Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv6-eh-filtering-03

Bob Hinden <bob.hinden@gmail.com> Wed, 04 October 2017 21:38 UTC

Return-Path: <bob.hinden@gmail.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76EA2133073; Wed, 4 Oct 2017 14:38:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g4TateNDoKyg; Wed, 4 Oct 2017 14:38:25 -0700 (PDT)
Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52F571323B4; Wed, 4 Oct 2017 14:38:25 -0700 (PDT)
Received: by mail-pg0-x22b.google.com with SMTP id r25so4804819pgn.4; Wed, 04 Oct 2017 14:38:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=idVfSa0mrUORTczwuJLWYrnAykdo+DRWmEzfQgFBMqs=; b=NijQ97LwEQ1gyFjuVRTBa87IVqr7EboLDW8T1JWBljgKPsaMX4xoUF+mxp4159aefi E6PKqNoNHOS9fpzDfoB7nds4oDXaDwpId5xKttgF/zWS/22pnKJntZ26W7ib0JD86BNc O+eFyCeSOAdmrHNEx5MB7qHil9FjzKR3XFnXKPLImQSwZVVroEDbWo0VZOBK8bt3c5L6 SDBgQnXw/vklHbQQPoXkOwEMSDc7uYn7XVd3sTquUvq2eYD3AWMIzwzq3bRYM/CrxL5s GHcD/rPBX68sd/lkBUyEsbA+PkImwE2U0eEXN9Px5pO4FyiSFIuIvIGHbDd8ehMIg5xe nSfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=idVfSa0mrUORTczwuJLWYrnAykdo+DRWmEzfQgFBMqs=; b=FaWX43J7JYUErIde28yg/hOlGpOGJOktrsFfsh1ueu5lpmyVk+hRZIQvAEM+rwsOWI xg0vKNaVoOQwauvh3+5BEzMYgDwNL0JxxOYQx73jhcfG7EqAOcuwSaqk+ldyAsnu7sI9 vQyGtCqVHxvs8x2mS+PBIUlfHF8vTDAp6zxta9gfn6KulK/bGVoYX9LDMr+fpa6nDvgP pfzCAy/SgZQTdbkNqi8J/7amnHz/L5WqdjQZzpvHNXjGHVF7HK9aYRWtI9+mEYGOvLjE eHfmFeCUPd9sxu0AM5hWV0wNG7eXxLtS/4EncNHQSj7qrpsOqHBatoaNfQsLldmQyL7c L+GQ==
X-Gm-Message-State: AHPjjUjJdFsmVctnkepQSMYrgX9q6AVwawsLg1yFxuIp2+QH873C5rwx sXxQ9OUr4f7HGiNXytov/AU=
X-Google-Smtp-Source: AOwi7QBnCPMt5HbFYNkPlS72srXHhR4CMYS/nsJh8/tsyZjMwhAqb/MI8ocjQrbrvFHavaIm7oO2TA==
X-Received: by 10.101.87.139 with SMTP id b11mr18842299pgr.186.1507153104735; Wed, 04 Oct 2017 14:38:24 -0700 (PDT)
Received: from [172.16.224.219] ([209.97.127.34]) by smtp.gmail.com with ESMTPSA id u20sm26363349pfh.171.2017.10.04.14.38.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Oct 2017 14:38:23 -0700 (PDT)
From: Bob Hinden <bob.hinden@gmail.com>
Message-Id: <2C2BE7A7-C885-4B38-ADA4-B29EADEED387@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_1B231D9A-4A46-450A-865B-BDED0483DA8F"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 4 Oct 2017 14:38:22 -0700
In-Reply-To: <8C3BB7BE-4E84-4D44-8DA9-BBE80EA51752@nokia.com>
Cc: Bob Hinden <bob.hinden@gmail.com>, "v6ops@ietf.org" <v6ops@ietf.org>, "draft-ietf-opsec-ipv6-eh-filtering@ietf.org" <draft-ietf-opsec-ipv6-eh-filtering@ietf.org>
To: "Van De Velde, Gunter (Nokia - BE/Antwerp)" <gunter.van_de_velde@nokia.com>, "opsec@ietf.org" <opsec@ietf.org>
References: <8C3BB7BE-4E84-4D44-8DA9-BBE80EA51752@nokia.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/9FigBATRkVHAurXv3aNNR-Z46JU>
Subject: Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv6-eh-filtering-03
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Oct 2017 21:38:27 -0000

I also don’t think this is ready for a w.g. last call.

It doesn’t reference the new version of the IPv6 specification RFC8200.  There were a number of clarifications in RFC8200 regarding extension headers that may require changes in the draft.

For example, Hop by Hop headers are now a “may” in RFC8200, but this draft says:

   The Hop-by-Hop Options header is used to carry optional information
   that should be examined by every node along a packet's delivery path.

This doesn’t match what is in RFC8200:

   The Hop-by-Hop Options header is not inserted or deleted, but may be
   examined or processed by any node along a packet's delivery path,…

I didn’t do a through review after I saw it didn’t reference RFC8200, but I suspect there are other things that need to be changed to match RFC8200.  I think the authors need to do detailed review and publish a new draft.

Regard,
Bob

> On Sep 29, 2017, at 1:12 AM, Van De Velde, Gunter (Nokia - BE/Antwerp) <gunter.van_de_velde@nokia.com> wrote:
> 
> This is to open a two week WGLC for https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh-filtering-03.
> If you have not read it, please do so now. You may send nits to the author, but substantive discussion should go to the opsec@ietf.org list.
> (While V6OPS WG is in cc because of close alignment with the WG expertise area, may we ask to send feedback and comments in the OPSEC WG)
> 
> We will close the call on 13 October 2017
> 
> Gunter & Eric
> OPSEC WG co-chairs
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops