if they need to be addressed.
> -->
> 
> 
> 3) <!--[rfced] May we update this text as follows to add "IPv6" before
> "option type"? Additionally, may we update instances of "IPv6 option
> type" to "IPv6 Option Type" per use in RFC 7731?
> 
> Original:
>     *  Permit this IPv6 EH or IPv6 Option type.
> 
>     *  Drop packets containing this IPv6 EH or option type.
> 
>     *  Reject packets containing this IPv6 EH or option type (where the
>        packet drop is signaled with an ICMPv6 error message).
> 
>     *  Rate-limit traffic containing this IPv6 EH or option type.
> 
>     *  Ignore this IPv6 EH or option type (as if it was not present) and
>        process the packet according the rules for the remaining headers.
> 
> Perhaps:
>     *  Permit this IPv6 EH or IPv6 Option Type.
> 
>     *  Drop packets containing this IPv6 EH or IPv6 Option Type.
> 
>     *  Reject packets containing this IPv6 EH or IPv6 Option Type (where the
>        packet drop is signaled with an ICMPv6 error message).
> 
>     *  Rate-limit traffic containing this IPv6 EH or IPv6 Option Type.
> 
>     *  Ignore this IPv6 EH or IPv6 Option Type (as if it was not present), and
>        process the packet according the rules for the remaining headers.
> -->
> 
> 
> 4) <!-- [rfced] Please review whether any of the notes in this document
> should be in the <aside> element. It is defined as "a container for
> content that is semantically less important or tangential to the
> content that surrounds it" (https://xml2rfc.tools.ietf.org/xml2rfc-doc.html#name-aside-2).
> -->
> 
> 
> 5) <!--[rfced] Should instances of "CALIPSO option" be updated to
> "CALIPSO" to avoid redundancy (if expanded, "CALIPSO option"
> would be read as "Common Architecture Label IPv6 Security Option
> option". Please review and let us know if any updates are needed.
> -->
> 
> 
> 6) <!--[rfced] The following introductory sentence needs more context
> (i.e., why is the Quick-Start functionality being disabled?).
> Please let us know if the suggested text is agreeable or if you
> prefer otherwise.
> 
> Original:
>     4.4.9.4.  Operational and Interoperability Impact if Blocked
> 
>       The Quick-Start functionality would be disabled, and additional
>       delays in TCP's connection establishment (for example) could be
>       introduced. (Please see Section 4.7.2 of [RFC4782].)
> 
> Perhaps:
>     4.4.9.4.  Operational and Interoperability Impact If Blocked
> 
>       If the Quick-Start functionality is blocked, it would be disabled, and
>       additional delays in the TCP's connection establishment, for example,
>       could be introduced; please see Section 4.7.2 of [RFC4782].
> -->
> 
> 
> 7) <!--[rfced] For consistency, we updated "Hop-by-Hop Option headers" to "Hop-by-Hop Options headers" in the following. If that is not correct, please let us know.
> 
> Original:
>     This option is specified in [RFC7731], and is meant to be included
>     only in Hop-by-Hop Option headers.
> 
> Perhaps:
>     This option is specified in [RFC7731] and is meant to be included
>     only in Hop-by-Hop Options headers.
> -->
> 
> 
> 8) <!--[rfced] May we update the latter part of this sentence for clarity as follows?
> 
> Original:
>     This option is employed by Identifier-Locator Network Protocol
>     for IPv6 (ILNPv6) for providing protection against off-path attacks
>     for packets when ILNPv6 is in use, and as a signal during initial
>     network-layer session creation that ILNPv6 is proposed for use with
>     this network-layer session, rather than classic IPv6.
> 
> Perhaps:
>     This option is employed by the Identifier-Locator Network Protocol
>     for IPv6 (ILNPv6) to provide protection against off-path attacks
>     for packets when ILNPv6 is in use and as a signal during initial
>     network-layer session creation where ILNPv6 is proposed for use
>     rather than classic IPv6.
> -->
> 
> 
> 9) <!-- [rfced] Throughout the text, the following terminology appears to be used
> inconsistently. Please review these occurrences and let us know if/how they
> may be made consistent.
> 
> - Hop-by-Hop Options header vs. Hop-by-Hop Options EH
>      [Note: are these terms different or the same?]
> 
> - IPv6 packet vs. IPv6 Packet
> - Routing Header Type vs. Routing Type
> - IP Option vs. IP options (note: capitalized in RFC 6744)
> - MPL Option vs. MPL option (note: capitalized in RFC 7731)
> - RPL Option vs.  RPL option (note: capitalized in RFC 9008))
> -->
> 
> 
> 10) <!-- [rfced] Please review the "Inclusive Language" portion of the online
> Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language>
> and let us know if any changes are needed.
> -->
> 
> 
> Thank you.
> 
> RFC Editor/ap/kc
> 
> 
> On Aug 8, 2022, at 4:47 PM, rfc-editor@rfc-editor.org wrote:
> 
> *****IMPORTANT*****
> 
> Updated 2022/08/08
> 
> RFC Author(s):
> --------------
> 
> Instructions for Completing AUTH48
> 
> Your document has now entered AUTH48.  Once it has been reviewed and
> approved by you and all coauthors, it will be published as an RFC.
> If an author is no longer available, there are several remedies
> available as listed in the FAQ (https://www.rfc-editor.org/faq/).
> 
> You and you coauthors are responsible for engaging other parties
> (e.g., Contributors or Working Group) as necessary before providing
> your approval.
> 
> Planning your review
> ---------------------
> 
> Please review the following aspects of your document:
> 
> *  RFC Editor questions
> 
>    Please review and resolve any questions raised by the RFC Editor
>    that have been included in the XML file as comments marked as
>    follows:
> 
>    <!-- [rfced] ... -->
> 
>    These questions will also be sent in a subsequent email.
> 
> *  Changes submitted by coauthors
> 
>    Please ensure that you review any changes submitted by your
>    coauthors.  We assume that if you do not speak up that you
>    agree to changes submitted by your coauthors.
> 
> *  Content
> 
>    Please review the full content of the document, as this cannot
>    change once the RFC is published.  Please pay particular attention to:
>    - IANA considerations updates (if applicable)
>    - contact information
>    - references
> 
> *  Copyright notices and legends
> 
>    Please review the copyright notice and legends as defined in
>    RFC 5378 and the Trust Legal Provisions
>    (TLP – https://trustee.ietf.org/license-info/).
> 
> *  Semantic markup
> 
>    Please review the markup in the XML file to ensure that elements of
>    content are correctly tagged.  For example, ensure that <sourcecode>
>    and <artwork> are set correctly.  See details at
>    <https://authors.ietf.org/rfcxml-vocabulary>.
> 
> *  Formatted output
> 
>    Please review the PDF, HTML, and TXT files to ensure that the
>    formatted output, as generated from the markup in the XML file, is
>    reasonable.  Please note that the TXT will have formatting
>    limitations compared to the PDF and HTML.
> 
> 
> Submitting changes
> ------------------
> 
> To submit changes, please reply to this email using ‘REPLY ALL’ as all
> the parties CCed on this message need to see your changes. The parties
> include:
> 
>    *  your coauthors
> 
>    *  rfc-editor@rfc-editor.org (the RPC team)
> 
>    *  other document participants, depending on the stream (e.g.,
>       IETF Stream participants are your working group chairs, the
>       responsible ADs, and the document shepherd).
> 
>    *  auth48archive@rfc-editor.org, which is a new archival mailing list
>       to preserve AUTH48 conversations; it is not an active discussion
>       list:
> 
>      *  More info:
>         https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc
> 
>      *  The archive itself:
>         https://mailarchive.ietf.org/arch/browse/auth48archive/
> 
>      *  Note: If only absolutely necessary, you may temporarily opt out
>         of the archiving of messages (e.g., to discuss a sensitive matter).
>         If needed, please add a note at the top of the message that you
>         have dropped the address. When the discussion is concluded,
>         auth48archive@rfc-editor.org will be re-added to the CC list and
>         its addition will be noted at the top of the message.
> 
> You may submit your changes in one of two ways:
> 
> An update to the provided XML file
> — OR —
> An explicit list of changes in this format
> 
> Section # (or indicate Global)
> 
> OLD:
> old text
> 
> NEW:
> new text
> 
> You do not need to reply with both an updated XML file and an explicit
> list of changes, as either form is sufficient.
> 
> We will ask a stream manager to review and approve any changes that seem
> beyond editorial in nature, e.g., addition of new text, deletion of text,
> and technical changes.  Information about stream managers can be found in
> the FAQ.  Editorial changes do not require approval from a stream manager.
> 
> 
> Approving for publication
> --------------------------
> 
> To approve your RFC for publication, please reply to this email stating
> that you approve this RFC for publication.  Please use ‘REPLY ALL’,
> as all the parties CCed on this message need to see your approval.
> 
> 
> Files
> -----
> 
> The files are available here:
>    https://www.rfc-editor.org/authors/rfc9288.xml
>    https://www.rfc-editor.org/authors/rfc9288.html
>    https://www.rfc-editor.org/authors/rfc9288.pdf
>    https://www.rfc-editor.org/authors/rfc9288.txt
> 
> Diff file of the text:
>    https://www.rfc-editor.org/authors/rfc9288-diff.html
>    https://www.rfc-editor.org/authors/rfc9288-rfcdiff.html (side by side)
> 
> Diff of the XML:
>    https://www.rfc-editor.org/authors/rfc9288-xmldiff1.html
> 
> The following files are provided to facilitate creation of your own
> diff files of the XML.
> 
> Initial XMLv3 created using XMLv2 as input:
>    https://www.rfc-editor.org/authors/rfc9288.original.v2v3.xml
> 
> XMLv3 file that is a best effort to capture v3-related format updates
> only:
>    https://www.rfc-editor.org/authors/rfc9288.form.xml
> 
> 
> Tracking progress
> -----------------
> 
> The details of the AUTH48 status of your document are here:
>    https://www.rfc-editor.org/auth48/rfc9288
> 
> Please let us know if you have any questions.
> 
> Thank you for your cooperation,
> 
> RFC Editor
> 
> --------------------------------------
> RFC9288 (draft-ietf-opsec-ipv6-eh-filtering-10)
> 
> Title            : Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Routers
> Author(s)        : F. Gont, W. LIU
> WG Chair(s)      : Jen Linkova, Ron Bonica
> Area Director(s) : Warren Kumari, Robert Wilton
> 
> 
> 

-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494