Re: [OPSEC] Lars Eggert's No Objection on draft-ietf-opsec-v6-25: (with COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Sat, 08 May 2021 06:06 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E0CA3A3F46; Fri, 7 May 2021 23:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.918
X-Spam-Level:
X-Spam-Status: No, score=-11.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=CJZ+14Ou; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=e6x0VDkr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FFpBiyn22kYp; Fri, 7 May 2021 23:06:45 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 439AB3A3F43; Fri, 7 May 2021 23:06:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11582; q=dns/txt; s=iport; t=1620454005; x=1621663605; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=djn8dtZ0iNl0ISAkAxHBVez3O/IxMlSCXb5Q8RxRfX0=; b=CJZ+14OuUaQEHtRC0X3c+bPHySJDah53v6qZsA3BvFqcLXkMtEsDB7I0 6N67BcGo8v6Y6QCDerarqxdYj+LdjroAqEurA1mxKtyDK5W1ayY1Xq+6G 5xaDnUjgynTdmzKaNSivivswm4egC+7AjKiD675SvmYAHomF85yxr9cxW U=;
X-IPAS-Result: A0DsAQAxKZZgmIMNJK1aHAEBAQEBAQcBARIBAQQEAQFAgVeBU1F+WjYxhESDSAOFOYh0A4o0jyOBQoERA1QLAQEBDQEBMAoCBAEBhFACF4FsAiU4EwIEAQEBAQMCAwEBAQEFAQEFAQEBAgEGBBQBAQEBAQEBAWiFIwYnDYZEAQEBAQMjEQwBASUSAQsEAgEIEQMBAgMCJgICAh8RFAEICAIEAQ0FgnEBglUDLwEOngICih96gTKBAYIGAQEGBASBOAIOQYMeDQuCEwmBECqCeYJxU0qCYYFOgiknHIFJQoEVJxyCXz6CHkICAQEBF4ERARIBCRiDFzaCK4FZcWQEIhkWAQEEHi4vGQgsBwECFBcCDxUEDpEUEweDMowUmgpbCoMSiX2NdwSFQAUig1WLEZZElTCMAoMej1sIhGkCAgICBAUCDgEBBoFrIWtYEQdwFWUBgj4JRxcCDoE2jGkMDQmDToUUhUlzAjYCBgEJAQEDCXyMEwEB
IronPort-PHdr: A9a23:9SodpRS2zdCI6rc8485GbvU+Qtpso6PLVj580XJvo79Bfam549LlJ kOMrflujVqcW4Ld5roEjufNqKnvVCQG5orJq3ENdpFAFnpnwcUblgAtGoiJXEv8KvO5YiM1E d5eElh/8CLzPU1cAs2rYVrUrzW75iITHROqMw1zK6z1F4fegt7x2fq1/sjYYh5Dg3y2ZrYhR Cg=
IronPort-HdrOrdr: A9a23:68iAjqlYLppEJcZQcydqDw1+hIXpDfPvimdD5ihNYBxZY6Wkfp +V/cjzhCWbtN9OYh4dcIi7Sda9qXO1z+8T3WGIVY3SHDUOy1HYUr2KirGSgAEIeheOt9K1sJ 0BT0EQMqyKMbEXt7ee3OD8Kadd/DDlytHruQ699QYWcegCUcgJhG0VZnf5Yy9LrUt9dOcE/f Gnl6x6Tk+bCAwqh7OAdwA4tob41rn2vaOjRSRDKw8s6QGIgz/twqX9CQKk0hAXVC4K6as+8E De+jaJo5mLgrWe8FvxxmXT55NZlJ/K0d1YHvGBjcATN3HFlhuoXoJ8QLeP1QpF5N1HqWxa1+ UkkS1QZvib2EmhJl1dZiGdgDUI5QxerUMKD2Xo20cL7/aJGQ7SQPAx9L6xOiGpm3bI+usMjJ 6iGwmixsRq5dSqplWj2zGAbWAZqqL/y0BS4tI7njhRV5ATZ6RWqpFa9ERJEI0YFCa/84w/Fv JyZfusqMq+XGnqJUwxhFMfjeBEn05DVytuSXJy9fB9EwIm10yR6nFoivD3sk1wg67VeqM0r9 gsaJ4Y4I2mZvVmG56VKt1xNPeKNg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.82,282,1613433600"; d="scan'208";a="711079967"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 May 2021 06:06:44 +0000
Received: from mail.cisco.com (xbe-rcd-006.cisco.com [173.37.102.21]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 14866ivO015629 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Sat, 8 May 2021 06:06:44 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xbe-rcd-006.cisco.com (173.37.102.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Sat, 8 May 2021 01:06:43 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 8 May 2021 02:06:42 -0400
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Sat, 8 May 2021 02:06:42 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VgKs8zIfVjW1IrB3ov9dVXy2wtL73dlACdrxKCem7Ty2c/5G2KwWKORJuwX785AEgTUCVaR5FAJ5LpxuRjioUNWlbq/eGb3vHAbPQsBBuxaSh3xhLsvsuK1RS6ksn9hYY67gFoVhFdGnswObGklZ1ulguElbfauIhPXZ3aWBapul4iPQH5980q+j7fK2Af4xsOTgRsV6ZXr2x/htkvxXF2KZGXY73BFC1ITA6z7YDaeHpW2FHL93kYR5GD+/r+ZYSXyjNAO9Z52GAoXfekGLtb1+WLn3lY0UUVwkcuColJgw/6kzLpCWfTd88SDLbDT4DdQkXXR3qrE2m5U9dZD4KQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=djn8dtZ0iNl0ISAkAxHBVez3O/IxMlSCXb5Q8RxRfX0=; b=WLNpK5UFv5GlCWHcAQzczxBZgbS0Mk9uYsI3ZxVlGSCRudmAIdY4K6ykzl8X+eBYIqnFOq5/f2U5WkMtJFEVnNz+zrXcxgA1JzBPBcAp/KMCB2JWlq0S1RJ63eUwNG2MWNr3MGDJQN6QVrqAKaRWwo5QKIgsuFDDzcu7cb2ZxwK1jQiz7nuXQpq4EJWiWND2t8SNScBIrybmJOI+i8YzTMePHhzLgBI8dq92BZTQtbJLelQBpxpjymCv3QvI8/v1s/E4dZaYDboKr0uOIP0YYTyaIpb9g2HUmfPOCRVEoaqzRn0tM3cVSf5ou9VibPpSZWCm8Y0bkv02cD0Z0rX92g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=djn8dtZ0iNl0ISAkAxHBVez3O/IxMlSCXb5Q8RxRfX0=; b=e6x0VDkrF46ob8YNwBwqWn61bOcivHNWQSDTmMqYKxVwSVmtbeP0cEu8TPs/+kjtKYF1igY5b8X6j4V5JKWH2pe9/tnWdIRHnovU1NDKAPNCw9jVo6TXAcmuMtE7cf7mk4mztntwvcBeTNs3e++XGTCFGVvOT2/6JdmN2qVsD6A=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB5014.namprd11.prod.outlook.com (2603:10b6:510:31::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.27; Sat, 8 May 2021 06:06:41 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::ccc:1b78:44b5:b74b]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::ccc:1b78:44b5:b74b%3]) with mapi id 15.20.4108.030; Sat, 8 May 2021 06:06:41 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Lars Eggert <lars@eggert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-opsec-v6@ietf.org" <draft-ietf-opsec-v6@ietf.org>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: Lars Eggert's No Objection on draft-ietf-opsec-v6-25: (with COMMENT)
Thread-Index: AQHXQ9BQY/10LTMxzk6NHhympChNvA==
Date: Sat, 08 May 2021 06:06:41 +0000
Message-ID: <1AE53DA1-FCAF-403C-A2C1-52AE73ACE5F7@cisco.com>
References: <161772120964.13732.17403156280296269605@ietfa.amsl.com>
In-Reply-To: <161772120964.13732.17403156280296269605@ietfa.amsl.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.48.21041102
authentication-results: eggert.org; dkim=none (message not signed) header.d=none;eggert.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:30b4:3b73:cd37:c39]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 93c288d3-7763-4744-dee9-08d911e77319
x-ms-traffictypediagnostic: PH0PR11MB5014:
x-microsoft-antispam-prvs: <PH0PR11MB50146D662A848F00F7571337A9569@PH0PR11MB5014.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SY/O/aQohCOCJXHLi5UgqpRIQv6c/zhgBYw7Z3XA6Tew9Muz3YmWH//vrni3jORwvC7ZpJKjQtLLkO2zDDKli6q7ZCEdGpBDWBIQ2cN0yGxQ0awi3jG1n4u1U6OPLjZ1GQ5tkhaQRMTGTmcRmAkXNDlzeuawsOnzZCrou9t6lNJ0uIxx2dPVD0pyRMkt1hgAHf5Wk0T4ZC8zuaGyvvS5w87cLPT6eSPSGmgHNVH/cVoQldsjE3KSdeFjzm9XYSebN7I9J+raVrG9WEVmh2tX4PjTN2gVolmQKhL8TfqxxS9KQxvc4qvBVBiZu1Pe0QHZWSE+H1feYSXGinLVrxP3TYM8cz88pjWuQl9UfL6+OeQNPoNugiA/oSfhy6ySHG+LTVv545L/+lh/QOyy/2mV9Qt1D6ieFgvEw8Vic3zDX8XNx08sz50l9aD1Y1BT/yKdcaHYqT+OFsfR8zNuC5xktF0p3s5KgwTSOUjWENGTNNPNI74OzpQTiZPZygTi9eQSQykeyeczCmEUzg3XTTTBQj5Ic2ekiXlYEaZqZwarXHgyjQdJ0ociMpfLKTRNZ4px1PLS5Gp57uISYs12rTYnrYuXm2wfCPEgSIvb2x1N0BX3YKtt1Fv2toSDATNZARBUDkl9Exiagrxx9n88hFBz+bvzde7w31L7RYB1trawa5awLSv/wOJHl62TmqBx+fXNdJdgmBIzhsRKvq/1uYGvheXcYVO4ZSZyvUNzSvmNoeM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(346002)(396003)(136003)(376002)(366004)(53546011)(6506007)(122000001)(38100700002)(316002)(6512007)(8936002)(478600001)(83380400001)(36756003)(54906003)(71200400001)(110136005)(4326008)(64756008)(66946007)(66556008)(66476007)(5660300002)(76116006)(8676002)(33656002)(91956017)(186003)(2616005)(966005)(86362001)(6486002)(66446008)(2906002)(66574015)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: yTopVidMvyyoBBxdVkqLKvl/h9VUkePHWu1SqC6ebi8/p6w9JSjyr49Tz8nUh9EzkXd5ovBz3chDZQSDAMYRbrwY9xclGyk+hj6vBplCxJSWQyxNwU+vdBG6pY4spGGgkNaWQjpS2kMqBWu5pivTtkrzioK5nAV5poSEvi6GK5PK6Ws5iVtDUv8l4f87GQGw4Bk7Ysu3H1m0AphKQBv0OUWnQUbeKFC7yElAYQjSbr1vNK5DAIFuTVHNTLascfb7WanlEJu9Sr+fO1kgHlOEiEEOtWIean91wl7W0Yf2hltjUCO6F+EEc9QyHpCDciEYhSqi1E3ETDAU+Tm2akoMprBO5osoWgzIdefPJ071Rs8AQ0BVtAUVBI8M0TeuVHXeTvAzqJ8bFf3BAjEkvjOF/5MTxLDWckaU/UHde+0KsbhHxSR7xTEuIc3vTvx8QIFPrM5XLZurFNLIoZSz16TVcNEHcDL/wRAmmpfONkN94NVu7tdVnIHYtDTWPDHa0WGBw/G0Ro9bNT1w5Ywl1eZ74pJeE4EXFqgPr+TuMZWFh5DwyFTMjdE5deS1IndmN2jDMWN5M4BP0ECw/tVsCQsBoSyHv8ATsj/+cKVQ6V1LHewgDLSAio/emaYikG1gBd0/aJbKTh5f4Z+Eo3UohJh2nS2rGa0ZKajvsO5wVvcIvVt5dkMU1R5zE6A1bLJk2bTYn/vhj99pOkrNmcsZjBoQW2o9ktY0AJVeWe3qmmPY9S5gmADP4VS7c+tF3bxG49zfhjAyjlBVN/CwXTW9GkrVwalL2hl1QcDRXP9uzH8dHIxJ/WReeUA2bxPvTKDsxO6p0xKkK2oE+xNVuUVlFrDYKbnsk98i7ENa+WaAiyBSAEDcol6AhbksonJkn6zF6j5eCvFTKqxlhDdvQiKVQAjxRW/S6FsTILbSuoqE9i7r5hiKJSfPCnoCenMGN3Lru7flSZo45polJlE7GaqJXw0XLYzt/DnKjrWUuKaQOizFR++omOy3+FDMXYgI7xnBrvHej7JFx7wmYon1RLro7q96LmsqDLkFsiQtTIF+Nksr8MMAvZ3TuGn5FNIsSyOW78CF0v6TmozH1yHIFPCVSu/2vl0+AKbi/JyoLLa+M8hfP2SlJf4ki9NsHklFJTpMbCehT87eA3pEJuz7lFya3LgZFjGjg1dHNZQGHmw4i8tTTjRUuuT/nu6FxSUTvcIO/n2MS4I2g+jgp5D2bd4M7N3yePjvsT3zKJPqKSOqgHIY1E0ttWEAvKtWw6BQus5U71IZFnPBtV6k2gJQc6DmQ+aw5cEBWf+SVnww+gz3tXRqWWDDGxNYyAvIzKvfwOe01013FsCLfFZx6YCKUix2sMuJB7BnJsBNCcTRFQ69AiYWPKIjnktwMkuO0Kp5CCQP3XrB
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <954B0EDF10D1B847A9A01B615CEB2FB2@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 93c288d3-7763-4744-dee9-08d911e77319
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 May 2021 06:06:41.4424 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: O4OloNdNC3SZYXw2feLWXPgWm2pjfrNzM0kRxFWxxnVAcOhdhE7IYDsZpt+XgP2VLUDmvtgqCowsu9hSIsXVPA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5014
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.21, xbe-rcd-006.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/Luebor8Qk99F8AyJqJpGsvOUcQg>
Subject: Re: [OPSEC] Lars Eggert's No Objection on draft-ietf-opsec-v6-25: (with COMMENT)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 May 2021 06:06:51 -0000
[Wearing only the authors' hat] Hello Lars, Thank you very much for your detailed review. I know that it takes time and effort ;-) Together with my co-authors, we have uploaded revision -27, which should addresses all your comments and nits. The diff is at: https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-27 Regards -éric -----Original Message----- From: iesg <iesg-bounces@ietf.org> on behalf of Lars Eggert via Datatracker <noreply@ietf.org> Reply-To: Lars Eggert <lars@eggert.org> Date: Tuesday, 6 April 2021 at 17:00 To: The IESG <iesg@ietf.org> Cc: "draft-ietf-opsec-v6@ietf.org" <draft-ietf-opsec-v6@ietf.org>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, "hayabusagsm@gmail.com" <hayabusagsm@gmail.com> Subject: Lars Eggert's No Objection on draft-ietf-opsec-v6-25: (with COMMENT) Lars Eggert has entered the following ballot position for draft-ietf-opsec-v6-25: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 2.3.1, paragraph 6, comment: > o Tuning of NDP process (where supported). Tuning in which way? Section 2.7.2, paragraph 2, comment: > There are many tunnels used for specific use cases. Except when > protected by IPsec [RFC4301], all those tunnels have a couple of > security issues as described in RFC 6169 [RFC6169]; IPsec is not the only security mechanism that will protect tunnels, most tunnel encryption mechanisms would. ------------------------------------------------------------------------------- All comments below are very minor change suggestions that you may choose to incorporate in some way (or ignore), as you see fit. There is no need to let me know what you did with these suggestions. Section 2.5.3, paragraph 4, nit: > Many routing protocols support the use of cryptography to protect the > routing updates, the use of this protection is recommended; [RFC8177] > is a YANG data model key chains including the renewal. > I can't parse the part after the semicolon. Section 2.6.2.2, paragraph 9, nit: Might also want to mention http://www.entropy-ip.com/ and similar tools. Section 2.2.3, paragraph 3, nit: - not contain the entire ipv6 header chain (including the transport- - ^^ + not contain the entire IPv6 header chain (including the transport- + ^^ Section 2.2.3, paragraph 4, nit: - contain the entire ipv6 header chain (including the transport- - ^^ + contain the entire IPv6 header chain (including the transport- + ^^ Section 2.2.4, paragraph 2, nit: - the updated IPv6 Nodes Requirement standard [RFC8504] IPsec is a + the updated IPv6 Nodes Requirement standard [RFC8504], IPsec is a + + Section 2.3, paragraph 2, nit: - operations such as discovering other nodes on the link, resolving + operations, such as discovering other nodes on the link, resolving + + Section 2.3, paragraph 2, nit: - secured, NDP is vulnerable to various attacks such as router/neighbor + secured, NDP is vulnerable to various attacks, such as router/neighbor + + Section 2.3, paragraph 2, nit: - documented in IPv6 ND Trust Models and Threats [RFC3756] and in Section 2.3.1, paragraph 2, nit: - Neighbor Discovery Protocol (NDP) can be vulnerable to remote denial + The Neighbor Discovery Protocol (NDP) can be vulnerable to remote denial + ++++ Section 2.3.1, paragraph 6, nit: - o Using /127 on point-to-point link per [RFC6164]. + o Using a /127 on a point-to-point link, per [RFC6164]. + ++ ++ + Section 2.3.2.3, paragraph 2, nit: - on-link prefix; 3GPP Section 2.3.4 uses a similar mechanism. + on-link prefix; 3GPP (see Section 2.3.4) uses a similar mechanism. + +++++ + Section 2.3.3, paragraph 2, nit: - Dynamic Host Configuration Protocol for IPv6 (DHCPv6), as described - in [RFC8415], enables DHCP servers to pass configuration parameters - such as IPv6 network addresses and other configuration information to - IPv6 nodes such as a hostile recursive DNS server. DHCP plays an + The Dynamic Host Configuration Protocol for IPv6 (DHCPv6), as described + ++++ + in [RFC8415], enables DHCP servers to pass configuration parameters, + + + such as IPv6 network addresses and other configuration information, to + + + IPv6 nodes, such as a hostile recursive DNS server. DHCP plays an + + Section 2.3.3, paragraph 3, nit: - of-service attack or to mount on path attack. While unintentional, a - ^ + of-service attack or to mount an on-path attack. While unintentional, a + +++ ^ Section 2.3.4, paragraph 2, nit: - address. This implies there can only be an end host (the mobile - ^ + address. This implies there can only be one end host (the mobile + ^ + Section 2.3.4, paragraph 2, nit: - address built by the mobile host. The GGSN/PGW always provides an - ^^^^ + address generated by the mobile host. The GGSN/PGW always provides an + ^^^^^^ ++ Section 2.3.4, paragraph 4, nit: - link model, NDP on it and the address configuration details. In some - ------ + link model, NDP and the address configuration details. In some Section 2.5, paragraph 8, nit: - interface where it is required. + interfaces where it is required. + + Section 2.5.4, paragraph 2, nit: - pertain to edge route filtering vs internal route filtering. At a + pertain to edge route filtering vs. internal route filtering. At a + + Section 2.6.1.5, paragraph 2, nit: - clients. It is indeed quite similar to DHCP for IPv4 so it can be + clients. It is indeed quite similar to DHCP for IPv4, so it can be + + Section 2.6.1.5, paragraph 3, nit: - It is not so easy in the IPv6 networks because not all nodes will use - ---- + It is not so easy in IPv6 networks, because not all nodes will use + + Section 2.7.3.1, paragraph 2, nit: - Carrier-Grade NAT (CGN), also called NAT444 CGN or Large Scale NAT - ^^^ + Carrier-Grade NAT (CGN), also called NAT444 CGN, Large Scale NAT + ^ Section 4.3, paragraph 3, nit: - (e.g., his/her PPP session, physical line, or CPE MAC address). With - ^^^^ + (e.g., his/her PPP session, physical line, or CPE MAC address). In + ^^
- [OPSEC] Lars Eggert's No Objection on draft-ietf-… Lars Eggert via Datatracker
- Re: [OPSEC] Lars Eggert's No Objection on draft-i… Enno Rey
- Re: [OPSEC] Lars Eggert's No Objection on draft-i… Eric Vyncke (evyncke)