Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
Joe Touch <touch@strayalpha.com> Wed, 05 December 2018 14:35 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C191126C01; Wed, 5 Dec 2018 06:35:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.221
X-Spam-Level:
X-Spam-Status: No, score=-1.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qp6WCd_mUeq8; Wed, 5 Dec 2018 06:35:48 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E53DD12785F; Wed, 5 Dec 2018 06:35:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=4D8+sekdvngH+2i5IFAcj5I/0X/OHRwGurKIJp0V3a8=; b=m/aQhl1Ey8+Zyxo3F2XF1QcEk 7h86arpKAE/9Xqe9+uzmIU+urN1r5nhtV+dDdunqugKN1RxMkBYlCp1FP/2vAYKPG7mnv+d1ai0FY 906kOTIE9oGeNElU/Wk1+6av48W7UVK8uIFsbiFHW1LEOTnmpteUVj4xXF4q2pDWXolXyRfhP19H3 NyCmoJxx5MRYrkuzUmdreh3m/LM7NGMak2zN7IJG5gExweASEA7+7q98OpnVssSNVRDstzJST3FOC JmImzpMZ6TM5dIFNVtcFqxTkKPFW46VQuNcTjOK8osI2xafAR7AZCdAP4q84EMRaenb4bB3htVV0h 5XZl9zhVA==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:57261 helo=[192.168.1.16]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1gUYHC-000e5M-Oy; Wed, 05 Dec 2018 09:35:47 -0500
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Joe Touch <touch@strayalpha.com>
X-Mailer: iPad Mail (16B92)
In-Reply-To: <49ce09a7-8974-fc74-f2ed-c5ef734095a7@gmail.com>
Date: Wed, 05 Dec 2018 06:35:46 -0800
Cc: Gert Doering <gert@space.net>, IETF-Discussion Discussion <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org, opsec@ietf.org, tsv-art@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <2FF6B298-B948-44C0-9345-FD72FE4901B5@strayalpha.com>
References: <CAL9jLaY4h75KK4Bh-kZC6-5fJupaNdUfm1gK2Dg99jBntMCEyQ@mail.gmail.com> <C47149DC-CAF2-449F-8E18-A0572BBF4746@strayalpha.com> <CAL9jLaYfysKm7qrG=+jq7zV=5ODnSX-tAhBAiTU7SzYF-YmcGw@mail.gmail.com> <728C6048-896E-4B12-B80B-2091D7373D16@strayalpha.com> <CAL9jLaYHVdHr+rVoWeNtXTXgLxbTaX8V9gn3424tvsLW60Kvow@mail.gmail.com> <5E70C208-0B31-4333-BB8C-4D45E678E878@isc.org> <CAN-Dau0go6_Puf0A9e7KBpk0ApJBUvcxYtezxnwNc-8pKJ3PwQ@mail.gmail.com> <4D69FA8E-FB8A-4A16-9CA6-690D8AE33C9E@strayalpha.com> <20181205122142.GJ1543@Space.Net> <F17C4944-09EC-4AAC-84A0-B660E36AAE89@strayalpha.com> <20181205133821.GL1543@Space.Net> <B6280E0C-6B20-43C1-BB34-170FB06F1EF7@strayalpha.com> <49ce09a7-8974-fc74-f2ed-c5ef734095a7@gmail.com>
To: Stewart Bryant <stewart.bryant@gmail.com>
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/V0KrRG8tCe2QGbJnXLgGzLYnQJU>
Subject: Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 14:35:49 -0000
There are gaps here, but there in other places: - the gap between what a protocol needs and what is in the spec if HBH isn’t needed and can’t be implemented, remove them if HBH is needed, then we need to find a way to have the requirement mean something A similar problem exists with fragmentation. NIMBYisnm won’t fix it, nor will operator declarations, nor false security declarations. I don’t have a problem with fixing the STANDARD. I have a problem with an end-run in ops. Joe > On Dec 5, 2018, at 6:31 AM, Stewart Bryant <stewart.bryant@gmail.com> wrote: > > > As far as I see, this thread illustrates that there is a significant gap between the protocol designers, the protocol implementers and the protocol users. This is something that needs to be addressed if the IETF is not to loose its reason to exist. > > Best regards > > Stewart > > >> On 05/12/2018 13:45, Joe Touch wrote: >> Vendors are not required to lie when claiming IPv6 support. >> >>> On Dec 5, 2018, at 5:38 AM, Gert Doering <gert@space.net> wrote: >>> >>> Hi, >>> >>> On Wed, Dec 05, 2018 at 04:31:17AM -0800, Joe Touch wrote: >>>>> On Dec 5, 2018, at 4:21 AM, Gert Doering <gert@space.net> wrote: >>>>> >>>>>> On Wed, Dec 05, 2018 at 04:13:47AM -0800, Joe Touch wrote: >>>>>> Then THAT is the security issue. Not the packets that cause a broken implementation to have problems. >>>>> Can we declare folks at IETF that have no idea about operational realities >>>>> to be a security issue? >>>> As long as we can do the same for operators that blame protocols for vendor issues. >>> If a protocol cannot be implemented in a way that can be paid by real world >>> participants, it's not a vendor issue. >>> >>> Gert Doering >>> -- NetMaster >>> -- >>> have you enabled IPv6 on something today...? >>> >>> SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer >>> Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann >>> D-80807 Muenchen HRB: 136055 (AG Muenchen) >>> Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 >>> _______________________________________________ >>> Tsv-art mailing list >>> Tsv-art@ietf.org >>> https://www.ietf.org/mailman/listinfo/tsv-art >
- [OPSEC] Tsvart last call review of draft-ietf-ops… Michael Scharf
- Re: [OPSEC] Tsvart last call review of draft-ietf… Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Brian E Carpenter
- Re: [OPSEC] Tsvart last call review of draft-ietf… Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Fernando Gont
- Re: [OPSEC] Tsvart last call review of draft-ietf… Fernando Gont
- Re: [OPSEC] Tsvart last call review of draft-ietf… Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christian Huitema
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christian Huitema
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Fernando Gont
- Re: [OPSEC] Tsvart last call review of draft-ietf… Fernando Gont
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Eric Rescorla
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Benjamin Kaduk
- Re: [OPSEC] Tsvart last call review of draft-ietf… Mark Andrews
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Stewart Bryant
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Stewart Bryant
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Stewart Bryant
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christopher Morrow
- Re: [OPSEC] Tsvart last call review of draft-ietf… C. M. Heard
- Re: [OPSEC] Tsvart last call review of draft-ietf… Christopher Morrow
- Re: [OPSEC] Tsvart last call review of draft-ietf… Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] Tsvart last call review of draft-ietf… Brian E Carpenter
- Re: [OPSEC] Tsvart last call review of draft-ietf… Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Mark Andrews
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … David Farmer
- Re: [OPSEC] Tsvart last call review of draft-ietf… Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Stewart Bryant
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Randy Bush
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Stewart Bryant
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christian Huitema
- [OPSEC] HbH flags [Tsvart last call review of dra… Brian E Carpenter
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Brian E Carpenter
- [OPSEC] game over, EH [Tsvart last call review of… Brian E Carpenter
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- [OPSEC] ECMP [Tsvart last call review of draft-ie… Brian E Carpenter
- Re: [OPSEC] HbH flags [Tsvart last call review of… Brian E Carpenter
- Re: [OPSEC] game over, EH [Tsvart last call revie… Stephen Farrell
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Fernando Gont
- Re: [OPSEC] game over, EH [Tsvart last call revie… Fernando Gont
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Fernando Gont
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Christopher Morrow
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Christopher Morrow
- Re: [OPSEC] HbH flags [Tsvart last call review of… Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] HbH flags [Tsvart last call review of… Gert Doering
- Re: [OPSEC] game over, EH [Tsvart last call revie… Gert Doering
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Brian Trammell (IETF)
- Re: [OPSEC] game over, EH [Tsvart last call revie… Stewart Bryant
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Stewart Bryant
- Re: [OPSEC] HbH flags [Tsvart last call review of… Ole Troan
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Stewart Bryant
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Ole Troan
- Re: [OPSEC] game over, EH [Tsvart last call revie… Stewart Bryant
- Re: [OPSEC] game over, EH [Tsvart last call revie… Gert Doering
- Re: [OPSEC] HbH flags [Tsvart last call review of… Stewart Bryant
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Stewart Bryant
- Re: [OPSEC] game over, EH [Tsvart last call revie… Stewart Bryant
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Gert Doering
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Ole Troan
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Spencer Dawkins at IETF
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Ole Troan
- Re: [OPSEC] HbH flags [Tsvart last call review of… Stewart Bryant
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Fernando Gont
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Smith, Donald
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Fernando Gont
- Re: [OPSEC] game over, EH [Tsvart last call revie… C. M. Heard
- Re: [OPSEC] game over, EH [Tsvart last call revie… Jared Mauch
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Jared Mauch
- Re: [OPSEC] game over, EH [Tsvart last call revie… C. M. Heard
- Re: [OPSEC] game over, EH [Tsvart last call revie… Smith, Donald
- Re: [OPSEC] game over, EH [Tsvart last call revie… Gert Doering
- Re: [OPSEC] game over, EH [Tsvart last call revie… Nico Williams
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Brian E Carpenter
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Brian E Carpenter
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Eric Rescorla
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Jared Mauch
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Fernando Gont
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Christopher Morrow
- Re: [OPSEC] HbH flags [Tsvart last call review of… Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Eric Rescorla
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Jared Mauch
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Eric Rescorla
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Pete Resnick
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Jared Mauch
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Jared Mauch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Jared Mauch
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Joe Touch
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Nico Williams
- [OPSEC] OT: TCP session lifetime - Re: [Tsv-art] … Jared Mauch
- Re: [OPSEC] OT: TCP session lifetime - Re: [Tsv-a… Nico Williams
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Eric Rescorla
- Re: [OPSEC] OT: TCP session lifetime - Re: [Tsv-a… Gert Doering
- [OPSEC] Engaging constructively [HbH flags [Tsvar… Alissa Cooper
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Wes Hardaker
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Brian E Carpenter
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Wes Hardaker
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Fernando Gont