Re: [OPSEC] [v6ops] Asking for a review of draft-ietf-opsec-v6-08

Lorenzo Colitti <lorenzo@google.com> Fri, 17 June 2016 02:12 UTC

MIME-Version: 1.0
In-Reply-To: <CAAedzxqBr=ApvGTUrjNUnRmpcamkt4OH1CchcDEWgDcXRgo8Fw@mail.gmail.com>
References: <D386FF93.75916%evyncke@cisco.com> <CAAedzxqBr=ApvGTUrjNUnRmpcamkt4OH1CchcDEWgDcXRgo8Fw@mail.gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 16 Jun 2016 19:11:50 -0700
Message-ID: <CAKD1Yr0GEH0tE1m94tuKmXcdQwRSHxF26fC4Da6FZObH6c_gYA@mail.gmail.com>
To: Erik Kline <ek@google.com>
Content-Type: multipart/alternative; boundary="001a113fef80ddd36805356fe1f1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/JjGdbMxt7ZFMcyC_qkK31omV6Qo>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "draft-ietf-opsec-v6@ietf.org" <draft-ietf-opsec-v6@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, "linkedin@xn--debrn-nva.de" <linkedin@xn--debrn-nva.de>, "fgont@si6networks.com" <fgont@si6networks.com>
Subject: Re: [OPSEC] [v6ops] Asking for a review of draft-ietf-opsec-v6-08
Precedence: list

On Wed, Jun 15, 2016 at 12:45 PM, Erik Kline <ek@google.com> wrote:

> Section 2.1.2 is far too permissive for my tastes.  We need to be able
> to say that ULA+IPv6 NAT is NOT RECOMMENDED by the IETF.
>

+1. I recall long queues at the mike at IETF 94 saying that.


> Section 2.6.1.5 could punch up the SAVI stuff a bit more as well.  We
> should, in my opinion, make it painfully clear that DHCP (of any
> protocol) in the absence of link-layer security/auditability features
> does not provide any satisfactory way "to ensure audibility and
> traceability" [Section 2.1.6].


+1. Instead of the text you have here, I would suggest citing section 9.1
of draft-ietf-v6ops-host-addr-availability, which deals with the problem in
detail.

Re: [OPSEC] [v6ops] Asking for a review of draft-… Mark Smith
Re: [OPSEC] [v6ops] Asking for a review of draft-… Gert Doering
Re: [OPSEC] [v6ops] Asking for a review of draft-… Mark Smith
Re: [OPSEC] [v6ops] Asking for a review of draft-… Erik Kline
Re: [OPSEC] Asking for a review of draft-ietf-ops… Eric Vyncke (evyncke)
Re: [OPSEC] Asking for a review of draft-ietf-ops… Eric Vyncke (evyncke)
Re: [OPSEC] [v6ops] Asking for a review of draft-… Fred Baker (fred)
Re: [OPSEC] [v6ops] Asking for a review of draft-… Mark Andrews
Re: [OPSEC] [v6ops] Asking for a review of draft-… Brian E Carpenter
Re: [OPSEC] [v6ops] Asking for a review of draft-… Gert Doering
Re: [OPSEC] [v6ops] Asking for a review of draft-… Marco Ermini
Re: [OPSEC] [v6ops] Asking for a review of draft-… Marco Ermini
Re: [OPSEC] [v6ops] Asking for a review of draft-… Gert Doering
Re: [OPSEC] [v6ops] Asking for a review of draft-… Marco Ermini
Re: [OPSEC] [v6ops] Asking for a review of draft-… Lorenzo Colitti
Re: [OPSEC] [v6ops] Asking for a review of draft-… Brian E Carpenter
Re: [OPSEC] [v6ops] Asking for a review of draft-… Brian E Carpenter
Re: [OPSEC] [v6ops] Asking for a review of draft-… Mark Smith
Re: [OPSEC] [v6ops] Asking for a review of draft-… Marco Ermini
Re: [OPSEC] [v6ops] Asking for a review of draft-… Marco Ermini
Re: [OPSEC] [v6ops] Asking for a review of draft-… Mark Smith
Re: [OPSEC] [v6ops] Asking for a review of draft-… Marco Ermini
Re: [OPSEC] [v6ops] Asking for a review of draft-… Brian E Carpenter
Re: [OPSEC] [v6ops] Asking for a review of draft-… Erik Kline
Re: [OPSEC] Asking for a review of draft-ietf-ops… Fred Baker (fred)
Re: [OPSEC] Asking for a review of draft-ietf-ops… Markus deBruen
Re: [OPSEC] Asking for a review of draft-ietf-ops… Sleigh, Robert
[OPSEC] Asking for a review of draft-ietf-opsec-v… Eric Vyncke (evyncke)
Re: [OPSEC] Asking for a review of draft-ietf-ops… Fred Baker (fred)
Re: [OPSEC] Asking for a review of draft-ietf-ops… Howard, Lee
Re: [OPSEC] [v6ops] Asking for a review of draft-… Mark Smith
Re: [OPSEC] [v6ops] Asking for a review of draft-… Eric Vyncke (evyncke)