Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Sat, 09 November 2019 07:57 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DCE812085B for <opsec@ietfa.amsl.com>; Fri, 8 Nov 2019 23:57:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=PO0trSJU; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=DAerssDw
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPoo7qhF_EVa for <opsec@ietfa.amsl.com>; Fri, 8 Nov 2019 23:57:30 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5163912000F for <opsec@ietf.org>; Fri, 8 Nov 2019 23:57:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=28537; q=dns/txt; s=iport; t=1573286250; x=1574495850; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=6FsfoFNVCahWRuETsr6a983ewj2zI1LjYehXlXr84/4=; b=PO0trSJUUH6DuXPYJ2b4+5KnN/TaUkwj3Yt6L922u4zXs6KKlKchFwQE mahL3HP/Yb37MFsFscyitoHaA1okosuKHX59Jc5o93HaylrN7g9CTKvPt d2Slo2qt4YaEu5uFKXHAUBUkefJotNvOYevJ92Zzf1zVbdD7F+CEsJ1kK Y=;
IronPort-PHdr: 9a23:vxxopR23Hl6h4QiZsmDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxKHt+51ggrPWoPWo7JfhuzavrqoeFRI4I3J8RVgOIdJSwdDjMwXmwI6B8vQBFPqKvXpYgQxHd9JUxlu+HToeUU=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AmAABlcMZd/5NdJa1hAxkBAQEBAQEBAQEBAQEBAQEBAREBAQEBAQEBAQEBAYFtAQEBAQEBCwGBGy8kLAVsWCAECyqEKYNGA4prgjkliVaOKIFCgRADVAkBAQEMAQEYAQoKAgEBhEACF4N5JDcGDgIDCwEBBAEBAQIBBQRthTcMhVEBAQEBAgEBARARHQEBByULAQQJAgIBCA4DAwECAScDAgICGQYGCxQJCAIEDgUUDoMAAYF5TQMOIAEOonsCgTiIYHWBMoJ+AQEFgTgCDkFAgkINC4IXCQWBMQGFFgOGehiBQD+BOAwTgkw+ghtHAQECAQEWgRQBEgElEQkBDAkICYJJMoIsjSSCZ4VDmARBCoIlhxeKG4QSG4I9coZvjAWDVJAIhnSCEo8rAgQCBAUCDgEBBYE/KSNncXAVGiEqAYJBCUcRFJA2g3OFFIU/dAEwd40FgjEBAQ
X-IronPort-AV: E=Sophos;i="5.68,283,1569283200"; d="scan'208,217";a="376201897"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Nov 2019 07:57:29 +0000
Received: from XCH-RCD-006.cisco.com (xch-rcd-006.cisco.com [173.37.102.16]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id xA97vTeM014609 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 9 Nov 2019 07:57:29 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-006.cisco.com (173.37.102.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 9 Nov 2019 01:57:28 -0600
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 9 Nov 2019 01:57:28 -0600
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Sat, 9 Nov 2019 01:57:28 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AN2QK9h5Ca40GJRh9D8VcV/xN1rOCzAsAihW0XbutyFPrsveTKJCVci5y3d/Wf0vBjJwPRtT2BRyPvWa4fr2vENiBLGXvb0rmwPcKQSexU1f/bqOcjUq+NwagKdQiQUSKUSwjX7SUKeFURofAYDC9p5k52q73dPMhAEKYQpvWNMy6XCryYHmfK7/+jl1b97kFHWGRDJjgrBzT6+XhEvJw7TnK/NNivEpsb0KSp6MMcfdNBXgNek1JVYw8NGKqMmzxG0HFzrXcO7A/AZFoR1MkVCKhjuhJQGDHcvPpE9aFHo3Bv5nzm/PgKg7X3xxrRHDJXXu+v3ZNVxcCnHhJ9SJvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6FsfoFNVCahWRuETsr6a983ewj2zI1LjYehXlXr84/4=; b=ZzcvgCQiyEjHmQy07ASe3Qst4Hsx4IWCNoFiirZEwaGPhDFgGV4d3wNyX8KXWIys2TQFcDIQqSJPJgsrBY6C+kXL6L1EFwv2sPETR4lwX51zwATaL+CbsexToiDoBctCm3q7LKiIYoMQFBicRQDDdQNHoqkh69l5tgisVURG9/kSnJRTO4L9+YuYQZbwDqK/L3rbw5l+AjihZNoUGWsLzXhAfSxDuTHeSQEnp32wnqdDaGGPYI2r2ynfLmGG7l3ZEYAh+vupfpzNTeqoYDCTHi8qHST1OHITWUMs3eRkOv6IHEVlb69rniyoa19izif6Ah42j12qdQ94OQWnxtbb1w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6FsfoFNVCahWRuETsr6a983ewj2zI1LjYehXlXr84/4=; b=DAerssDwSt5rfFULza3hCpF9aG9jrtskTapzCrKp6wmLuk03ODQocD9L9C01rQf7E67nrOz17bkh7WqbqPsood+2ErhQvrqlkQPs5cmsr/Xe8VzV2phxlmpFYcmmsi9EyhJRBTd5fSQFEcCeoMKsy5M9OrC3MZ3ykh40UNo0b8Y=
Received: from DM5PR11MB1753.namprd11.prod.outlook.com (10.175.88.141) by DM5PR11MB1628.namprd11.prod.outlook.com (10.172.38.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.20; Sat, 9 Nov 2019 07:57:26 +0000
Received: from DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::c1f1:d33a:2203:5a39]) by DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::c1f1:d33a:2203:5a39%7]) with mapi id 15.20.2430.023; Sat, 9 Nov 2019 07:57:26 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Gyan Mishra <hayabusagsm@gmail.com>
CC: "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt
Thread-Index: AQHVkxvTCwtKb9Pe4UuuiLsWFfIPgqd7JXoAgAdSl4CAABkggA==
Date: Sat, 09 Nov 2019 07:57:26 +0000
Message-ID: <3BB16B9C-9065-466B-9A9A-51C5D314E126@cisco.com>
References: <157281820483.13177.8617036261217670675@ietfa.amsl.com> <82AA0F9C-7836-464F-8F19-69FEDB197D53@gmail.com> <1AAA80C6-080B-492D-ABC9-645B9CEFDC99@cisco.com> <CABNhwV3AjvdExSin+etj8tF9Tzt-0VB45Nmb3hwV_REVPmiO8g@mail.gmail.com>
In-Reply-To: <CABNhwV3AjvdExSin+etj8tF9Tzt-0VB45Nmb3hwV_REVPmiO8g@mail.gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [2001:420:c0c1:36:19c1:42a4:4110:be79]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e0d4b19c-86f3-423a-56d2-08d764ea7612
x-ms-traffictypediagnostic: DM5PR11MB1628:
x-ms-exchange-purlcount: 7
x-microsoft-antispam-prvs: <DM5PR11MB16287C6478D188F3ADAE5DF7A97A0@DM5PR11MB1628.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 021670B4D2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(376002)(366004)(136003)(346002)(199004)(189003)(53546011)(76176011)(81166006)(45080400002)(102836004)(486006)(76116006)(6512007)(476003)(58126008)(1411001)(236005)(81156014)(6246003)(6116002)(316002)(6506007)(4326008)(36756003)(33656002)(14454004)(46003)(229853002)(99286004)(71200400001)(186003)(6436002)(256004)(66574012)(66446008)(446003)(5660300002)(66556008)(11346002)(6486002)(86362001)(25786009)(2906002)(64756008)(8676002)(14444005)(8936002)(6916009)(6306002)(966005)(91956017)(7736002)(54896002)(606006)(2616005)(71190400001)(66946007)(66476007)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR11MB1628; H:DM5PR11MB1753.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UT0ISF/uigNOi87PkTODLhTo8iM9CsbDoB5MBwEI3AI1loWQ7837BhLlCehc1jgihTYQyMGzxwxoz62eUUjfOrBivi/oS6CwvhlSL/AJQ80OGTwaGcQyAiJ4XZXx3AVRr1SeRdV3FM3Fv8brHGCQZDqFDG6F6YneKpz/O96QK/ZpdM5znQd+DDtUyQGvRBg+yGCkIlOwleqHFy2q0OX/lkNU9ED2ssOvadMe8kEsdiGyeOjGgTjHoyXZC/dY3VqjUkgX3qGJAsDY97XH/SLyLiC8Clgbp2Ti1jwuKf/emwcck4HhUOh1xE1OdbOBzcwiy6Oi7sb++tSjn6eOJFk3tOJFvGvd2wod8lWc3ii3aRP5BBMQ1rcOUt6ht8zrxzAedznbcNyrEHNorOAUUKhnFbTyCwsSqo+vlEJeFs55K9Pw6cnD7tjRSBg/pb5cYvySzZV1Ezfg30qdXm3G9afmLc/jd1H7Wcq3cTxfK9BPQ4w=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_3BB16B9C9065466B9A9A51C5D314E126ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e0d4b19c-86f3-423a-56d2-08d764ea7612
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Nov 2019 07:57:26.1712 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /IPoMOTDyZBZEI9VcoXjvsI2AO9OMVuJ13F+9RZ3F+e7b4v52wZH+ht13JrMAMiR+WfuwC6JpLYn/XR11TTTLg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1628
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.16, xch-rcd-006.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/0UDZQ-wUJ9EpN_vCSxR3D8BuOuI>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Nov 2019 07:57:33 -0000

Gyan

Thank you very much for your shepherd write-up, very much appreciated by the authors.

The list of the ‘obsoleted’ references is intentional indeed to ensure that readers understand that ‘old’ documents have been replaced. The text in the document is clear about the obsolete and current document. So, we do prefer to leave the references like they are as we believe that they make the document more valuable for the reader.

Regards

-éric

From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Saturday, 9 November 2019 at 08:28
To: Eric Vyncke <evyncke@cisco.com>
Cc: "opsec@ietf.org" <opsec@ietf.org>, "i-d-announce@ietf.org" <i-d-announce@ietf.org>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt

Eric

I submitted the shepherd write-up.

I ran the idnits and it found the following obsolete references.  We should clear that up before we publish it.  I can update my comments on that once the draft is updated.

Checking references for intended status: Informational

  ----------------------------------------------------------------------------



  -- Obsolete informational reference (is this intentional?): RFC 2460

     (Obsoleted by RFC 8200)



  -- Obsolete informational reference (is this intentional?): RFC 3068

     (Obsoleted by RFC 7526)



  -- Obsolete informational reference (is this intentional?): RFC 3627

     (Obsoleted by RFC 6547)



Thank you



Gyan

On Mon, Nov 4, 2019 at 9:38 AM Eric Vyncke (evyncke) <evyncke@cisco.com<mailto:evyncke@cisco.com>> wrote:
Hello Gyan,

Thank you for reminding the author to post the 'gist' of the changes with version -21.

Our OPS AD, Warren "Ace" Kumari,  has kindly reviewed our document and has identified more than 70 areas where the text was ambiguous or using bad English... No wonder, none of the 4 authors are English-speaking native: it is a mix of Estonian (Merike who also speaks German and Russian[1]), one of the 22 (?) language of India (KK), German (Enno who also speaks French and Spanish) and French (myself also speaking Dutch) __ __ IETF community is really diverse !

Thank you very much in advance for finalizing the shepherd write-up

-éric

[1] I can be wrong for Merike BTW but she is quadri-lingual

On 04/11/2019, 15:26, "Gyan Mishra" <hayabusagsm@gmail.com<mailto:hayabusagsm@gmail.com>> wrote:

    Hi Eric

    Just checking what the updates are that went in v21 since this document is now ready to be published just pending my Shepard writeup which I plan to finish this week.

    Thank you

    Gyan

    Sent from my iPhone

    > On Nov 3, 2019, at 4:56 PM, internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> wrote:
    >
    >
    > A New Internet-Draft is available from the on-line Internet-Drafts directories.
    > This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure WG of the IETF.
    >
    >        Title           : Operational Security Considerations for IPv6 Networks
    >        Authors         : Eric Vyncke
    >                          Kiran Kumar Chittimaneni
    >                          Merike Kaeo
    >                          Enno Rey
    >    Filename        : draft-ietf-opsec-v6-21.txt
    >    Pages           : 52
    >    Date            : 2019-11-03
    >
    > Abstract:
    >   Knowledge and experience on how to operate IPv4 securely is
    >   available: whether it is the Internet or an enterprise internal
    >   network.  However, IPv6 presents some new security challenges.  RFC
    >   4942 describes the security issues in the protocol but network
    >   managers also need a more practical, operations-minded document to
    >   enumerate advantages and/or disadvantages of certain choices.
    >
    >   This document analyzes the operational security issues in several
    >   places of a network (enterprises, service providers and residential
    >   users) and proposes technical and procedural mitigations techniques.
    >   Some very specific places of a network such as the Internet of Things
    >   are not discussed in this document.
    >
    >
    > The IETF datatracker status page for this draft is:
    > https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/
    >
    > There are also htmlized versions available at:
    > https://tools.ietf.org/html/draft-ietf-opsec-v6-21
    > https://datatracker.ietf.org/doc/html/draft-ietf-opsec-v6-21
    >
    > A diff from the previous version is available at:
    > https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-21
    >
    >
    > Please note that it may take a couple of minutes from the time of submission
    > until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.
    >
    > Internet-Drafts are also available by anonymous FTP at:
    > ftp://ftp.ietf.org/internet-drafts/
    >
    > _______________________________________________
    > OPSEC mailing list
    > OPSEC@ietf.org<mailto:OPSEC@ietf.org>
    > https://www.ietf.org/mailman/listinfo/opsec



--
Gyan S. Mishra
IT Network Engineering & Technology
Verizon Communications Inc. (VZ)
13101 Columbia Pike FDC1 3rd Floor
Silver Spring, MD 20904
United States
Phone: 301 502-1347
Email: gyan.s.mishra@verizon.com<mailto:gyan.s.mishra@verizon.com>
www.linkedin.com/in/networking-technologies-consultant<http://www.linkedin.com/in/networking-technologies-consultant>