IETF Logo Mail Archive

Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-18.txt

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Sun, 22 September 2019 12:20 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEA501200A1 for <opsec@ietfa.amsl.com>; Sun, 22 Sep 2019 05:20:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=FvEzpdop; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=nq8owuWO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OhztHEryJTMA for <opsec@ietfa.amsl.com>; Sun, 22 Sep 2019 05:20:29 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78193120026 for <opsec@ietf.org>; Sun, 22 Sep 2019 05:20:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2530; q=dns/txt; s=iport; t=1569154829; x=1570364429; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=R+K2W7wsYsha5KfogfDIi5lhXkkxgPimsttTU6n/vBk=; b=FvEzpdop91ZiKWCik0xbWgdua1jHj+1eUrMGib0jxsehjPkReHI2/4uY ekAx8xdhxtyjVLlLwrtshFEX9wmFXDyqDsgaKqNj0aBLbx0tPGDBRnCPC 9WK5VwBN1vMHEVT0po9pgO/vTIhhmrlYnvBIdTzztSiSzb+NB4j9CkgL9 M=;
IronPort-PHdr: 9a23:Qb/eMxS1OY1sdL0qLP6A6AcOu9psv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBdfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOiEkDcJJV1JN9HCgOk8TE8H7NBXf
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ArAACtZodd/49dJa1lGwEBAQEDAQEBDAMBAQGBUwYBAQELAYFKUANtViAECyqEIoNHA4RShiRNgg+JZ44NgS6BJANUCQEBAQwBARgLCgIBAYQ/AheCciM0CQ4CAwkBAQQBAQECAQUEbYUtDIVLAQEBAgEBARAREQwBASwMDwIBCBoCJgICAh8GCxUQAgQBEiKDAAGBagMODwECDJ16AoE4iGFzgTKCfQEBBYJIgkUNC4IXAwaBDCgBjAgYgUA/gTgfgkw+ghpHAQGBYReCdDKCJoxrgm+HXpUXQQqCIpEJhAEbmSWOGoobjnoCBAIEBQIOAQEFgVI4gVhwFTsqAYJBUBAUgU6DcoUUhT9zAYEojj0BAQ
X-IronPort-AV: E=Sophos;i="5.64,536,1559520000"; d="scan'208";a="336934710"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Sep 2019 12:20:28 +0000
Received: from XCH-RCD-020.cisco.com (xch-rcd-020.cisco.com [173.37.102.30]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id x8MCKS6L027659 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 22 Sep 2019 12:20:28 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-020.cisco.com (173.37.102.30) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 22 Sep 2019 07:20:27 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 22 Sep 2019 07:05:22 -0500
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Sun, 22 Sep 2019 07:05:22 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ac7EDlg+wer0Ay+mA7McPqN3YflJniQ/+NsgUhiI2chyUg7h7kyVsR3mqtJMXea/ngrDJ/QhGGssA+QZb2zaMbbK17Q3GrfpzjFs5MIkIkW1FVDCp398rpm5E+oW96GFnZKKahfAGouw4UCgokknScSo53JHZc/IZna/vM4N++igQ8kuVaQoREWVI0iGiHongSf59Eo21G/TC+9JjW856vwFbrZkTtWr0NL9ZOlaSGafUySJgqkrTKmqcL6faEtoh9HAcof7wzM3ziy9EXXGnXhJoBtCmGuteFAFkvVymarcVA8MrVWcj8ACeQlTWYMQnPETprG4UYyU95QhTAe0WQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=R+K2W7wsYsha5KfogfDIi5lhXkkxgPimsttTU6n/vBk=; b=mO4OgPu6zTofR52uXF5qpcvrpixOaKoaRhyT4KGlRJzKHJJC53VGxfGIARba/FqKuBxZg7Xk3z9KbT407ukkEkARnayGsKNcNBb8394Uvk/yIeZqnxau6+H3Jj1mt1ilqA5DlsXQdwLGvV4NEw0NP6KMbnT4EzwrbD74+KrIgNqCxEM4CbwvPoCvU+r2b9rSKLstJhyvp060D2dmn3okDRhEuO1XL/vj/cS1xa0+p4hER+DZbH8JljbMHI9Mwugu0jAfJnFGXVmJbWf1BJThT8gN5v6lEe3yeanlkwcNf2sc1DUcrCp33aNBLdFPwgyKL7xgdj2FhovUIOuk/77BLQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=R+K2W7wsYsha5KfogfDIi5lhXkkxgPimsttTU6n/vBk=; b=nq8owuWOkJo8bUEGiv1ekZXL1SJPW7EwcMORDJUuxigSgQpDQm7Elq3DBecUfPB3/vwHKgOomD2Nm8EbjZw6grCVh2KPTM66geWFiQOH9aR7etug2+lqii5FpsioqBwi7tBp0wHrdX9l6Q4atnFH4q5LjWoUhdqDzAFKwXGKN+c=
Received: from MN2PR11MB4144.namprd11.prod.outlook.com (20.179.150.210) by MN2PR11MB4447.namprd11.prod.outlook.com (52.135.39.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.23; Sun, 22 Sep 2019 12:05:21 +0000
Received: from MN2PR11MB4144.namprd11.prod.outlook.com ([fe80::a867:28ea:afa3:be5f]) by MN2PR11MB4144.namprd11.prod.outlook.com ([fe80::a867:28ea:afa3:be5f%6]) with mapi id 15.20.2284.023; Sun, 22 Sep 2019 12:05:20 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: [OPSEC] I-D Action: draft-ietf-opsec-v6-18.txt
Thread-Index: AQHVcMFqDVHP+Q4xIEyFc7NlPKUMQqc3vAYA
Date: Sun, 22 Sep 2019 12:05:20 +0000
Message-ID: <803DA885-0CB1-45E9-B784-EB051EF30158@cisco.com>
References: <156904975523.23067.17396839114206805258@ietfa.amsl.com> <e55e2d8a-0e3b-a80a-8fc6-bfd634d69b9b@gmail.com>
In-Reply-To: <e55e2d8a-0e3b-a80a-8fc6-bfd634d69b9b@gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [2001:420:c0c1:36:79a9:7e13:dfc6:a10f]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fdb5ceb3-0c1b-42ba-38bf-08d73f552442
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB4447;
x-ms-traffictypediagnostic: MN2PR11MB4447:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <MN2PR11MB44477068AD49EA3E8AD46E0DA98A0@MN2PR11MB4447.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 016885DD9B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(346002)(376002)(366004)(136003)(189003)(199004)(86362001)(966005)(2616005)(6512007)(6306002)(6246003)(256004)(7736002)(305945005)(66946007)(99286004)(66476007)(71200400001)(46003)(66556008)(6506007)(66446008)(71190400001)(91956017)(64756008)(76116006)(446003)(478600001)(6116002)(11346002)(476003)(186003)(14454004)(102836004)(76176011)(486006)(316002)(2906002)(8676002)(6486002)(2501003)(25786009)(229853002)(36756003)(81156014)(81166006)(58126008)(110136005)(8936002)(33656002)(6436002)(5660300002); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4447; H:MN2PR11MB4144.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: PqXZchlcSb4FcgtYQ+qzai4wzspvB+CFPIeQQgCk9fsbzwrSHZ2u9g6eQ8g3v8U60PNA4p+58N6i9RM5ynXyXZfbmjOhctSkBVtaEuSreepWPsCnWFuLeysTZBmA3Kx1BH2MALp+xKQNe4pNA3L9S2MQvA/LV1GP4AcI82RwibwJlNH6FfshRMtJkdsrU48IX4b6peet465cwCZ9VwxILDNsqnleUHTRE/R+kO51WZpbi1h9dxihyCYw/O59GPJ2jYJjCGagS1pyoZgQ0xzfYwjTXkj4EeD3HmAB0qW34u6NGJ0pk6HOnYEVGjtTIZpOpBxG10Nl8Jp4lyP4V/yHRW7xSfdF1VJdTf+UNoozTQR6PRnSgzLviO6c1NkbHwA7CWIfOUSH17ufUo/MMLm/z+QtBhF+v+biU7DLbxWTFRY=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <787CA0202C24824A9A3C13DF2220834E@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: fdb5ceb3-0c1b-42ba-38bf-08d73f552442
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2019 12:05:20.7045 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4I6w9M1wWh2mvDzqEP8l3Dh9yGwiK813UaNrVaAHYBBytrfyU761Ck1nkcQrdGIe4RZ34l+YOfhNRAPX7gVXqA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4447
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.30, xch-rcd-020.cisco.com
X-Outbound-Node: rcdn-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/Fy_OFB-JihLjxqeqxDrjlLUwzK0>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-18.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Sep 2019 12:20:32 -0000

Brian,

Thank you for the improved text. 

Expect a -19 any time soon

-éric

On 21/09/2019, 23:14, "OPSEC on behalf of Brian E Carpenter" <opsec-bounces@ietf.org on behalf of brian.e.carpenter@gmail.com> wrote:

    Hi,
    
    I think the ULA section is still not quite right.
    
    > 2.1.1.  Use of ULAs
    > 
    >    Unique Local Addresses (ULAs) [RFC4193] are intended for scenarios
    >    where systems are not globally reachable, despite formally having
    >    global scope.  ULA are not similar to [RFC1918] addresses and have
    >    different use cases.  One use of ULA is described in [RFC4864] and
    >    some considerations on using ULA is described in the draft document
    >    [I-D.ietf-v6ops-ula-usage-considerations]; this document failed to
    >    have the IETF consensus and is now considered as dead.
    
    1. I think it is worth mentioning that ULAs should be filtered at domain
    boundaries.
    
    2. Actually they are *similar* to RFC1918 - but they are not the same.
    
    3. I don't think there is any use in referencing a draft that you describe
    as "dead".
    
    So, a possible rewrite:
    
    2.1.1.  Use of ULAs
    
       Unique Local Addresses (ULAs) [RFC4193] are intended for scenarios
       where interfaces are not globally reachable, despite being routed
       within a domain. They formally have global scope, but RFC 4193
       sepcifies that they must be filtered out at domain boundaries.
       ULAs are different from [RFC1918] addresses and have different use
       cases. One use case is described in [RFC4864].
    
    Regards
       Brian Carpenter
    
    _______________________________________________
    OPSEC mailing list
    OPSEC@ietf.org
    https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email