Re: [OPSEC] Martin Duke's No Objection on draft-ietf-opsec-v6-25: (with COMMENT)
Enno Rey <erey@ernw.de> Sat, 10 April 2021 18:31 UTC
Return-Path: <erey@ernw.de>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id DC3073A0DD5;
Sat, 10 Apr 2021 11:31:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id KkkjtySmy5Nv; Sat, 10 Apr 2021 11:31:39 -0700 (PDT)
Received: from mx1.ernw.net (mx1.ernw.net [62.159.96.78])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id CE4CD3A0DF8;
Sat, 10 Apr 2021 11:31:37 -0700 (PDT)
Received: from mail1.ernw.net (unknown [IPv6:fd00:2001:0:d001::30])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange ECDHE (P-384) server-signature RSA-PSS (2048 bits) server-digest
SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail1.ernw.net", Issuer "ernw ca1" (verified OK))
by mx1.ernw.net (Postfix) with ESMTPS id 9B1B127326;
Sat, 10 Apr 2021 20:31:33 +0200 (CEST)
Received: from ws26.ernw.net (ws26.ernw.net [172.31.1.70])
(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "ws26.ernw.net", Issuer "ernw ca1" (verified OK))
by mail1.ernw.net (Postfix) with ESMTPS id 8B01B452D59;
Sat, 10 Apr 2021 20:31:33 +0200 (CEST)
Received: by ws26.ernw.net (Postfix, from userid 1002)
id 787EFE5AB; Sat, 10 Apr 2021 20:31:33 +0200 (CEST)
Date: Sat, 10 Apr 2021 20:31:33 +0200
From: Enno Rey <erey@ernw.de>
To: Martin Duke <martin.h.duke@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-opsec-v6@ietf.org,
opsec-chairs@ietf.org, opsec@ietf.org
Message-ID: <20210410183133.GB91991@ernw.de>
References: <161764639244.16129.8383571157085804937@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <161764639244.16129.8383571157085804937@ietfa.amsl.com>
User-Agent: Mutt/1.11.3 (2019-02-01)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/4LOmJHpxGqK7hLmmcsCbo7GWcEY>
Subject: Re: [OPSEC] Martin Duke's No Objection on draft-ietf-opsec-v6-25:
(with COMMENT)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>,
<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
<mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Apr 2021 18:31:47 -0000
Hi Martin, thank you for the evaluation. Regarding your COMMENT: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I haven't gone through the dozens of references to verify the claims about > them, so I'm trusting the WG and ADs here... > > In Sec 2.3.2.4, RA-Guard and SAVI are recommended, but then in the same > paragraph it says that "only trivial cases" should enable it by default. I > can't reconcile these two statements. In fact your sentiment identifies a proper point. I've modified the respective section, and a new version has been uploaded. Thanks again & have a good weekend Enno > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec -- Enno Rey Cell: +49 173 6745902 Twitter: @Enno_Insinuator
- [OPSEC] Martin Duke's No Objection on draft-ietf-… Martin Duke via Datatracker
- Re: [OPSEC] Martin Duke's No Objection on draft-i… Enno Rey