Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt
Ron Bonica <rbonica@juniper.net> Mon, 14 October 2019 23:14 UTC
Return-Path: <rbonica@juniper.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5179D1208B0 for <opsec@ietfa.amsl.com>; Mon, 14 Oct 2019 16:14:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ymfFG9-hhKSv for <opsec@ietfa.amsl.com>; Mon, 14 Oct 2019 16:14:51 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99109120893 for <opsec@ietf.org>; Mon, 14 Oct 2019 16:14:51 -0700 (PDT)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x9ENBii9030452; Mon, 14 Oct 2019 16:14:48 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=VPh4ntG7kOnRqcE2AwPEOjrlZ7mprhGelBZD18aHFUE=; b=SnfKwFCnwCfEkDJ9BP8/Fq6LoWY5DIvvrUPKj5y8i3rg/KBGXQjLdnpKiD3zEl0Jkca9 W7Rvb8O5sGVW5FBAADnKelUg6piyuYrUOHokLdrN3Viibo4lrXz/JILgw5PGZxBd10Wy CdFb+NECvlQd55fhS840uoxpa25Q+o3pXop9+SwNoPnGj8pEhCFRD36ERRIYyZPqaVaZ VHu8FwfpDKQrel/nbyFQ4Hf3o2uwuJfC2d94KpiT88NftAGRHhUhhKyVImxrx9Hmqxbx Oss7FDylcxqo47Bvy80XQcaAJxYc9rTqa/UZMADKlC0Lq6OwLWDEsQG8QsSBX8eUJtZS 0Q==
Received: from nam03-dm3-obe.outbound.protection.outlook.com (mail-dm3nam03lp2059.outbound.protection.outlook.com [104.47.41.59]) by mx0a-00273201.pphosted.com with ESMTP id 2vmr0y118k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 14 Oct 2019 16:14:48 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dJzoHJhOm+Y4LIG1O1ypnhcN0lSsPegx97zZf85mZsaKocd6Zkbo+gp4xjNPs42hozLQBBvMHN0zGUHZDhmB2wiXT5bBUZbO188K8t8xP9ZrVb1ddB5n6LjBL687/Vz3gebc36Y+Jf102qJPgchNo8K55xt68ZQtpfoVvM8PytixVkoJrH8xFz4MhLqTs2V3Z2VRFCiaN35iGES5o4ouLvkWPoyWFIc0CFERiPazlpYh1G2x/8O65OoXXUXhmFZacXwPz/HeZqrO48UELErQUE/JgFhYjXjE5zuVnn6Q0D83dlKm6OVYlqqg3UvF+ADt0ugLJpnf8QTJGp9AcUenlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VPh4ntG7kOnRqcE2AwPEOjrlZ7mprhGelBZD18aHFUE=; b=UW6j344wvRACGQM8eE6hfzG391puOL8ykaWDbK0dUavzSlPWFMw2Xu9uNQ57IAx6HchLafyfx+m70sX3Joo+pu/0qam3pgPzMMVk6978rVH+tV/wqtpT0NnAo1J6kUK6psYfm8RIdiJXo7FJRT3/oZaNdVD4FBQBu5G1oSbufKooIK8i+usNBm20iW+f6xjIV2GUOWu4nBvGdAJa/AC6NPhlwDZsseaCcBgnaJ2uoJt32e5uBTGby72CnW7bpXnH6lzouVI29DXbX21b/bcfa9GNWc3zElMrWUGAofQntuQbpFoG+jTsL64FbhsPPA6GOPdyAfumh0wcN0crf2LouQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
Received: from BN7PR05MB5699.namprd05.prod.outlook.com (20.176.28.88) by BN7PR05MB6276.namprd05.prod.outlook.com (20.176.29.212) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.14; Mon, 14 Oct 2019 23:14:46 +0000
Received: from BN7PR05MB5699.namprd05.prod.outlook.com ([fe80::c9d9:5faf:5aee:ee8d]) by BN7PR05MB5699.namprd05.prod.outlook.com ([fe80::c9d9:5faf:5aee:ee8d%6]) with mapi id 15.20.2347.023; Mon, 14 Oct 2019 23:14:46 +0000
From: Ron Bonica <rbonica@juniper.net>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt
Thread-Index: AQHVgM9qCXNfO+2Yk0OA93yzEpLb9KdWnyAAgAQpIHA=
Content-Class:
Date: Mon, 14 Oct 2019 23:14:45 +0000
Message-ID: <BN7PR05MB56997470CC6BB671C949202CAE900@BN7PR05MB5699.namprd05.prod.outlook.com>
References: <157086559138.1393.1472645196672102960@ietfa.amsl.com> <AD406E0A-4CAF-44FE-A583-3A6E4E4A0FD4@cisco.com>
In-Reply-To: <AD406E0A-4CAF-44FE-A583-3A6E4E4A0FD4@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner=rbonica@juniper.net; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2019-10-14T23:14:44.0479789Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application=Microsoft Azure Information Protection; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=6e8df741-f7dc-4d3a-bdc8-3d84b051de6f; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method=Automatic
dlp-product: dlpe-windows
dlp-version: 11.2.0.14
dlp-reaction: no-action
x-originating-ip: [108.28.233.91]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3f6eae11-8332-4ac5-3516-08d750fc4db0
x-ms-office365-filtering-ht: Tenant
x-ms-traffictypediagnostic: BN7PR05MB6276:
x-ms-exchange-purlcount: 6
x-microsoft-antispam-prvs: <BN7PR05MB62769078F7ABA0E31CE39C4DAE900@BN7PR05MB6276.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 01901B3451
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(136003)(376002)(366004)(396003)(346002)(189003)(199004)(13464003)(76176011)(11346002)(6506007)(8676002)(52536014)(102836004)(446003)(81156014)(5660300002)(81166006)(7696005)(66066001)(99286004)(33656002)(6116002)(110136005)(25786009)(316002)(53546011)(3846002)(478600001)(8936002)(26005)(186003)(6436002)(74316002)(66574012)(4326008)(86362001)(305945005)(256004)(2501003)(71200400001)(229853002)(966005)(6246003)(14444005)(55016002)(7736002)(6306002)(9686003)(71190400001)(2906002)(64756008)(66446008)(14454004)(4001150100001)(76116006)(486006)(66476007)(66556008)(66946007)(476003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR05MB6276; H:BN7PR05MB5699.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jtIscoXOciPwRCNDRlZIarGLK1qCDVkO58h1z40wLhtQsMY+sf+1O0SJhTx/DJ6ciB4PFLQWT4n0o5bx1qdcToZZhyKX2sREpr1YzuTVwkw0JslkVzTlZKnP0QRRtBMGlkz8MVmNgErTXuUm6GOD6SLhyjPcrp88HKGlCM4b0oWdhOTIFG6v/v3ogISFfnFpzWcVx4rJh39TvwuFAtVR8zWLR+DUmAs/qlyxKWdtMu4WodXgYohTc6KnmbI247gh0lr4UnMA21bQj3dRxFr10KBCE5Fzm/IjuhaP02pOowjKdgCVEaxtmYUPbDI0JrgTi/XCQy9XAgX7E3SElIhGvYj62OotM3GBarPB56eiieMMQkCtICURcDOZPLJf3mCWcTsrG+Jz/dWccglXtlWaWj4J+NXRZImjiED1y0BujN3/s8s6ujjvxbJIwDVdMb/8tbOwtfHvCFDI0D0NWLYTEA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 3f6eae11-8332-4ac5-3516-08d750fc4db0
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Oct 2019 23:14:45.9040 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7FyMr1yHDGMnQqTfYvtc89aANs/WClYyGbjYeCKOrROIWU7IVA+M7T+v48/TREhkd1AvcsBdkI8irmWCYSkEtA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR05MB6276
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-14_11:2019-10-11,2019-10-14 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 impostorscore=0 spamscore=0 mlxscore=0 clxscore=1011 malwarescore=0 lowpriorityscore=0 adultscore=0 priorityscore=1501 phishscore=0 suspectscore=0 bulkscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1910140195
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/X68mJfXKkmvTK14Or4iduf_4t4w>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2019 23:14:55 -0000
Jen, I am ready to request publication. But before we do that, we need a document shepherd. Eric, Was there anyone who was close to the draft, but not a co-author. We can victimteer that person. Ron Juniper Business Use Only -----Original Message----- From: Eric Vyncke (evyncke) <evyncke@cisco.com> Sent: Saturday, October 12, 2019 3:41 AM To: opsec@ietf.org Cc: Jen Linkova <furry13@gmail.com>; Ron Bonica <rbonica@juniper.net> Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt As you will notice in https://urldefense.com/v3/__https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-20__;!8WoA6RjC81c!R2vH-_v3NugiwIfTcXccEC89zGAXYR4rIB7oMxgV_5Tl11Z9jXZgMMuVCfC0QrYg$ this latest revision addresses a suggestion by Gyan Mishra issued during the Working Group Last Call. Other changes are mainly replacing the normative "MUST" and "SHOULD" as it is an informational document (so it is now "must" and "should") + removing an unused informational reference. Jen and Ron, as the authors have addressed all comments received during the WGLC (actually by only one reviewer) and the extensive review by Jen, may I kindly request publication of this document? Thank you all -éric -merike - kk -enno On 12/10/2019, 09:34, "OPSEC on behalf of internet-drafts@ietf.org" <opsec-bounces@ietf.org on behalf of internet-drafts@ietf.org> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure WG of the IETF. Title : Operational Security Considerations for IPv6 Networks Authors : Eric Vyncke Kiran K. Chittimaneni Merike Kaeo Enno Rey Filename : draft-ietf-opsec-v6-20.txt Pages : 52 Date : 2019-10-12 Abstract: Knowledge and experience on how to operate IPv4 securely is available: whether it is the Internet or an enterprise internal network. However, IPv6 presents some new security challenges. RFC 4942 describes the security issues in the protocol but network managers also need a more practical, operations-minded document to enumerate advantages and/or disadvantages of certain choices. This document analyzes the operational security issues in several places of a network (enterprises, service providers and residential users) and proposes technical and procedural mitigations techniques. Some very specific places of a network such as the Internet of Things are not discussed in this document. The IETF datatracker status page for this draft is: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/__;!8WoA6RjC81c!R2vH-_v3NugiwIfTcXccEC89zGAXYR4rIB7oMxgV_5Tl11Z9jXZgMMuVCVgtmnGd$ There are also htmlized versions available at: https://urldefense.com/v3/__https://tools.ietf.org/html/draft-ietf-opsec-v6-20__;!8WoA6RjC81c!R2vH-_v3NugiwIfTcXccEC89zGAXYR4rIB7oMxgV_5Tl11Z9jXZgMMuVCQdAq-nG$ https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/draft-ietf-opsec-v6-20__;!8WoA6RjC81c!R2vH-_v3NugiwIfTcXccEC89zGAXYR4rIB7oMxgV_5Tl11Z9jXZgMMuVCTaFWv3h$ A diff from the previous version is available at: https://urldefense.com/v3/__https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-20__;!8WoA6RjC81c!R2vH-_v3NugiwIfTcXccEC89zGAXYR4rIB7oMxgV_5Tl11Z9jXZgMMuVCfC0QrYg$ Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: https://urldefense.com/v3/__ftp://ftp.ietf.org/internet-drafts/__;!8WoA6RjC81c!R2vH-_v3NugiwIfTcXccEC89zGAXYR4rIB7oMxgV_5Tl11Z9jXZgMMuVCXkuUebd$ _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/opsec__;!8WoA6RjC81c!R2vH-_v3NugiwIfTcXccEC89zGAXYR4rIB7oMxgV_5Tl11Z9jXZgMMuVCVjA-7t2$
- Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt Eric Vyncke (evyncke)
- [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt internet-drafts
- Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt Ron Bonica
- Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt Gyan Mishra
- Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt Ron Bonica
- Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt Eric Vyncke (evyncke)
- Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt Gyan Mishra
- Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt KK Chittimaneni
- Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt Eric Vyncke (evyncke)
- Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-20.txt Gyan Mishra