Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-16.txt
"Smith, Donald" <Donald.Smith@CenturyLink.com> Mon, 11 March 2019 22:25 UTC
Return-Path: <Donald.Smith@CenturyLink.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 805F51310C6; Mon, 11 Mar 2019 15:25:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NP6N1MslKF1f; Mon, 11 Mar 2019 15:25:44 -0700 (PDT)
Received: from lxdnp29m.centurylink.com (lxdnp29m.centurylink.com [155.70.32.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 695C81311A3; Mon, 11 Mar 2019 15:25:44 -0700 (PDT)
Received: from lxdnp04n.corp.intranet (emailout.qintra.com [151.119.92.83]) by lxdnp29m.centurylink.com (8.14.8/8.14.8) with ESMTP id x2BMPhrB063039 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 11 Mar 2019 16:25:43 -0600
Received: from lxdnp04n.corp.intranet (localhost [127.0.0.1]) by lxdnp04n.corp.intranet (8.14.8/8.14.8) with ESMTP id x2BMPcXO022482; Mon, 11 Mar 2019 16:25:38 -0600
Received: from lxomp06u.corp.intranet (lxdnp23m.corp.intranet [151.119.92.134]) by lxdnp04n.corp.intranet (8.14.8/8.14.8) with ESMTP id x2BMPcGH022474 (version=TLSv1/SSLv3 cipher=AES256-SHA256 bits=256 verify=NO); Mon, 11 Mar 2019 16:25:38 -0600
Received: from lxomp06u.corp.intranet (localhost [127.0.0.1]) by lxomp06u.corp.intranet (8.14.8/8.14.8) with ESMTP id x2BMPcgn047716; Mon, 11 Mar 2019 17:25:38 -0500
Received: from vddcwhubex502.ctl.intranet (vddcwhubex502.ctl.intranet [151.119.128.29]) by lxomp06u.corp.intranet (8.14.8/8.14.8) with ESMTP id x2BMPcTe047713 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 11 Mar 2019 17:25:38 -0500
Received: from PDDCWMBXEX503.ctl.intranet ([fe80::9033:ef22:df02:32a9]) by vddcwhubex502.ctl.intranet ([151.119.128.29]) with mapi id 14.03.0415.000; Mon, 11 Mar 2019 16:25:37 -0600
From: "Smith, Donald" <Donald.Smith@CenturyLink.com>
To: "opsec@ietf.org" <opsec@ietf.org>, "i-d-announce@ietf.org" <i-d-announce@ietf.org>
Thread-Topic: [OPSEC] I-D Action: draft-ietf-opsec-v6-16.txt
Thread-Index: AQHU2FD6A5iGsgDWfEqmQ60G22MAPKYHAbr2
Date: Mon, 11 Mar 2019 22:25:36 +0000
Message-ID: <68EFACB32CF4464298EA2779B058889D53E8B04C@PDDCWMBXEX503.ctl.intranet>
References: <155233943892.23130.2262598695423467301@ietfa.amsl.com>
In-Reply-To: <155233943892.23130.2262598695423467301@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [151.119.128.8]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/NFeAhvB_F8Emv2gIHdLOsch0Z7I>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-16.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 22:25:47 -0000
I see GTSM lightly mentioned here: "4.1. BGP The threats and mitigation techniques are identical between IPv4 and IPv6. Broadly speaking they are: o Authenticating the TCP session; o TTL security (which becomes hop-limit security in IPv6); o Prefix Filtering. These are explained in more detail in section Section 2.5." But 2.5 doesn't talk to hop limit or GTSM at all. if (initial_ttl!=255) then (rfc5082_compliant==0) Donald.Smith@centurylink.com ________________________________________ From: OPSEC [opsec-bounces@ietf.org] on behalf of internet-drafts@ietf.org [internet-drafts@ietf.org] Sent: Monday, March 11, 2019 3:23 PM To: i-d-announce@ietf.org Cc: opsec@ietf.org Subject: [OPSEC] I-D Action: draft-ietf-opsec-v6-16.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure WG of the IETF. Title : Operational Security Considerations for IPv6 Networks Authors : Eric Vyncke Kiran K. Chittimaneni Merike Kaeo Enno Rey Filename : draft-ietf-opsec-v6-16.txt Pages : 50 Date : 2019-03-11 Abstract: Knowledge and experience on how to operate IPv4 securely is available: whether it is the Internet or an enterprise internal network. However, IPv6 presents some new security challenges. RFC 4942 describes the security issues in the protocol but network managers also need a more practical, operations-minded document to enumerate advantages and/or disadvantages of certain choices. This document analyzes the operational security issues in several places of a network (enterprises, service providers and residential users) and proposes technical and procedural mitigations techniques. Some very specific place of a network such as Internet of Things are not discussed in this document. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-opsec-v6-16 https://datatracker.ietf.org/doc/html/draft-ietf-opsec-v6-16 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-16 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
- [OPSEC] I-D Action: draft-ietf-opsec-v6-16.txt internet-drafts
- Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-16.txt Smith, Donald