Re: [OPSEC] draft-ietf-opsec-v6-17

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 23 July 2019 14:11 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06D1F120310 for <opsec@ietfa.amsl.com>; Tue, 23 Jul 2019 07:11:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=fVDrmWwd; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ZbKtVU/l
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ED8ALXd53knO for <opsec@ietfa.amsl.com>; Tue, 23 Jul 2019 07:11:49 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B47012031D for <opsec@ietf.org>; Tue, 23 Jul 2019 07:11:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1774; q=dns/txt; s=iport; t=1563891109; x=1565100709; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=gkZ/5hu6Pw12BQDdrKWOJHb53fG62gxtwKu0y6c0+BY=; b=fVDrmWwd7lqKoTPSVL7Z0WW86V43JmudmmCM6I43/6Rl/rJCcGFLTgDy MzV2etJayrj3+CqThB2H5x0asUS8t8+lgIAih4Jap4lUgnziTsgrJVCeh jzhDHF00pMw7yyc819V4rSa194M6rjOpPYgb2HGFRx2lxDmaBYzStFQTC k=;
IronPort-PHdr: =?us-ascii?q?9a23=3A8mWkkhwM40FyZF/XCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5YhSN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1?= =?us-ascii?q?kAgMQSkRYnBZuIF1z9J/3nRyc7B89FElRi+iLzPA=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AXAAC2FDdd/5xdJa1cChsBAQEBAwE?= =?us-ascii?q?BAQcDAQEBgVMGAQEBCwGBQ1ADgUIgBAsWFIQdg0cDhFKJLZorgS6BJANUCQE?= =?us-ascii?q?BAQwBAS0CAQGEQAIXgjcjNAkOAQMBAQQBAQIBBm2FHgyFSwIEEhERDAEBNwE?= =?us-ascii?q?PAgEIGgImAgICMBUQAQEEDgUigwCBawMdAQKfWQKBOIhgcYEygnkBAQWCR4J?= =?us-ascii?q?AGIITCYEMKAGLXheBQD+BEScfgkw+hBAJKxeCdDKCJo54m28JAoIZlAwbmAq?= =?us-ascii?q?lBQIEAgQFAg4BAQWBUDiBWHAVZQGCQYJCg3GKU3KBKY4lAQE?=
X-IronPort-AV: E=Sophos;i="5.64,299,1559520000"; d="scan'208";a="600924368"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Jul 2019 14:11:48 +0000
Received: from XCH-RCD-010.cisco.com (xch-rcd-010.cisco.com [173.37.102.20]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id x6NEBmpZ019710 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <opsec@ietf.org>; Tue, 23 Jul 2019 14:11:48 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-010.cisco.com (173.37.102.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 23 Jul 2019 09:11:47 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 23 Jul 2019 10:11:46 -0400
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 23 Jul 2019 09:11:46 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XauNA4263YAaMAshHf2R4h3jpqhzsaZIOchd2e1ueGKy8cfs+P1hqhb7wE3mYPZ4eQN52GXxzeUbDv/fd+RJGdiX6p7bl2GiQ0d2a4+0CwdN3iTNP9qQSROYigq5buS3si05abT5NGNIqJifcjawe57/TX63/xGOL3PGSe1iv6/+S1oBQu5cENeb+fGmiKKmGgU+KQRJdcAVFtzEuoqoMi1fyNdjXxOdtetQMvGbnHFIpCSxdARsmJvtzlYkywqCORsvCmKGcrSwtNxkNQcnFdCwbLfonFdd/oujzl35qJSKIGE+V8BOzEMpFEyRA58zSVwXoG6PXuLzB06yi7/zSg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gkZ/5hu6Pw12BQDdrKWOJHb53fG62gxtwKu0y6c0+BY=; b=N9cba4PW68p6Rrfy+M3B6G9zZwIhktPTFD1R9uZtI3jNAW6a9SIlHQmjAMURB3aY76ovO+9OH1z/Gu/bXI4sO3EUnZVliw8K6X6hNiiLinv58IN03Af6FRsQ8sDxQfJ1Q8tt1va06twxUERKFowFCRVd7cmlwTa502Ec5dlpxjLaZhJCCNzswLDFyEfmprKxaPGVaMwFJxXBci7Bm6WSeeODjQdll2oAFcoMIxhaeqh+D2GZhYl6sfdYnDPAWgNO1MtlzLkJRRKc3CLER6qFwKWNmYi31SUOziYBgoLoFcjmgSb4h8nrcO8y/gYDHI+9JMVH1Hyf+HDXUF1aGYj3XA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=cisco.com;dmarc=pass action=none header.from=cisco.com;dkim=pass header.d=cisco.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gkZ/5hu6Pw12BQDdrKWOJHb53fG62gxtwKu0y6c0+BY=; b=ZbKtVU/lD9+JUGhEebBpSJaAO6b+ezYWkslTWz30SLwqqnJkIT4XYycCPnUGis0zDtzQSO5So/83jTljLWZvoaKXBiwrlWG1Xe6gfCdkFr3D9knBNXLxzaKTQOXpQo3L6uszwzYX5DicRZxxQOYVoraWm/LPqHgwfh35E0ec3yQ=
Received: from MN2PR11MB4144.namprd11.prod.outlook.com (20.179.150.210) by MN2PR11MB3885.namprd11.prod.outlook.com (20.179.150.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Tue, 23 Jul 2019 14:11:45 +0000
Received: from MN2PR11MB4144.namprd11.prod.outlook.com ([fe80::cc02:dc35:1f73:653c]) by MN2PR11MB4144.namprd11.prod.outlook.com ([fe80::cc02:dc35:1f73:653c%7]) with mapi id 15.20.2094.017; Tue, 23 Jul 2019 14:11:44 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "Bernie Volz (volz)" <volz@cisco.com>
CC: "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: draft-ietf-opsec-v6-17
Thread-Index: AdVA131ZRg7Av2Q1S0WVN4M41LlOvgAAumVgABkoHQA=
Date: Tue, 23 Jul 2019 14:11:44 +0000
Message-ID: <CB9D1B68-9CA6-4D00-BC16-486665E9897F@cisco.com>
References: <BN8PR11MB36010E0BFF96507F396A6273CFC40@BN8PR11MB3601.namprd11.prod.outlook.com> <BN8PR11MB360165CD7D50E6E65B976CA8CFC40@BN8PR11MB3601.namprd11.prod.outlook.com>
In-Reply-To: <BN8PR11MB360165CD7D50E6E65B976CA8CFC40@BN8PR11MB3601.namprd11.prod.outlook.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1b.0.190715
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [2001:420:c0c8:1002::ee]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cbb9dc04-9484-4197-c2b2-08d70f77b181
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB3885;
x-ms-traffictypediagnostic: MN2PR11MB3885:
x-microsoft-antispam-prvs: <MN2PR11MB3885EED1DF6BC449978F8544A9C70@MN2PR11MB3885.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4303;
x-forefront-prvs: 0107098B6C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(39860400002)(346002)(366004)(396003)(136003)(189003)(199004)(6512007)(86362001)(6486002)(6436002)(81156014)(2906002)(36756003)(6246003)(33656002)(6116002)(81166006)(229853002)(68736007)(6862004)(8936002)(53936002)(4326008)(71200400001)(71190400001)(5660300002)(14444005)(14454004)(66946007)(99286004)(476003)(58126008)(11346002)(2616005)(66556008)(64756008)(316002)(66446008)(66476007)(256004)(76176011)(91956017)(25786009)(6636002)(7736002)(76116006)(446003)(478600001)(37006003)(102836004)(486006)(46003)(6506007)(186003)(305945005)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3885; H:MN2PR11MB4144.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: ZvShF6umpje4t4CB2cR6D+E9HCgoktUwCNFDwScxl8/05x4ZqVERqSYQVxPdHygLZ8GU5tA8nX2CdsZK6yFnehi1vRSrduCA47QRylN3+J3mV85ZG/yio0QETCS+MXd9S7SDIqyKeijAIR3W2dxFMX8LBDrAYhdKmX0OqMGIw9xLk3QVDuR9Xkrix3gOvxILkC/u3U+UfoEvirLNnqgQDfTAF82/53A0MdCJhQvU2DlXaqEBmTX5STw5gnbTES+CXSLarcJZ0TuTw1RhFosvcERAZpjN2kzJyZ7wQuj+N0BJE3UcyPTMKFORfeWjwAyUQdpn+i5ojrbqkf6qxzTWz9R/aEWP36X4AY+XLveA/Dr2/4VfYMDg2wZW/HEHZZMICiW/hLaqnpq65jVn2zSgZ7xoM/9x/7ipnBLwpki8CHc=
Content-Type: text/plain; charset="utf-8"
Content-ID: <74A7AF2B124FED44BBA83B0D0B13E5AB@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: cbb9dc04-9484-4197-c2b2-08d70f77b181
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2019 14:11:44.9250 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: evyncke@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3885
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.20, xch-rcd-010.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/5FAXB3B1xaJileCMCPQpI4UyUPU>
Subject: Re: [OPSEC] draft-ietf-opsec-v6-17
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 14:11:51 -0000

Thank you Bernie for the review.

We will fix this nits with any other comments received during the WGLC.

-éric

On 22/07/2019, 18:12, "Bernie Volz (volz)" <volz@cisco.com> wrote:

    Hi:
    
    Here’s some very minor nits (RFC editor would correct):
    
    1. s/feasable/feasible/
    2. s/section Section 2.6./Section 2.6./
    3. s/connectivity.Disabling/connectivity. Disabling/ 4. s/it has lead to nodes/it has led to nodes/ 5. s/formated/formatted/ 6. s/occurences/occurrences/ 7. s/ bypassed by an hostile party/ bypassed by a hostile party/ 8. s/be be/be/ 9. s/explicitely/explicitly/ 10. s/to identifity the interface/ to identify the interface/ 11. s/seperation/separation/ 12. s/hardened agains miscreant/hardened against miscreant/ 13. s/exception of an handful/exception of a handful/
    
    Perhaps I missed it, but the document doesn't mention anything about using a random link-layer address (other than in the context of generating IPv6 addresses). Perhaps that's OK as this is an IPv6 document and that really is a separate link-layer security issue -- and you do have to draw the line somewhere otherwise it will never get done.
    
    In all the document does look very good and hopefully can move to WGLC soon!
    
    - Bernie