Re: [OPSEC] Changes in draft-ietf-opsec-v6-14
Merike Kaeo <merike@doubleshotsecurity.com> Thu, 25 October 2018 08:49 UTC
Return-Path: <merike@doubleshotsecurity.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00AD31293FB for <opsec@ietfa.amsl.com>; Thu, 25 Oct 2018 01:49:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Nl1LEn287Kq for <opsec@ietfa.amsl.com>; Thu, 25 Oct 2018 01:49:56 -0700 (PDT)
Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B7FE1252B7 for <opsec@ietf.org>; Thu, 25 Oct 2018 01:49:56 -0700 (PDT)
Received: from [10.196.194.9] (144-196.icannmeeting.org [199.91.196.144]) (authenticated bits=0) by d.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id w9P8no6t011486 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 25 Oct 2018 01:49:51 -0700
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_E7A03070-1087-42DD-913B-2305E55666FC"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail
From: Merike Kaeo <merike@doubleshotsecurity.com>
In-Reply-To: <51205113-5925-9c25-7cd8-2a564be4df50@si6networks.com>
Date: Thu, 25 Oct 2018 01:49:43 -0700
Cc: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "opsec@ietf.org" <opsec@ietf.org>
Message-Id: <32A2095B-37BE-4CAF-A66A-F2D435E1E3E3@doubleshotsecurity.com>
References: <54F150E8-1E09-4C2F-9790-502C596D89FD@cisco.com> <51205113-5925-9c25-7cd8-2a564be4df50@si6networks.com>
To: Fernando Gont <fgont@si6networks.com>
X-Mailer: Apple Mail (2.3124)
X-Sonic-CAuth: UmFuZG9tSVaJYEe5y2nZkGJ0okRYyk0pRPDC0Iaz8HMJl4k9uMiLC/JZ/q4a9kAUFMCau9krcPk2oh9CrENCx+jTaTsavoboXqzowhNCdlY=
X-Sonic-ID: C;miDP7jLY6BGGUv+mSH5B5g== M;4Gy07zLY6BGGUv+mSH5B5g==
X-Sonic-Spam-Details: 0.0/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/1sPZHRhCztEpQmsrV-eKgH-PZiA>
Subject: Re: [OPSEC] Changes in draft-ietf-opsec-v6-14
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 08:49:58 -0000
Appreciate that Fernando. Eric did a great job enumerating the actual changes which stemmed from the comments made in last 2 meetings and the mailing list. We did go back to review the videos of the meetings and hope we addressed (pun intended :)) all issues that were pointed out. Looking forward to seeing comments from the review from you and rest of working group. - merike > On Oct 24, 2018, at 3:24 PM, Fernando Gont <fgont@si6networks.com> wrote: > > Hi, Eric, > > I was just abut to re-read the previous version of the I-D. Wil read the > last one you posted and send comments. > > Thanks! > > Cheers, > Fernando > > > > > On 10/24/18 8:36 AM, Eric Vyncke (evyncke) wrote: >> As you know by now, there will be no OPSEC WG meeting at IETF-103 in >> November (there was only 1 item on the agenda). So, the authors of >> opsec-v6 document would like to start discussion on the latest revision. >> Please find below the link to the differences between -12 and -14 (so >> two revisions). >> >> >> >> https://tools.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-14.txt&url1=draft-ietf-opsec-v6-12.txt >> >> >> >> >> It is mainly about: >> >> - Section 2.1 Addressing Architecture: adding RFC 7934 reference w/ >> multiple addresses per host >> >> - Section 2.1.2 Use of ULAs: 95% complete rewrite >> >> - Section 2.1.3: Point-to-point links: text simplified >> >> - Section 2.1.4: Temporary addresses: added reference to RFC 8064 >> (stable address), text more in favor of privacy addresses, text >> simplification >> >> - Section 2.2: extension headers: the introduction paragraph is >> clarified and split in two >> >> - Section 2.2.1. Order and Repetition of Extension Headers: add >> recommendation to use firewall (if required) supporting header filtering >> >> - Section 2.2.2: hop by hop extension header: complete rewrite in line >> with RFC 8200 >> >> - Section 2.3.1. Securing DHCP: added some text around secure DHCPv6 >> >> - Section 2.6.2.1. Forensic: added clarification >> >> - Section 2.6.2.2. Inventory: removed the paragraph about NXDOMAIN & >> NOERROR in DNS zone enumeration >> >> - Section 2.6.2.3. Correlation: added text on multiple IPv6 addresses >> per node (per RFC 7934) >> >> - Section 2.7.2.6. Teredo & 6to4: moved to the end of the tunnel >> section + text about their current status >> >> >> >> Comments are of course welcome. >> >> >> >> -éric -merike -enno -kk >> >> >> >> >> >> >> _______________________________________________ >> OPSEC mailing list >> OPSEC@ietf.org >> https://www.ietf.org/mailman/listinfo/opsec >> > > > -- > Fernando Gont > SI6 Networks > e-mail: fgont@si6networks.com > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec >
- [OPSEC] Changes in draft-ietf-opsec-v6-14 Eric Vyncke (evyncke)
- Re: [OPSEC] Changes in draft-ietf-opsec-v6-14 Fernando Gont
- Re: [OPSEC] Changes in draft-ietf-opsec-v6-14 Merike Kaeo