Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-opsec-dhcpv6-shield-05: (with DISCUSS and COMMENT)
Fernando Gont <fgont@si6networks.com> Sun, 08 February 2015 18:20 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 874131A1B87; Sun, 8 Feb 2015 10:20:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HaCX6ZkB9ukX; Sun, 8 Feb 2015 10:20:27 -0800 (PST)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98BCD1A1B80; Sun, 8 Feb 2015 10:20:26 -0800 (PST)
Received: from [186.134.12.169] (helo=[192.168.123.126]) by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.84) (envelope-from <fgont@si6networks.com>) id 1YKWT0-00016x-7w; Sun, 08 Feb 2015 19:20:22 +0100
Message-ID: <54D7A6EB.4060604@si6networks.com>
Date: Sun, 08 Feb 2015 15:11:55 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Ted Lemon <Ted.Lemon@nominum.com>, "C. M. Heard" <heard@pobox.com>
References: <20150207194616.20651.30892.idtracker@ietfa.amsl.com> <D5B607FA-9B47-4F1B-A0C1-FB0C94A97CDB@bogus.com> <Pine.LNX.4.64.1502071930100.25761@shell4.bayarea.net> <06B01D8E-981D-4D06-B6CC-3B5CE92782C5@nominum.com>
In-Reply-To: <06B01D8E-981D-4D06-B6CC-3B5CE92782C5@nominum.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/opsec/0TZg1aSOO5t16L_uxnminMiSFGU>
Cc: "draft-ietf-opsec-dhcpv6-shield@ietf.org" <draft-ietf-opsec-dhcpv6-shield@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, "draft-ietf-opsec-dhcpv6-shield.ad@ietf.org" <draft-ietf-opsec-dhcpv6-shield.ad@ietf.org>, "draft-ietf-opsec-dhcpv6-shield.shepherd@ietf.org" <draft-ietf-opsec-dhcpv6-shield.shepherd@ietf.org>, The IESG <iesg@ietf.org>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, "brian.e.carpenter@gmail.com" <brian.e.carpenter@gmail.com>
Subject: Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-opsec-dhcpv6-shield-05: (with DISCUSS and COMMENT)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Feb 2015 18:20:33 -0000
On 02/08/2015 04:03 AM, Ted Lemon wrote: > On Feb 7, 2015, at 10:37 PM, C. M. Heard <heard@pobox.com> wrote: >> That is incorrect because extension headers and upper layer headers >> share a numbering space. Upper layer headers do NOT follow the >> format in RFC 6564. That makes it in UNSAFE to attempt to skip over >> an unknown next header value. > > I addressed that in my DISCUSS position. The fact that RA guard gives bad advice is no reason for the bad advice to be repeated in this document. The advice in RA-Guard in DHCPv6-shield is essentially 6man's advice on the topic: RFC7045. That's why we provide RFC7045 as a reference. If you don't like what the current version of the I-D says, you're not only disagreeing with it and with the "RA-Guard IMplementation advice" RFC, but also with the advice that 6man itself has produced on the topic (RFC7045). Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- [OPSEC] Revisting Re: Ted Lemon's Discuss on draf… joel jaeggli
- Re: [OPSEC] Revisting Re: Ted Lemon's Discuss on … C. M. Heard
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Joel Jaeggli
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- [OPSEC] Ted Lemon's Discuss on draft-ietf-opsec-d… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Brian E Carpenter
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… C. M. Heard
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Brian E Carpenter
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Fernando Gont
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Fernando Gont
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Fernando Gont
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… C. M. Heard
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… C. M. Heard
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Marc Blanchet
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… C. M. Heard
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Brian E Carpenter
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Pete Resnick
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… C. M. Heard
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Brian Haberman
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… C. M. Heard
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… C. M. Heard
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… joel jaeggli
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Fernando Gont
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Fernando Gont
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Fernando Gont
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Fernando Gont
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Brian E Carpenter
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Fernando Gont
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Brian E Carpenter
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Fernando Gont
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Fernando Gont
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… C. M. Heard
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… joel jaeggli
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Brian Haberman
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… C. M. Heard
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Fernando Gont
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… C. M. Heard
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… Ted Lemon
- Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-ops… joel jaeggli