Re: [Gen-art] Gen-ART LC review of draft-ietf-opsec-lla-only-07
"Michael Behringer (mbehring)" <mbehring@cisco.com> Thu, 25 September 2014 13:19 UTC
Return-Path: <mbehring@cisco.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDDCF1A0056; Thu, 25 Sep 2014 06:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.287
X-Spam-Level:
X-Spam-Status: No, score=-15.287 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l0wgbUYcnsln; Thu, 25 Sep 2014 06:19:02 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9D0C1A008D; Thu, 25 Sep 2014 06:19:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4295; q=dns/txt; s=iport; t=1411651140; x=1412860740; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=zzB/I/nlxtNxJKBAef/2/zVmXANnLJTh3u4poouvuMY=; b=POWQQFDkPhRrs9oJ7Up/sEnAiw3vH6foC10yS73GOkumVWdwE+u6bz4w xP+VC6E5mSrj9PZdRlHnayNJXrYu86M8JmjUtaMWGqDJ9cUhlRRwfB57i T2xH7DAb2ACw7qSuAuKs3qrpYJW/YiSjssBD/w3CkUe067AH+rNqiXDn0 U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjoFAKIVJFStJV2Q/2dsb2JhbABggw5TVwTKXAqHTgKBAxYBe4QDAQEBBAEBATc0CwwEAgEIEQMBAQEBCgsBAQEGCQcnCxQJCAIEAQ0FCIg2DcIyAReOFYEwAiYxBwYECAEFgxaBHQWRYIQ6hC6EPZN0g2NsAYEGAQcXIoECAQEB
X-IronPort-AV: E=Sophos;i="5.04,597,1406592000"; d="scan'208";a="358201910"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-4.cisco.com with ESMTP; 25 Sep 2014 13:18:59 +0000
Received: from xhc-aln-x03.cisco.com (xhc-aln-x03.cisco.com [173.36.12.77]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id s8PDIxZK010037 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 25 Sep 2014 13:18:59 GMT
Received: from xmb-rcd-x14.cisco.com ([169.254.4.204]) by xhc-aln-x03.cisco.com ([173.36.12.77]) with mapi id 14.03.0195.001; Thu, 25 Sep 2014 08:18:59 -0500
From: "Michael Behringer (mbehring)" <mbehring@cisco.com>
To: Jari Arkko <jari.arkko@piuha.net>, Peter Yee <peter@akayla.com>
Thread-Topic: [Gen-art] Gen-ART LC review of draft-ietf-opsec-lla-only-07
Thread-Index: AQHPvEctnYht/Ikit0G9pf9M7rY21ZwSDdDQ
Date: Thu, 25 Sep 2014 13:18:59 +0000
Message-ID: <3AA7118E69D7CD4BA3ECD5716BAF28DF21C515DA@xmb-rcd-x14.cisco.com>
References: <012001cf52f7$f0361670$d0a24350$@akayla.com> <0AC232F9-A8E7-4632-BC67-682813152C70@piuha.net>
In-Reply-To: <0AC232F9-A8E7-4632-BC67-682813152C70@piuha.net>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.55.238.136]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/gen-art/U6vfRI23hjZoJQVM9Y2uVfrXO6E
X-Mailman-Approved-At: Thu, 25 Sep 2014 13:19:51 -0700
Cc: "draft-ietf-opsec-lla-only.all@tools.ietf.org" <draft-ietf-opsec-lla-only.all@tools.ietf.org>, Gen Art <gen-art@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [Gen-art] Gen-ART LC review of draft-ietf-opsec-lla-only-07
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Sep 2014 13:19:04 -0000
Jari, we have addressed those comments, and have added Peter Yee in the "acknowledgement" section. Michael > -----Original Message----- > From: Jari Arkko [mailto:jari.arkko@piuha.net] > Sent: 20 August 2014 09:20 > To: Peter Yee > Cc: draft-ietf-opsec-lla-only.all@tools.ietf.org; Gen Art; The IESG > Subject: Re: [Gen-art] Gen-ART LC review of draft-ietf-opsec-lla-only-07 > > Hi, > > I'm wondering which of the below issues have been corrected in the most > recent version of the draft. Have the authors seen the review? Some of the > comments at least have been taken into account, so the answer is probably > yes. > > But I do not see e-mails from the authors on this topic in my Inbox, so I want > to check. > > Jari > > On 08 Apr 2014, at 09:58, Peter Yee <peter@akayla.com> wrote: > > > I am the assigned Gen-ART reviewer for this draft. For background on > > Gen-ART, please see the FAQ at > > <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq> > > > > Please resolve these comments along with any other Last Call comments > > you may receive. > > > > Document: draft-ietf-opsec-lla-only-07 > > Reviewer: Peter Yee > > Review Date: April-7-2014 > > IETF LC End Date: April-7-2014 > > IESG Telechat date: TBD > > > > Summary: This draft is basically ready for publication as an > > Informational RFC, but has issues that should be fixed before > > publication. [Ready with issues.] > > > > This document discusses the (controversial) use of IPv6 link-local > > addresses on router infrastructure links. I don't find all of the > > arguments for use of link-local addresses to be terribly compelling, > > but I'm not utterly averse to the document's publication as a summary > > of some of the pros and cons for those who desire to configure their > > routers in the manner prescribed. There may be other reasons that > > should be taken into consideration, but I lack a network operator's > experience to discuss them. > > > > Minor: > > > > Page 4, 4th paragraph: I don't buy this argument. DNS can be > > simplified for non-link-local addresses by simply not registering those > addresses in DNS. > > Use of link-local addresses isn't a requirement to simplify DNS. > > > > Page 4, 5th paragraph, 2nd sentence: SSH brute force password attacks > > aren't really reduced unless the reduction is simply not being able to > > attack a single router over multiple interfaces in parallel. A better > > scheme for reducing SSH brute force password attacks might be to limit > > the rate of responses to SSH login attempts in the face of repeated > failures. > > Considering dropping this marginal example. > > > > Page 4, 6th paragraph, 1st sentence: I'm not sure what is meant by > > "the same result". Is this in reference to all 5 paragraphs that > > precede the 6th? If so, you might wish to elaborate with "the same results > as the above" . > > However, if the same results can be obtained without going to > > link-local addressing as this paragraph indicates, why is the use of > > link-local addressing being suggested? The paragraph might do well to > > explain why one scheme is preferable over the other. > > > > Page 6, 1st partial paragraph: the argument is made that "more work" > > is required to discover all of an IXPs loopback interface addresses > > before a generic attack can be mounted. This wouldn't seem to be a > > lot of upfront work and once it has been done, the advantage is > > negated. I don't find the argument particularly persuasive. > > > > Nits: > > > > Page 2, Section 2 title: change "Address" to "Addressing". > > > > Page 3, second paragraph: change "non link-local" to "non-link-local". > > > > Page 4, 1st paragraph, 3rd sentence: change "accellerated" to " > > accelerated". > > > > Page 4, 5th paragraph, 2nd sentence: delete the comma after > > "[RFC4987])" and change the "or" to "and". > > > > Page 6, 1st full paragraph, 1st sentence: change "allow" to "allows" > > and insert "an" before "MPLS LSP". > > > > > > -Peter Yee > > > > > > > > _______________________________________________ > > Gen-art mailing list > > Gen-art@ietf.org > > https://www.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART LC review of draft-ietf-opsec-l… Peter Yee
- Re: [Gen-art] Gen-ART LC review of draft-ietf-ops… Jari Arkko
- Re: [Gen-art] Gen-ART LC review of draft-ietf-ops… Jari Arkko
- Re: [Gen-art] Gen-ART LC review of draft-ietf-ops… Jari Arkko
- Re: [Gen-art] Gen-ART LC review of draft-ietf-ops… Michael Behringer (mbehring)