Re: [OPSEC] [v6ops] draft-ietf-opsec-v6

"Bernie Volz (volz)" <volz@cisco.com> Tue, 09 April 2019 22:11 UTC

Return-Path: <volz@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E8DE120089; Tue, 9 Apr 2019 15:11:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=PyPflBCA; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=J8GNomgJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hWNBy_6KtQ4S; Tue, 9 Apr 2019 15:11:19 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA90A120013; Tue, 9 Apr 2019 15:11:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13401; q=dns/txt; s=iport; t=1554847878; x=1556057478; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=VrGJwFVcMfjCjZ/wnek0yn/d2atQ4PvYn8KszqaIwAo=; b=PyPflBCANSuEyZ5PAa8pl3e+bQiX+4Q9FVHKe7INp1y6bX10JaHDZadT l2PT+qBR2Nczwir1WFLiwSpWyuRmPpC8XL/oOqvegdfOlZJUgpZl4p7p/ 5z4R5u4R85Ddza5FSli1lndf/GsHlVZtoMUtOyjVoHj25Hm7qDSlJOb7p U=;
IronPort-PHdr: =?us-ascii?q?9a23=3AaKN2ph0X/23VqeJ2smDT+zVfbzU7u7jyIg8e44?= =?us-ascii?q?YmjLQLaKm44pD+JxGCt+51ggrPWoPWo7JfhuzavrqoeFRI4I3J8TgZdYBUER?= =?us-ascii?q?oMiMEYhQslVdCCDV/TJ//xZCt8F8NHBxdo?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AeAAA0F61c/5NdJa1eBxoBAQEBAQI?= =?us-ascii?q?BAQEBBwIBAQEBgVEFAQEBAQsBgT0pJwNoVCAECycKhASDRwOEUopWjA+JFoR?= =?us-ascii?q?KgS6BJANUDgEBGAEKCYRAAheFSSI0CQ0BAQMBAQkBAgECbRwMhUsCBAEBIR0?= =?us-ascii?q?BASwLAQ8CAQYCJBsDAgICHwYLFBECBA4FgyIBgRFMAxUBAgySR5BeAooUcYE?= =?us-ascii?q?vgnkBAQWBMQEDAg5BgwINC4IMAwWBMAGLRheBf4ERJx+CTD6CGkcBAQIBAYF?= =?us-ascii?q?KKhaCXTGCJopggjaELpQPNgkCiAKIPINEGoIGiXmIYJF1gUSMFwIEAgQFAg4?= =?us-ascii?q?BAQWBTziBVnAVOyoBgkGCCoEkAQiCQoUUhT9ygSiMdymBBQGBHwEB?=
X-IronPort-AV: E=Sophos;i="5.60,331,1549929600"; d="scan'208,217";a="545767977"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Apr 2019 22:11:16 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id x39MBGDx012553 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 9 Apr 2019 22:11:16 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 9 Apr 2019 17:11:16 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 9 Apr 2019 17:11:15 -0500
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 9 Apr 2019 18:11:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VrGJwFVcMfjCjZ/wnek0yn/d2atQ4PvYn8KszqaIwAo=; b=J8GNomgJSzHLXlIS6UmlnOURPQuHJ8FAAyiUWJHqj292gBl6pU537DXInS+WyH+h15U8oTOGmZ9EzgqrNRSmy0jPkZFRIkT5EsqIMdgN/HTkg6QuKL8ixAOWNWDb8B8qmXnbCNNUDL2Fne8uvVwIP7rczMBBwesHrA62scfTzIM=
Received: from BN8PR11MB3601.namprd11.prod.outlook.com (20.178.219.23) by BN8PR11MB3796.namprd11.prod.outlook.com (20.178.221.207) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.16; Tue, 9 Apr 2019 22:11:13 +0000
Received: from BN8PR11MB3601.namprd11.prod.outlook.com ([fe80::8c78:bc80:a926:7111]) by BN8PR11MB3601.namprd11.prod.outlook.com ([fe80::8c78:bc80:a926:7111%3]) with mapi id 15.20.1771.016; Tue, 9 Apr 2019 22:11:13 +0000
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Fred Baker <fredbaker.ietf@gmail.com>
CC: =?utf-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp>, IPv6 Operations <v6ops@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: [v6ops] draft-ietf-opsec-v6
Thread-Index: AQHU5e8Bxb92Qee7NU+s0MLwz0d7R6Y0a6XsgAAKx8Y=
Date: Tue, 9 Apr 2019 22:11:13 +0000
Message-ID: <09BCBD8D-EFF0-4B07-A3A4-7F63C2E84960@cisco.com>
References: <EF0F0E61-D04D-4484-B62F-9E2AF5EFC667@gmail.com> <CAJE_bqe0-AbX=_OByb-X4QbjRVB_mujnt7xzCVpQz6=s9Vh9pA@mail.gmail.com>, <5D4BAD99-D920-4AAA-9E1D-A9C931BC73B1@gmail.com>
In-Reply-To: <5D4BAD99-D920-4AAA-9E1D-A9C931BC73B1@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=volz@cisco.com;
x-originating-ip: [24.233.121.124]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4fac8493-0853-4b7e-9a07-08d6bd3847c7
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600139)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BN8PR11MB3796;
x-ms-traffictypediagnostic: BN8PR11MB3796:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <BN8PR11MB3796E9AE5A26B2228C6D4D07CF2D0@BN8PR11MB3796.namprd11.prod.outlook.com>
x-forefront-prvs: 000227DA0C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(39860400002)(346002)(376002)(366004)(199004)(189003)(2906002)(25786009)(256004)(6916009)(14454004)(5660300002)(82746002)(486006)(14444005)(76176011)(236005)(229853002)(53546011)(476003)(186003)(4326008)(3846002)(6116002)(26005)(6306002)(6506007)(6512007)(54896002)(6436002)(102836004)(2616005)(11346002)(446003)(606006)(966005)(478600001)(8676002)(81156014)(81166006)(6246003)(6486002)(33656002)(8936002)(97736004)(105586002)(561944003)(53936002)(54906003)(68736007)(99286004)(106356001)(71190400001)(86362001)(316002)(36756003)(71200400001)(66066001)(7736002)(83716004); DIR:OUT; SFP:1101; SCL:1; SRVR:BN8PR11MB3796; H:BN8PR11MB3601.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: kt2guoV9EyMn0SyFtP5TGOaqsLpo04eXxXbv4vrWuFL8tNcKocQHk+zkWiXOlZHy2rWGe/4kZCm0Kz59HZ6CQxwfloRx0YwiPf0PXBTFB0YaxSGbyUfcmvWmKdV498j8CfGMlLCfs4Ptf9iRJ+ySoVYEtdK7ykh5ibeeo5byr0JAAz24Dx3OdZOg8yXfO37TG7dYUXyeVdXV0MsviOfCkBipbT3OLyKalbmGZBPqAHe4RwVkaJHkDrDOvZjRGh7rmgrWCshtVmwm3yLVbAL6R4zeNdo8COybzxyjPCIOghu+NczVXslDCfVgBdScqCN8V6tNmC5dPp6sbO18DVRNgUNv9XcVTgj+jROMP5djGwSmPNuDNDBbv3yaS4VrKA8v0PlB+qPW44ulCvBCp9etWq8e8f7dz40DKAsdbp6cRas=
Content-Type: multipart/alternative; boundary="_000_09BCBD8DEFF04B07A3A47F63C2E84960ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 4fac8493-0853-4b7e-9a07-08d6bd3847c7
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2019 22:11:13.7704 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3796
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/TWgK5YNWXq07VUGHd7SS9ngPbJU>
Subject: Re: [OPSEC] [v6ops] draft-ietf-opsec-v6
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2019 22:11:23 -0000

draft-ietf-dhc-sedhcpv6 is dead. There are no plans to work on this topic within the dhc wg.

RFC8415’s security considerations, see https://tools.ietf.org/html/rfc8415#section-22, discusses options (including use of savi). This section was greatly expanded over what was in RFC3315.

- Bernie (dhc wg co-chair)

On Apr 9, 2019, at 5:32 PM, Fred Baker <fredbaker.ietf@gmail.com<mailto:fredbaker.ietf@gmail.com>> wrote:

I do subscribe, so this note may accomplish the goal.

https://datatracker.ietf.org/doc/draft-ietf-dhc-sedhcpv6/ says that [I-D.ietf-dhc-sedhcpv6] is "dead" from the IESG's perspective. They have asked for a revised draft, over two years ago, and none has been posted.

On Apr 9, 2019, at 10:48 AM, 神明達哉 <jinmei@wide.ad.jp<mailto:jinmei@wide.ad.jp>> wrote:

(Note: I don't subscribe to opsec@ietf.org<mailto:opsec@ietf.org>.  So I expect this message
will be subject to moderation).

At Fri, 29 Mar 2019 06:18:37 +0100,
Fred Baker <fredbaker.ietf@gmail.com<mailto:fredbaker.ietf@gmail.com>> wrote:

Yesterday, the authors of an opec draft asked us for comments on their draft, which is in a second WGLC in opec (opsec@ietf.org<mailto:opsec@ietf.org>). You may have missed the character string:

https://datatracker.ietf.org/doc/draft-ietf-opsec-v6
https://tools.ietf.org/html/draft-ietf-opsec-v6
 "Operational Security Considerations for IPv6 Networks", Eric Vyncke,
 Chittimaneni Kk, Merike Kaeo, Enno Rey, 2019-03-11,

I'd encourage people to read it and comment on the opec list.

One quick comment, in case no one pointed it out: Section 2.3.3 refers
to I-D.ietf-dhc-sedhcpv6 as follows:

  [...] Another way to secure
  DHCPv6 would be to use the secure DHCPv6 protocol which is currently
  work in progress per [I-D.ietf-dhc-sedhcpv6] , but, with no real
  deployment known by the authors of this document.

In my understanding, this draft is effectively dead rather than just
missing deployment.  There may be yet another attempt of restarting it
in future, but I see no indication of it right now.  Even if the work
is eventually restarted it will be something completely different from
the current latest draft.  So I'd suggest either:
- just remove this sentence, or
- if you want to keep the reference, make it more consistent with the
 current situation, like:
   There was a proposal of secure DHCPv6 protocol [I-D.ietf-dhc-sedhcpv6],
   but the work has been effectively suspended and there is no
   indication of a restart anytime soon.

--
JINMEI, Tatuya

--------------------------------------------------------------------------------
The fact that there is a highway to hell and a stairway to heaven is an interesting comment on projected traffic volume...

_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops