Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-18.txt

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Sat, 21 September 2019 07:30 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1079012006F for <opsec@ietfa.amsl.com>; Sat, 21 Sep 2019 00:30:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=lWzaNAmi; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=MbVPI+dv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e-LAj7rpYjqu for <opsec@ietfa.amsl.com>; Sat, 21 Sep 2019 00:30:24 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8AA412001E for <opsec@ietf.org>; Sat, 21 Sep 2019 00:30:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3832; q=dns/txt; s=iport; t=1569051023; x=1570260623; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=wUNmZeGOuSn0AQEkDmY0P484lYY2HxpE13prRjzvmXc=; b=lWzaNAmiubLow2BX8aJWQkEYSvf+iBAHzF63+zY5zPEWfFbON0fbHiRn HvzZVIDjIzxEbArISs9dMMR+Fysm2jw3GRxnvNGpQdeyEXWbiTxJ74s+b N6orqSxoXV+6m2pgDdYjxtDhtEJVFQU1Lg1F6hPILbcVpSF3cfMht7rtM c=;
IronPort-PHdr: =?us-ascii?q?9a23=3AHcUYbBbYjhWnlXa3pnyvvpf/LSx94ef9IxIV55?= =?us-ascii?q?w7irlHbqWk+dH4MVfC4el20gebRp3VvvRDjeee87vtX2AN+96giDgDa9QNMn?= =?us-ascii?q?1NksAKh0olCc+BB1f8KavncT08F8dPfFRk5Hq8d0NSHZW2ag=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CSAAAy0YVd/4kNJK1kHQEBBQEHBQG?= =?us-ascii?q?BUwgBCwGBSlADbVYgBAsqhCKDRwOEUoYkTZoDgS4UgRADVAkBAQEMAQEYCwo?= =?us-ascii?q?CAQGEPwIXgnIjNAkOAgMJAQEEAQEBAgEFBG2FLQELhUsCAQMBARAREQwBASw?= =?us-ascii?q?MDwIBCBoCERUCAgIlCxUQAgQTFA6DAAGBagMdAQIMngsCgTiIYXOBMoJ9AQE?= =?us-ascii?q?FgTcCDkFAgkYYghcJgQwoAYwIGIFAP4E4H4JMPoJhAQECAQEWgQJFFyiCTDK?= =?us-ascii?q?CJo9anTcKgiKHBY4FG4I2coZZjyWOGogTkQQCBAIEBQIOAQEFgVI4gUIOCHA?= =?us-ascii?q?VGiEqAYJBCUcQFIFOg3KFFIU/c4EpjWYBAQ?=
X-IronPort-AV: E=Sophos;i="5.64,531,1559520000"; d="scan'208";a="631926774"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 Sep 2019 07:29:55 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x8L7Ttu5024010 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <opsec@ietf.org>; Sat, 21 Sep 2019 07:29:56 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 21 Sep 2019 02:29:55 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 21 Sep 2019 02:29:54 -0500
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Sat, 21 Sep 2019 02:29:55 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hzynsm1kSE8KDIZT6WvWgxzFIAUI3ITgChFBPqB7DIQVTFGtU/goGH49I3b7HzzNGAAvPRBAAs1tP32vScNa7Zy2+kbN6adkPs60LykUYuKbPaKJVcEHAQVLjN8G8aht7hhIbRUOS5XO1YhXx1v60+8B6P5E15OOnghPvkiTGyRQKV8xQk4+Gv3ssKD4XfsSbuGxjYLBSnaA44gBHqZ9fdj/t+HmNF1FKVrjIy71U/ZWUfFBL+i0X9Pu3/bsgowzQLF4sxF/AOpIrZXxuf5Nzt+5a7PwPRWeSdjHBfDQfvERqlW4bjOQoB5kSkudastlQdEBr1o9ujwJn70jCOSxTw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wUNmZeGOuSn0AQEkDmY0P484lYY2HxpE13prRjzvmXc=; b=d2E7heBZb/r3yIRmgFVDvYPd6pboAtQ4KCRPLMZd7Pj/EIUxt+vTQy18qGBgDFys2Lfsf7f3D8P1WBsG40lwbZgOW4qMVvC1eFn2dJDb93+lOvLen1o3oHOOZhD8b2U2mj1ddMqnjUbYIw2KsfdRSdiAC5K9R9rNsIS1vCnkIxQm/vXO0UocM2lu6L68Zs9ZXSUVmo25+TieG3OSXssTaPVkiOvW13ox3rusCKQYnUGRkru+Doss6kBoF5H4pB+sHtPM3S+E0C/tx4O/JMxbf4a5og+hbC6n7FzfWuUbas0s1zGjx7YA0hxJr2AJFFet8Wckhjh1R8YPZnI8aOQOoA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wUNmZeGOuSn0AQEkDmY0P484lYY2HxpE13prRjzvmXc=; b=MbVPI+dv0D3kKcBEvOKek60CCjptq4zj0pJboBEDdPQ5R/VERHCs1/IfqfcOc93367B5B+ed/od5y0ssL65dv4QtmyNAHgc2YL2tT9ArsXwdNdbhOB8aXV/O4f8McXfNrZNenSVInK4u/L/+5PaJsmiMavqx2a+eErqvONynCcc=
Received: from MN2PR11MB4144.namprd11.prod.outlook.com (20.179.150.210) by MN2PR11MB4350.namprd11.prod.outlook.com (52.135.39.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.23; Sat, 21 Sep 2019 07:29:53 +0000
Received: from MN2PR11MB4144.namprd11.prod.outlook.com ([fe80::a867:28ea:afa3:be5f]) by MN2PR11MB4144.namprd11.prod.outlook.com ([fe80::a867:28ea:afa3:be5f%6]) with mapi id 15.20.2284.023; Sat, 21 Sep 2019 07:29:53 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: [OPSEC] I-D Action: draft-ietf-opsec-v6-18.txt
Thread-Index: AQHVcEupDVHP+Q4xIEyFc7NlPKUMQqc13aYA
Date: Sat, 21 Sep 2019 07:29:53 +0000
Message-ID: <F3CCEAEC-D8DD-497E-92EE-62E828510E88@cisco.com>
References: <156904975523.23067.17396839114206805258@ietfa.amsl.com>
In-Reply-To: <156904975523.23067.17396839114206805258@ietfa.amsl.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [2001:420:c0c1:36:6c21:e3b9:41f7:9279]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5801b04c-5ae2-4bcf-99e8-08d73e657edb
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB4350;
x-ms-traffictypediagnostic: MN2PR11MB4350:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <MN2PR11MB435028A2C377E604D12D1E7FA98B0@MN2PR11MB4350.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0167DB5752
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(396003)(39860400002)(346002)(366004)(189003)(199004)(81166006)(6116002)(6916009)(186003)(1730700003)(81156014)(8676002)(58126008)(6506007)(446003)(11346002)(2616005)(486006)(6246003)(476003)(2351001)(305945005)(99286004)(46003)(102836004)(33656002)(7736002)(76176011)(8936002)(316002)(478600001)(229853002)(14454004)(5640700003)(66946007)(66476007)(6486002)(64756008)(5660300002)(66446008)(966005)(36756003)(76116006)(66556008)(14444005)(256004)(6436002)(91956017)(66574012)(2501003)(71190400001)(86362001)(71200400001)(6512007)(6306002)(25786009)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4350; H:MN2PR11MB4144.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: z/hIGk3wpSLBpuebT/5L9AmXTKn69bMr3rcFGQ8qXD12SfLebCMyT3hXxBAT4HHxeik0LyjqpwagGOX+BmMJZAjuNsdmTRAFrJlznmYOwUJbR3890LDN0wd1fhU0FWUd5T3ldSHetQbhCC/Cig/M6jbskQKsNu+5kNZyeB3KME+sMV2rcwybXtS/FOWC2l0wxDWuYh82sIlHYDaJh9Ub+xd0Tw4iALMV1yDd4HCkW4oTQNJ3Cp6NI0jDg+V+lUjbLGkoe7UaQw4Vwd3q1Mz+14GfHLYW7ONtam93ztGcpxWLqdBrWXVQIWYvH9fs0hC9zeymDxIoOBWseJm+FwAakGXjFq5liZZXDu2ISc0rvMITwf+lwp+hwb3+mYUBKCclQUDUivrUH1tYKk3ixjULXigeostTfkAn/9WGw49tCZo=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <DBC9932D1F011844BB1DE76822FBA377@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 5801b04c-5ae2-4bcf-99e8-08d73e657edb
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2019 07:29:53.4276 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vtpWxInsOyTLZ0Z4dMNnJ8Fr7KvH2w63I/Hazf7M5tbmFt7pZ4Fs+oM7NSjQgNqplrypcJUIk7F61+M8ipH38Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4350
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/0xaFwsZzVyr_IvP0xmUATUmvc6g>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-18.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Sep 2019 07:30:26 -0000

With this revision, the authors have taken into account the very extensive review by Jen Linkova and other previous comments from Donald Smith, Jordi Palet and Bernie Volz.

As discussed at IETF-105, the authors would like to start another working group last call.

Let's finish this document with the assistance of the OPSEC community

Regards

-éric -merike -kk and -enno

On 21/09/2019, 09:10, "OPSEC on behalf of internet-drafts@ietf.org" <opsec-bounces@ietf.org on behalf of internet-drafts@ietf.org> wrote:

    
    A New Internet-Draft is available from the on-line Internet-Drafts directories.
    This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure WG of the IETF.
    
            Title           : Operational Security Considerations for IPv6 Networks
            Authors         : Eric Vyncke
                              Kiran K. Chittimaneni
                              Merike Kaeo
                              Enno Rey
    	Filename        : draft-ietf-opsec-v6-18.txt
    	Pages           : 52
    	Date            : 2019-09-21
    
    Abstract:
       Knowledge and experience on how to operate IPv4 securely is
       available: whether it is the Internet or an enterprise internal
       network.  However, IPv6 presents some new security challenges.  RFC
       4942 describes the security issues in the protocol but network
       managers also need a more practical, operations-minded document to
       enumerate advantages and/or disadvantages of certain choices.
    
       This document analyzes the operational security issues in several
       places of a network (enterprises, service providers and residential
       users) and proposes technical and procedural mitigations techniques.
       Some very specific places of a network such as the Internet of Things
       are not discussed in this document.
    
    
    The IETF datatracker status page for this draft is:
    https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/
    
    There are also htmlized versions available at:
    https://tools.ietf.org/html/draft-ietf-opsec-v6-18
    https://datatracker.ietf.org/doc/html/draft-ietf-opsec-v6-18
    
    A diff from the previous version is available at:
    https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-18
    
    
    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at tools.ietf.org.
    
    Internet-Drafts are also available by anonymous FTP at:
    ftp://ftp.ietf.org/internet-drafts/
    
    _______________________________________________
    OPSEC mailing list
    OPSEC@ietf.org
    https://www.ietf.org/mailman/listinfo/opsec