Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv6-eh-filtering-03
Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 04 October 2017 22:10 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 401491320D8; Wed, 4 Oct 2017 15:10:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ri0ZU9KyS82q; Wed, 4 Oct 2017 15:10:04 -0700 (PDT)
Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BE8E132F3F; Wed, 4 Oct 2017 15:10:04 -0700 (PDT)
Received: by mail-pg0-x22b.google.com with SMTP id b192so4151502pga.2; Wed, 04 Oct 2017 15:10:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=BXXOL4VZMLdtiyNkwkR/vFzfW9y1nnorTKTHOxDIjMI=; b=BphDhXn25OYaiyivIxuV/6ApxY4N3IKDmIt6XTFvyEtU0BqN4IlWYZBhH+QQtJ9F2l EQilOHaw0JSe8X3xrUhu7xFigtwdb5qyLTXQ2MRrlAChu9359ZDBIQm5ABv3Vn4inNMB q/u479nZ+6SI+xE//WABEJqitRmbLdAKRf4YdvwsgajEEFFwK51xFq40yOVuRiFJEn0O 65vN9ByWsulZO8HCBX09idq1aoj3jDw7nYJvKst6RRuBWRLsXljtI+QdpXPAKaoXeo5c jCmAXHC65cHo/2GyJPmQdJ3Y3s2UiOlmmGsw8ZbUIH0LH+7o84nDLvlVLR2juGwEVdKT ZgVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=BXXOL4VZMLdtiyNkwkR/vFzfW9y1nnorTKTHOxDIjMI=; b=cw/A/fLS0uAhtrUzdwmTdWTOMb0m2pZX5jlsarzzr6NCNrhzEGVH8MicoGgG3e5UKM 6CqJysd9PDDU4Xh8zLseX59uwJ+s32D/QSOD7Jt/r51LhO2XjO3AhtOSjDEJyqiY8lya v/4L2QvE1MRp35/q0y2yzcb9QQsKptoNJqpzVYlVW/Fl0pcMuUBc89j90pnJpyHYtMim gvmJNjcv9yKkQrvTVYXawbiMdz5cIapqN9Px5rdg9BAde2N8YxCr8zaXVvb8N4+dYDY1 /T6WC2LXiFGNNRSotFTI0dsbltaauVT+Z8uQE0abnCEMpjZfFRroegBRczbXF2Y0SN+P RMWg==
X-Gm-Message-State: AHPjjUiunXLwiULAZ2zbWAOCHDyONTel0QnNibmYUBnGNeFRRRnBliHe K2OPfGsvvuecaJY3wYmNkdV1vA==
X-Google-Smtp-Source: AOwi7QACJdPqu+mRE58utVqQQZQMakfZaS7Xc+3J48JpthweXjh6CjKyFD8Oy8FGJF8YocKJ3g3U+Q==
X-Received: by 10.99.184.9 with SMTP id p9mr19032957pge.6.1507155003395; Wed, 04 Oct 2017 15:10:03 -0700 (PDT)
Received: from ?IPv6:2406:e007:6d3c:1:28cc:dc4c:9703:6781? ([2406:e007:6d3c:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id f22sm10960024pff.147.2017.10.04.15.10.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Oct 2017 15:10:02 -0700 (PDT)
To: Joe Touch <touch@strayalpha.com>, "Van De Velde, Gunter (Nokia - BE/Antwerp)" <gunter.van_de_velde@nokia.com>, "opsec@ietf.org" <opsec@ietf.org>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "draft-ietf-opsec-ipv6-eh-filtering@ietf.org" <draft-ietf-opsec-ipv6-eh-filtering@ietf.org>
References: <8C3BB7BE-4E84-4D44-8DA9-BBE80EA51752@nokia.com> <e8ede91e-8d46-5364-9789-76d7e833fb7d@strayalpha.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <2c8c0d70-4b63-12ba-d83a-192b829159b8@gmail.com>
Date: Thu, 05 Oct 2017 11:10:06 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <e8ede91e-8d46-5364-9789-76d7e833fb7d@strayalpha.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/9LoGyWQQLOQLROWRlzyJzn-IIeY>
Subject: Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv6-eh-filtering-03
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Oct 2017 22:10:12 -0000
On 05/10/2017 02:12, Joe Touch wrote: > > > On 9/29/2017 1:12 AM, Van De Velde, Gunter (Nokia - BE/Antwerp) wrote: >> >> This is to open a two week WGLC >> for https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh-filtering-03. >> > > I do not agree with the claims of this document. It "informationally" > advises against support for key IPv6 capabilities and undermines the > extensibility of IPv6 by making recommendations about discarding > currently unassigned codepoints. Here's the problem, Joe. It's a fact of life that many firewalls discard a lot of stuff that they shouldn't - that's why we wrote RFC 7045 - but in the real world, operators blunder around based on folklore and vendors' defaults. We can't change any of that, but we can try to issue sensible advice that, overall, will limit the resulting breakage. IMHO this document, positioned correctly as Informational, will do that: on balance, it makes the world a better place. I agree with Bob Hinden that a careful review against RFC 8200 is essential. I already pointed out one problem (RH0) at https://mailarchive.ietf.org/arch/msg/opsec/StjbjvCP9PLC3ssnTKYO6jqFgk0 and Bob found a problem with Hop-by-Hop. Brian > > This is an overstep for an OPS group, IMO. > > Additionally, it refers to RFC2119 without taking care to capitalize > those keywords where used or to provide specific examples where > recommendations contradict existing Internet standards or are not > definitive (e.g., SHOULDs). > > I don't think this document is ready in any way. > > Joe > > > > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops >
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Brian E Carpenter
- [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-filteri… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Joe Touch
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Ron Bonica
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Bob Hinden
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Brian E Carpenter
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… C. M. Heard
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Tim Chown
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Ron Bonica
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… Ron Bonica
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… Joe Touch
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… Brian E Carpenter
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… C. M. Heard
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… joel jaeggli
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… Ron Bonica
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… joel jaeggli
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Fernando Gont
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… Fernando Gont
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Brian E Carpenter
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Fernando Gont
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Brian E Carpenter
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Nick Hilliard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Brian E Carpenter
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Nick Hilliard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Nick Hilliard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Fernando Gont
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Bob Hinden
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Nick Hilliard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Fernando Gont
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Ole Troan
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Nick Hilliard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Fernando Gont
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard