Re: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering
Dave Dugal <dave@juniper.net> Thu, 31 May 2012 19:06 UTC
Return-Path: <dave@juniper.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8829C21F8771 for <opsec@ietfa.amsl.com>; Thu, 31 May 2012 12:06:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.999
X-Spam-Level:
X-Spam-Status: No, score=-5.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67JXEzm5Iq77 for <opsec@ietfa.amsl.com>; Thu, 31 May 2012 12:06:00 -0700 (PDT)
Received: from exprod7og113.obsmtp.com (exprod7og113.obsmtp.com [64.18.2.179]) by ietfa.amsl.com (Postfix) with ESMTP id B4B6621F876F for <opsec@ietf.org>; Thu, 31 May 2012 12:05:59 -0700 (PDT)
Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob113.postini.com ([64.18.6.12]) with SMTP ID DSNKT8fBFi3k9tZZhxjbCUxnMutlX7MJAM1B@postini.com; Thu, 31 May 2012 12:05:59 PDT
Received: from p-emfe01-wf.jnpr.net (172.28.145.24) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 31 May 2012 12:04:37 -0700
Received: from [172.28.34.200] (172.28.34.200) by p-emfe01-wf.jnpr.net (172.28.145.24) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 31 May 2012 15:04:36 -0400
Message-ID: <4FC7C0C2.9080708@juniper.net>
Date: Thu, 31 May 2012 15:04:34 -0400
From: Dave Dugal <dave@juniper.net>
Organization: Juniper Networks, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Warren Kumari <warren@kumari.net>
References: <55C66AF5-F84F-44BF-9972-8725244F3302@kumari.net> <BCF52336-92E7-41AB-8E32-D029DB2B24C4@kumari.net>
In-Reply-To: <BCF52336-92E7-41AB-8E32-D029DB2B24C4@kumari.net>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Cc: "opsec@ietf.org" <opsec@ietf.org>
Subject: Re: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2012 19:06:00 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Warren. I have also read Fernando's draft and do see the value and benefit of proposing a more granular approach to IP options filtering. Many times, the only mitigation for a particular attack or issue is to drop all optioned packets, which depending on configuration and topology can do more harm than good. BCP'ing a more finely granular approach is not without merit. Should we adopt this draft, I do agree with previous comments that perhaps more fine-tuning of recommended options, tradeoffs and caveats is warranted, but that discussion can continue within the WG. I support the adoption of this draft as an OPSEC working group document. - --- Dave Dugal Sr. Product Security Incident Wrangler On 5/31/2012 9:42 AM, Warren Kumari <warren@kumari.net> proclaimed ... > Dear Working Group, > > We are now halfway through the call for adoption on this draft -- > please take a moment to read and comment on if you support the > adoption of this draft… > > W On May 24, 2012, at 11:58 AM, Warren Kumari wrote: > >> Dear Working Group, >> >> This is to start a two week poll to adopt >> draft-gont-opsec-ip-options-filtering ( helpful link: >> http://tools.ietf.org/html/draft-gont-opsec-ip-options-filtering-04) >> >> as an OpSec Working Group draft. >> >> Please send your comments to the OpSec list (opsec@ietf.org). >> >> This adoption call closes on June 7th, 2012. >> >> (This document was discussed in the Paris meeting, and not enough >> people had read the document to be able to predict consensus. >> Please take a moment (or 5) to read and comment. I should mention >> that Memorial Day is coming up in the US soon -- there is nothing >> quite so enjoyable as reading drafts on the beach -- try it!) >> >> W >> >> -- With Feudalism, it's your Count that votes. >> >> >> _______________________________________________ OPSEC mailing >> list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec >> > > _______________________________________________ OPSEC mailing list > OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (MingW32) iEYEARECAAYFAk/HwMIACgkQh59lzatuAqXiuwCgtXDacC7wSx0gtdfC41JRXcJN 03MAoPf9m5FVlWOrHlOJzsPrRI117UqR =lEqG -----END PGP SIGNATURE-----
- [OPSEC] Call for adoption of draft-gont-opsec-ip-… Warren Kumari
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Warren Kumari
- Re: [OPSEC] Call for adoption of draft-gont-opsec… John Leslie
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Fernando Gont
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Dave Dugal
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Warren Kumari
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Smith, Donald
- Re: [OPSEC] Call for adoption ofdraft-gont-opsec-… Panos Kampanakis
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Fernando Gont
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Ronald Bonica
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Smith, Donald
- Re: [OPSEC] Call for adoption of draft-gont-opsec… John Kristoff
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Fernando Gont
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Warren Kumari