Re: [OPSEC] [v6ops] draft-ietf-opsec-v6

神明達哉 <jinmei@wide.ad.jp> Tue, 09 April 2019 17:48 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19EAE1200EA; Tue, 9 Apr 2019 10:48:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.669
X-Spam-Level:
X-Spam-Status: No, score=-0.669 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, FROM_EXCESS_BASE64=0.979, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VotET524_esm; Tue, 9 Apr 2019 10:48:51 -0700 (PDT)
Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84CB412089C; Tue, 9 Apr 2019 10:48:48 -0700 (PDT)
Received: by mail-wm1-f44.google.com with SMTP id n25so4339239wmk.4; Tue, 09 Apr 2019 10:48:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=E5jjEWjTD8Jh56Ggt3rueaVaMEllxBNK7pyM9zuTHWI=; b=DtEV2SQ05l28SoHzNJtfOrahGGPCjZdq7ygoe5UDSrcfEMwI7rlxaiFwbkhqo3IQz3 4vEzxwCMe/a7NrAI4DdZH55c9UTm875T5r6HpCSekGjkUEyd01raj4SY1EaUpgRAaK/d qHAtqAgfnUxE9Tit3EqBPpGxQD6a3CD5hzPFKXYQ1JTRhni/NdfVCUX4u0WRapIu4Hrj Xhmj3XhZSySI3W4jyb1lXvjuBv0POkYwbSC4bqO9QLqpdTfMryDy4WUbVAM7Yv4Yr49u Vq3EzyxcjsIm/jL2r0i4XjFmMOH7gbgLc7EtokY4iPdr3nLs7Zw0LeGbez49xpq1lpxy 3z2Q==
X-Gm-Message-State: APjAAAVeRAQ6hM0dzKjtXhC9Mlz7JxN46NkFh4fep4wc8XS+q1GvZmsz bo8oc0sGmw7WwNgupwpqzafntoiou4DH0H0adWU=
X-Google-Smtp-Source: APXvYqynu9ngEh28/jOS9c59UfAopELgeFIOAZr6zLU5rqefwWjlRRZtF4mq2agLsJ0o1IDR3r2onVbNRu/2/WMbe58=
X-Received: by 2002:a05:600c:2294:: with SMTP id 20mr1908828wmf.56.1554832126733; Tue, 09 Apr 2019 10:48:46 -0700 (PDT)
MIME-Version: 1.0
References: <EF0F0E61-D04D-4484-B62F-9E2AF5EFC667@gmail.com>
In-Reply-To: <EF0F0E61-D04D-4484-B62F-9E2AF5EFC667@gmail.com>
From: =?UTF-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp>
Date: Tue, 9 Apr 2019 10:48:35 -0700
Message-ID: <CAJE_bqe0-AbX=_OByb-X4QbjRVB_mujnt7xzCVpQz6=s9Vh9pA@mail.gmail.com>
To: Fred Baker <fredbaker.ietf@gmail.com>
Cc: IPv6 Operations <v6ops@ietf.org>, opsec@ietf.org
Content-Type: multipart/alternative; boundary="00000000000099736c05861c909a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/Fx4iHq_an8LrGlQZzFpPdpNz1FI>
Subject: Re: [OPSEC] [v6ops] draft-ietf-opsec-v6
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2019 17:48:53 -0000

(Note: I don't subscribe to opsec@ietf.org.  So I expect this message
will be subject to moderation).

At Fri, 29 Mar 2019 06:18:37 +0100,
Fred Baker <fredbaker.ietf@gmail.com> wrote:

> Yesterday, the authors of an opec draft asked us for comments on their
draft, which is in a second WGLC in opec (opsec@ietf.org). You may have
missed the character string:
>
> https://datatracker.ietf.org/doc/draft-ietf-opsec-v6
> https://tools.ietf.org/html/draft-ietf-opsec-v6
>   "Operational Security Considerations for IPv6 Networks", Eric Vyncke,
>   Chittimaneni Kk, Merike Kaeo, Enno Rey, 2019-03-11,
>
> I'd encourage people to read it and comment on the opec list.

One quick comment, in case no one pointed it out: Section 2.3.3 refers
to I-D.ietf-dhc-sedhcpv6 as follows:

   [...] Another way to secure
   DHCPv6 would be to use the secure DHCPv6 protocol which is currently
   work in progress per [I-D.ietf-dhc-sedhcpv6] , but, with no real
   deployment known by the authors of this document.

In my understanding, this draft is effectively dead rather than just
missing deployment.  There may be yet another attempt of restarting it
in future, but I see no indication of it right now.  Even if the work
is eventually restarted it will be something completely different from
the current latest draft.  So I'd suggest either:
- just remove this sentence, or
- if you want to keep the reference, make it more consistent with the
  current situation, like:
    There was a proposal of secure DHCPv6 protocol [I-D.ietf-dhc-sedhcpv6],
    but the work has been effectively suspended and there is no
    indication of a restart anytime soon.

--
JINMEI, Tatuya