Re: Stephen Farrell's Discuss on draft-ietf-6man-stable-privacy-addresses-16: (with DISCUSS and COMMENT)
Eliot Lear <lear@cisco.com> Thu, 23 January 2014 15:09 UTC
Return-Path: <lear@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1B1B1A0016; Thu, 23 Jan 2014 07:09:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.036
X-Spam-Level:
X-Spam-Status: No, score=-10.036 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DAtSlewXZvLg; Thu, 23 Jan 2014 07:09:31 -0800 (PST)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) by ietfa.amsl.com (Postfix) with ESMTP id D264E1A000E; Thu, 23 Jan 2014 07:09:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=836; q=dns/txt; s=iport; t=1390489770; x=1391699370; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=EV5uxxB4fHw81ULP72ugSzQb32yDjhSb20WxbK/4ftc=; b=eQC9GwNz0sGgmDRmTIgHoazNFdNseoDWA14Y6CQtCAXzTUmZ+HH5S9y3 VOwSc+lI05b+gIRqxD1ApBnLQliL4r/OjZkZSQH0LKqx1LYYB/XTQEMp6 JQfv20J74p39662YtTX8jIgMococ834L06viPOeSN435ihsUkdMrQRCpS c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgsFAEcw4VKQ/khL/2dsb2JhbABbgwyEDLh1gRAWdIIlAQEBBCNVARALDgoCAgUWBAcCAgkDAgECAUUGAQwBBwEBiAGpVJwXF4EpjVcHgm+BSQEDmCOSGIFvgT87
X-IronPort-AV: E=Sophos;i="4.95,706,1384300800"; d="scan'208";a="4076513"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by aer-iport-1.cisco.com with ESMTP; 23 Jan 2014 15:09:28 +0000
Received: from dhcp-wlsn01-vlan250-10-147-28-17.cisco.com (dhcp-wlsn01-vlan250-10-147-28-17.cisco.com [10.147.28.17]) by ams-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s0NF9Rgd023908 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Jan 2014 15:09:27 GMT
Message-ID: <52E130A7.5050102@cisco.com>
Date: Thu, 23 Jan 2014 16:09:27 +0100
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Fernando Gont <fgont@si6networks.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Simon Perreault <simon.perreault@viagenie.ca>, The IESG <iesg@ietf.org>
Subject: Re: Stephen Farrell's Discuss on draft-ietf-6man-stable-privacy-addresses-16: (with DISCUSS and COMMENT)
References: <20140121155253.23475.70004.idtracker@ietfa.amsl.com> <52DE9E63.5050404@si6networks.com> <52DEA496.9000000@viagenie.ca> <52DEB873.1080500@cs.tcd.ie> <52DEC5C8.7080903@si6networks.com>
In-Reply-To: <52DEC5C8.7080903@si6networks.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: 6man-chairs@tools.ietf.org, ipv6@ietf.org, Lloyd Wood <L.Wood@surrey.ac.uk>, draft-ietf-6man-stable-privacy-addresses@tools.ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 15:09:32 -0000
Fernando, On 1/21/14, 8:08 PM, Fernando Gont wrote: > >> If keeping it, I'd say give the example and then add a >> security consideration that that interface might be >> vulnerable (e.g. 'cat /proc/net/eth0/rfcxxx-secret' > How about rather noting that the secret key should only be accessible by > the system administrator? (i.e., non-RFC2119 recommend that implementers > do the right thing :-) ) > I agree with the requirement but I think Stephen raises an important point, which is that it should be highlighted that the information is sensitive. As such, implementations should constrain access to the information, to the extent practicable. Furthermore, I understood Stephen's point also to be that the private key information should not be used for any other purpose. But maybe I misunderstood. Eliot
- Stephen Farrell's Discuss on draft-ietf-6man-stab… Stephen Farrell
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Simon Perreault
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Hannes Frederic Sowa
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Stephen Farrell
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- Stephen Farrell's Discuss on draft-ietf-6man-stab… Stephen Farrell
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Thomas Narten
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Stephen Farrell
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Eliot Lear
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Brian E Carpenter
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Fernando Gont
- RE: Stephen Farrell's Discuss on draft-ietf-6man-… Christian Huitema
- RE: Stephen Farrell's Discuss on draft-ietf-6man-… l.wood
- RE: Stephen Farrell's Discuss on draft-ietf-6man-… l.wood
- RE: Stephen Farrell's Discuss on draft-ietf-6man-… Christian Huitema
- Re: Stephen Farrell's Discuss on draft-ietf-6man-… Doug Barton