IETF Logo Mail Archive

Re: [OPSEC] I-D Action: draft-ietf-opsec-ipv6-eh-filtering-10.txt

Fernando Gont <fernando.gont@edgeuno.com> Tue, 03 May 2022 12:35 UTC

Return-Path: <fernando.gont@edgeuno.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40F0DC157B32 for <opsec@ietfa.amsl.com>; Tue, 3 May 2022 05:35:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.758
X-Spam-Level:
X-Spam-Status: No, score=-8.758 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=edgeuno.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QDgDggFp9JAa for <opsec@ietfa.amsl.com>; Tue, 3 May 2022 05:35:18 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2137.outbound.protection.outlook.com [40.107.94.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1C81C14F726 for <opsec@ietf.org>; Tue, 3 May 2022 05:35:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KEq+nCLMeeFAdOjgkwe1RdNia/8va8U9cEIZvsKsnxIFuANZGmC0wIEKmx7s+7Vly8+pmrSQ0NgM2ysembGkoHF+3N6DbaarWqNc1qZvUbg2WfgzLjIuDRz6mdeswjZ6pKdrER6OlSH9LSyfdGaP3eXFgPylbhpToGCHGoKxuhjafyOTthaYgR6WuZ1bZnmW/Rrl2j1z+KkL3yNSwGo2JB8OV3oSzbfAG8szDfQw8aIY4VuoZkbNf1i3xsnhmBOp7b2SVbCxpImfZR/n/vOjVMHEtr1qm1Zc0sNMTQCN34tXKYCpXmLdAacjmRM5cRQgjBmLISq5JFP+ycInhpcbKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=96vEXxKzgAzCkeiCBy1htPezcPu6u7J5RFimKPTNLwg=; b=Xg7GoRgmW7PAUQSnMEG6aQPWILKsYKf0lQxFfRve2ELljMc32VEuPYs1WUFVf2tCSrGcMlrU8wCysSyA8hm9SYuz7ClmJT49R50+ULl6hR42kHR34HHC6O7ytGIKx7O3QsV6DVUfgM4GcyG39UN0atXT87sRlIyi0cU+F9WoqGw2qpWmsZT1dQ9Vti/i+xihHx6w+1vh5+lmNtUtmtyF8q8DcMOEhvxU0JqWx5Fo9uAogsxMovF7QwmKPpsOthWWVM2OptD/LxB3caSAWvlUtD5Rml7RmJ3q7lsJ9SqeXgTyCY/S4/X0k88Ai5McYCFJsOrU2ATQoiQ4uKhSvr78qQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=edgeuno.com; dmarc=pass action=none header.from=edgeuno.com; dkim=pass header.d=edgeuno.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=edgeuno.onmicrosoft.com; s=selector1-edgeuno-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=96vEXxKzgAzCkeiCBy1htPezcPu6u7J5RFimKPTNLwg=; b=YA6Uk4mk2k8z7VjS5orwfMtMv6N9Y6rh6tObmKKdLfrI0TW5x6hX8NeVFLZA2iAfC7Tp5tX3pbBRxZUvBjOwJyKJyZE5AOtC/yXZCVGh7Vum5AIUIioeoUkV8uoLutyJMWgJeGax5S8aTbPGdCU3hYp3w+/tqeNrEwPOq1uff/U=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=edgeuno.com;
Received: from CO1PR05MB8039.namprd05.prod.outlook.com (2603:10b6:303:f0::7) by SJ0PR05MB7373.namprd05.prod.outlook.com (2603:10b6:a03:27a::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.14; Tue, 3 May 2022 12:35:13 +0000
Received: from CO1PR05MB8039.namprd05.prod.outlook.com ([fe80::845c:4e39:6d65:430f]) by CO1PR05MB8039.namprd05.prod.outlook.com ([fe80::845c:4e39:6d65:430f%8]) with mapi id 15.20.5206.024; Tue, 3 May 2022 12:35:13 +0000
Message-ID: <bb4d128a-9c4d-50ed-22ca-98099d80acf7@edgeuno.com>
Date: Tue, 03 May 2022 09:35:01 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: opsec@ietf.org, Warren Kumari <warren@kumari.net>
References: <165158077922.20817.2816173918225190001@ietfa.amsl.com>
From: Fernando Gont <fernando.gont@edgeuno.com>
In-Reply-To: <165158077922.20817.2816173918225190001@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SC1P215CA0067.LAMP215.PROD.OUTLOOK.COM (2603:10d6:4:42::29) To CO1PR05MB8039.namprd05.prod.outlook.com (2603:10b6:303:f0::7)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 075c481f-5709-4b0f-c24c-08da2d015e7c
X-MS-TrafficTypeDiagnostic: SJ0PR05MB7373:EE_
X-Microsoft-Antispam-PRVS: <SJ0PR05MB73738F56654EA3A888F38F3CE5C09@SJ0PR05MB7373.namprd05.prod.outlook.com>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: AIyKZOSDjLoyRtiGmozCaiH8l1JZb7aXNfrGXcCPzVu9wP3tbYKEd7pjZO3SEeDqdm5GnHJRJqYddePKRqcfgAvrNhtqfq7nY341tWT89m65g+6QGJXEKqn00BlcgPQRvcDzyrvEfXhOCqrZHYXPKErn3qjyGX530nrYboY9bMZs9+2gxEr9JxX/CWIShFhn7iICSDH0rqHR714nKZdJJM0+NfRYlZPdPgn1q0P8ZXO4SYSK+5DP7iD6it/m999m7QWImed7JG463smsD0jF73NkaAqXWccWr6trFTp54wkxaziSb7cjP5a6IIB+IDaKl96IWs/mhlKFOlxZAV7EJgLnKplp5QhvBM2ssWdI1iQ8DIjvRf1P1eyDYZz//2tUKnwAZrvEM0leQcmcEYdA/aignE/MajM460jFHtgV0JqKFNbHeJ0W6NzM3Uvj/CcKgrzWrEhzBw/hp9I/gB7Sl5VjUFXMzd2D+GTOh61b0TCn8ZVIE0HPPWZ7cj9a1KZyt4eoBtbXgf6VIjt0n7H8NuV/ZEep++f6awj1QWM5kCQ8LJfmuCrjO6iweJcpaOhh3kO0N0qkIvViKpESCpgqcyXn8m/2W03dVTkxi8YsUysodq8SiLBN39rj9YdzESfuccPg0It6+IwtRC0RuqjU0m5reyhQBaT7t0v8kx0wddlSTjnmkmLpjkUNMVM/HF4rd1o87P+y1Zmi7kSQiWjQ2XxLLZIpPDtWtJM8nd6cfIiep2rmNVfnrmdM6i3YI0iFsX8FyrKaz6Jrunj25KoJBYrKRRoueqk5wH4GUgLhohO2+cofdt63391J3TXWVdXwfpchjD5jwECS66IS9xaN3CToP3WULueeRJmpmPWjaLY=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR05MB8039.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(136003)(396003)(366004)(346002)(376002)(39840400004)(38100700002)(66476007)(508600001)(966005)(5660300002)(31696002)(8936002)(6486002)(66946007)(8676002)(53546011)(86362001)(6512007)(6506007)(66556008)(52116002)(316002)(6916009)(6666004)(66574015)(186003)(2616005)(31686004)(36756003)(83380400001)(2906002)(44832011)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: P2BFu6Pb+GyiXoPaX7VSOjlz8rmUglZyFqRdAVYBrhLGERXDANqi7ZZQk83TA8mnJZ/0XrHvmru1TTAS01Oh0KOmJe8IBId4Snb2WcMTpGmBzcHd509E9hkvbrpaHd0o+8l1it7hNw3ENjy4C6nGwcpBwvj5dSxt9QFhNXnLvwpH6o+ddqeXfO9xGhTKnCAuYZbQFGpfKF/7MdTqTa7KxXy212PgXJvStMicq7srLgU3+rAApY4AUYVegKUQRYhxoQVgVd5DVPU3bLRqI+p7japwNDacyKtU+qt5sqo6/cltbvDhUxds6YZxxh6CdCdYjieL6h718UkFbdgwhmru/D7jGbhlVLQnAZYgDaTlAcuOTlwBSaMELJchYdxG4TWN7V/r/9QYi8V8PmWKA+yjb41AIVJkLP/RKcZkj8VgGeD0EHfrV/vjyP3+wzRPWQrwuDNGo4U7zOrP3/WEU27daWrlFiFq8FYqN+CyrubGdMfsCinfHo1sPwJat3j6JxP6TYjzb/8e7sznwYQHJT3argz84JBofQQef/0cj7WNJ1CQ6c4jjRvoodgXn3yWDjwEjjiAMQnsUO/kbyoGu3jd9xKPGd0eYmb5PwFbqnIP2gSDWdXk0a/Ax05MKsNzX+3HCZLme15CrOgQ7b0akM0Srni7qn0o2ia17pJnnLvYqeEFae5JC9MNTS/loYK/LNRDP7MzXMRI4fX37qlhuTa+xxPIH6htWFTvnt5F3yK9cciA1bxCSi5tQpYMFTAIDhESl86xmt3U/p27uyupVoQaP+TMn27DxzPYL2PbdqiH05xk9EfsDqgFSf+hsfBKASPu6NOFii5D5IHq6QLW7OY7Vl1KEhN8Uhychcq0g4QFTrx/w6UJujopQC+4hsY/RPytcEXIThcmOhK+CPcxMXuhfPsjFXQpN3hsuLiyLJ9+RQ++0zlBmL8GmqU/hya6OotUbaiUkE/R1MNVGkRs3pjnvwC67srbXlTpQHtEA6NjQqittDb48NhMnNLqoB0RdKO5O3wmD6U2AuXUHO5/s9ZKuAbuoS7Q4LbTM/TiSxF6LAYM7NpEOdP+9cOjTZzjFSXP429ceO8ukVMWuHggBYK6uqy8dYitY6+40d3zyxB4EcWUe/rY77/8Chq/rmdCvYfiBLB7wIR3i+rBeyJ5u0pBrwyWsZpIU5AhTb98Zf2vl+EQbxKnfoJXkQv7nbOg2nsw6rm5+Qbeh4LMSpkklgdlqlkEBvrt6lNZDfJpNB77K2m6DdI17U/xQqFWGci52EN3BRdezxHLquG/CjTsTN7PXw6LppE8aNSVFoj/I0iZ+sQmqpf3fod5G4WkB1KRUUVHeuhrVINpxQ8RVDpAAYivsBrQcpXdt+DcBSeYDdhmAP6yMa/UScmS2YjK82BDUyFUg4gJBgdTkFRZz1ViTaGPNgmiQ8iI4shzUW2Uuh2UpalfwWHPIdc/8t4KgmXOVNtKiseTkUAYjrIFikfLgTmEb37vOj2C2xZrVf9tMMs06MS7XoskiQFAWKKf77QpCQGWm0ezf10r3b1+XFhZRbgeLU/gbrpuqrQHcoRDZzhnUOB2upG5AAXmHYzumQ/VqhCmQ/9CHSI+tKRhgxKQu+vQV82tzU47Ea+8arhARpQkZubF6Vqba8n6B9iDcHPiJ1U/ZSevl1eelOFCvdrTI03rfnRzh7/wO3I00Clm6pvPjZ8Q8jQuXIcPb8Vg6xlXHJvu/Hm01/5JVpVns1fTni99OSHc1cQWQDRNPjmk42/afaehVi33gNGA4DvE1HLFGmuA6qHBaAHG
X-MS-Exchange-AntiSpam-MessageData-1: ASSdud/4dpwMJgKqkqIDO8brOM6bp39ZMco=
X-OriginatorOrg: edgeuno.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 075c481f-5709-4b0f-c24c-08da2d015e7c
X-MS-Exchange-CrossTenant-AuthSource: CO1PR05MB8039.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 May 2022 12:35:13.2453 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 20879dba-fabf-45da-8300-60b8ce560217
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: W2ECGS4xjHU2dX/HIDjE0lKGgM1W5cqzVaYKBMRTaHfvGBfQ+H+cuql+kHGcIu00HYx9GdyNo9zSoYClwnp9OYdDTSWJlvf0ZDgo6vz5Q+c=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR05MB7373
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/DqKCg6fl3hmG-0ceLe0SUfraDlY>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-ipv6-eh-filtering-10.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2022 12:35:20 -0000

Hi, All,

I finally was able to commit somr to to work on IETF stuff, and was able
to post a rev:
https://tools.ietf.org/rfcdiff?url1=https://www.ietf.org/archive/id/draft-ietf-opsec-ipv6-eh-filtering-08.txt&url2=https://www.ietf.org/archive/id/draft-ietf-opsec-ipv6-eh-filtering-10.txt

Thanks,
Fernando




On 3/5/22 09:26, internet-drafts@ietf.org wrote:
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure WG of the IETF.
>
>          Title           : Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Routers
>          Authors         : Fernando Gont
>                            Will (Shucheng) Liu
>       Filename        : draft-ietf-opsec-ipv6-eh-filtering-10.txt
>       Pages           : 40
>       Date            : 2022-05-03
>
> Abstract:
>     This document analyzes the security implications of IPv6 Extension
>     Headers and associated IPv6 options.  Additionally, it discusses the
>     operational and interoperability implications of discarding packets
>     based on the IPv6 Extension Headers and IPv6 options they contain.
>     Finally, it provides advice on the filtering of such IPv6 packets at
>     transit routers for traffic not directed to them, for those cases
>     where such filtering is deemed as necessary.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-opsec-ipv6-eh-filtering/
>
> There is also an htmlized version available at:
> https://datatracker.ietf.org/doc/html/draft-ietf-opsec-ipv6-eh-filtering-10
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-ipv6-eh-filtering-10
>
>
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
> .

--
Fernando Gont
Director of Information Security
EdgeUno
PGP Fingerprint: DFBD 63E3 B248 AE79 C598 AF23 EBAE DA03 0644 1531




“This communication is the property of EdgeUno or one of its group companies and/or affiliates. This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and if you are not the intended recipient be aware that any non-explicitly authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, and will be considered a criminal offense. Please notify legal@edgeuno.com about the unintended receipt of this electronic message and delete it.”

v2.23.0 | Report a Bug | By Email