Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Mon, 04 November 2019 14:38 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00080120891; Mon, 4 Nov 2019 06:38:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=mB9vVU/J; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=gSGS78C4
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o5WnG8Lg1qYb; Mon, 4 Nov 2019 06:38:10 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F4701208BF; Mon, 4 Nov 2019 06:38:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4780; q=dns/txt; s=iport; t=1572878290; x=1574087890; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=Cu+XwpumTqNK0+0RqrQtvO5cpyL33pAm6pSSJG69mUw=; b=mB9vVU/Jvf3TEw7AiUKfxdJRFGrdaNorNwN8ZCXv0cz4sfXYGRZ/kUa/ zTLxpXy9L8Yf8Lreqc9BsMdxbdqy079XQ2Dz8EZg6dMRlmdJPj/PGyrbx 6A4x840F8aG1o9A094SSTOeLARAPR5lbWr0UQ8f8d/CBKg/TIDZCzD0Zj 0=;
IronPort-PHdr: 9a23:umKYehUHBPSWUsH3yk2gxzYMO2PV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSA92J8OpK3uzRta2oGXcN55qMqjgjSNRNTFdE7KdehAk8GIiAAEz/IuTtank3AtVEX1xo13q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AeAADwNsBd/4sNJK1mGQEBAQEBAQEBAQEBAQEBAQEBEQEBAQEBAQEBAQEBgWwBAQEBAQELAYFKJCwFbFggBAsqhCmDRgOKdYJeiVaOJ4JSA1QJAQEBDAEBGAsKAgEBhEACF4N3JDcGDgIDCwEBBAEBAQIBBQRthTcMhVEBAQEBAgEBARAREQwBASwLAQ8CAQgOCgICJgICAh8GCxUQAgQBDQUUDoMAAYJGAw4gAQ6mSAKBOIhgdYEygn4BAQWBOAIOQUCCQg0LghcJgQ4oAYUWA4Z5GIFAP4E4H4JMPoIbRwEBAgEBFoFHF4J5MoIsj36dN0EKgiSHEYoVhBAbgjxyhmiLfYNSjkKILoIRjxgCBAIEBQIOAQEFgWgjgVhwFRohKgGCQQlHERSDBoNzhRSFP3SBKI1FAQE
X-IronPort-AV: E=Sophos;i="5.68,267,1569283200"; d="scan'208";a="372488212"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 Nov 2019 14:38:09 +0000
Received: from XCH-RCD-010.cisco.com (xch-rcd-010.cisco.com [173.37.102.20]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id xA4Ec9s9005595 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 4 Nov 2019 14:38:09 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-010.cisco.com (173.37.102.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 4 Nov 2019 08:38:08 -0600
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 4 Nov 2019 09:38:06 -0500
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 4 Nov 2019 09:38:06 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QihRaw3ZQUzg9rwLqY17S0bzTIZ/2+ipYhPWdxQD5Xh4PygGJPRwgghlDteHECuT28Y9igDRI1a62bXoNsaiVgvcJrBHXO07hDDLnd7jBvwsdRvmC00+D76tepRjYcxlvwrn+IkHGvEHLMOUxBHr/Ta5YyuWIqlg+xt1YUVqQqljWZt7l8IG5mAqVAnYDoyROc9YwzqyfaeWhRn/VUPce3FI3Ogy1gbVOEKWUKLNv+L7nDlUR2VNQsWrgLYlYuMAQcmi5oHYUCklrhick9W/9wWP2fUj/FwhI5mmlhRwzutYnk5fpEYjYQE/tO7hD/r3e7f8IdMgM4DgsiTaRMrkFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Cu+XwpumTqNK0+0RqrQtvO5cpyL33pAm6pSSJG69mUw=; b=ZcIbNE5QwUMBHzdIUrgdhQ+NBww+8tY5vaTAVLluBH+PLgVAlRbEZ8GVi9ASiPiwGc4cbaNKUUYyDHK9kRdrjOS6Peww1g+H7NqSwYl4RdMU0AorhUOffrUj+vXooUFTlTDy2mxU4k6VLDxfPPQRUtl9KlfHem9vLNwYP7SbRTTaT3iyCppbeFCiMJvw27+jfzILzJFH+uFRosylnBXq41OPhvygC9lr5D2EqrXq9Hx1uDnf13WkCm4CI/ExuAaLBm3EbALpb3toieaTPNY1d9wcQworkS4y0Yxwh0bU/9WIJfuDEmOupv58uMhM+HileBKIFMpYMfWuIBoszlgx2Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Cu+XwpumTqNK0+0RqrQtvO5cpyL33pAm6pSSJG69mUw=; b=gSGS78C4YPcGo0P2nOVlwwjgx9QeVT6oXILZYDAVkDhqc1vSGJx0KhJliAag8zc+OxQdBMsPqF0XuDzRcKoIFmDoawei53qyAy64AB1l8OSUH0lE9D83SBQieTPcDcwuW0EVqmBmjsvcuaH2X3Z01tMMwZ1XYD4ZqQ+get123fM=
Received: from CY4PR11MB1752.namprd11.prod.outlook.com (10.175.59.14) by CY4PR11MB1911.namprd11.prod.outlook.com (10.175.63.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Mon, 4 Nov 2019 14:38:05 +0000
Received: from CY4PR11MB1752.namprd11.prod.outlook.com ([fe80::65f4:880d:4ba0:2ae]) by CY4PR11MB1752.namprd11.prod.outlook.com ([fe80::65f4:880d:4ba0:2ae%10]) with mapi id 15.20.2408.024; Mon, 4 Nov 2019 14:38:05 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Gyan Mishra <hayabusagsm@gmail.com>, "opsec@ietf.org" <opsec@ietf.org>
CC: "i-d-announce@ietf.org" <i-d-announce@ietf.org>
Thread-Topic: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt
Thread-Index: AQHVkxvTCwtKb9Pe4UuuiLsWFfIPgqd7JXoA
Date: Mon, 04 Nov 2019 14:38:04 +0000
Message-ID: <1AAA80C6-080B-492D-ABC9-645B9CEFDC99@cisco.com>
References: <157281820483.13177.8617036261217670675@ietfa.amsl.com> <82AA0F9C-7836-464F-8F19-69FEDB197D53@gmail.com>
In-Reply-To: <82AA0F9C-7836-464F-8F19-69FEDB197D53@gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [2001:420:c0c1:36:4d9d:496f:af35:27a3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2d23e5d5-c308-4518-a043-08d761349a42
x-ms-traffictypediagnostic: CY4PR11MB1911:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <CY4PR11MB1911069A7713B7037B7C7D1FA97F0@CY4PR11MB1911.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0211965D06
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(39860400002)(396003)(136003)(346002)(199004)(189003)(6246003)(36756003)(256004)(91956017)(14444005)(966005)(8936002)(4326008)(81166006)(81156014)(6116002)(6506007)(25786009)(58126008)(99286004)(110136005)(2501003)(2906002)(66574012)(71190400001)(71200400001)(66476007)(64756008)(76116006)(66446008)(66946007)(66556008)(5660300002)(33656002)(6306002)(86362001)(186003)(76176011)(14454004)(7736002)(305945005)(229853002)(476003)(2616005)(486006)(316002)(8676002)(478600001)(46003)(6436002)(11346002)(446003)(6486002)(6512007)(102836004)(53546011); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR11MB1911; H:CY4PR11MB1752.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: c9Wf0TH8tvQBbGAAMBRl7/MaJMQXE+eLTQZ9EsyqKpxH1NGGeLebrVXeXJqaM+q+8xBEJH0dH8eRR0+cKLoqwFirL50aTq/vrA+p7yzRYXA4TGa2aBNoPvJ4RzF0GSQLcf8I1f9Z2jvA/kO069V+GA3UObE25TiAgHp/Mhl3F43ZHCA24N3aPjPOAyWlHWr2120ndC7DOiv8C9CZsyC/TUL9dZ9WZfvG24vJ0F6w3ZxFQvCqfTqZ9y09EvjoLtXawsgdofOab/UQazWM9LJty9HVIQ0Cm9vH6ZVnvEsc38Y5OqbzuM59/tF3DfujmFHO+04Egsemfn1v8bPWGyGXUGZZhGMLk9VZDaTSHqhacUge7f4W789qU6vYZ1WUt5g7xeSYI+Wm57qqsbs3dvl4EldM+rMO6/0g+B34rYDTXDETP98U3w1QhdCnW6uvZ2lmwiDR4GLsfZ1ziOS+IM+sZ17opvwBUFPhbofEkMFwTSA=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <6B3C3E7873854C44AEB24C6FC072533A@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2d23e5d5-c308-4518-a043-08d761349a42
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2019 14:38:04.8736 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tU2p6mfEjeiFH1PJsCV7Nkxop03iK3+cR6sbFMaBCRfbkabtlzOhxV6v5fBVzWR5hH/7IqmwdDc81QyaqEWySA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1911
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.20, xch-rcd-010.cisco.com
X-Outbound-Node: alln-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/XHc9xwGxdpP6a3RKgaapKlpE1XE>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 14:38:16 -0000

Hello Gyan,

Thank you for reminding the author to post the 'gist' of the changes with version -21.

Our OPS AD, Warren "Ace" Kumari,  has kindly reviewed our document and has identified more than 70 areas where the text was ambiguous or using bad English... No wonder, none of the 4 authors are English-speaking native: it is a mix of Estonian (Merike who also speaks German and Russian[1]), one of the 22 (?) language of India (KK), German (Enno who also speaks French and Spanish) and French (myself also speaking Dutch) __ __ IETF community is really diverse !

Thank you very much in advance for finalizing the shepherd write-up

-éric

[1] I can be wrong for Merike BTW but she is quadri-lingual

On 04/11/2019, 15:26, "Gyan Mishra" <hayabusagsm@gmail.com> wrote:

    Hi Eric 
    
    Just checking what the updates are that went in v21 since this document is now ready to be published just pending my Shepard writeup which I plan to finish this week.  
    
    Thank you 
    
    Gyan
    
    Sent from my iPhone
    
    > On Nov 3, 2019, at 4:56 PM, internet-drafts@ietf.org wrote:
    > 
    > 
    > A New Internet-Draft is available from the on-line Internet-Drafts directories.
    > This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure WG of the IETF.
    > 
    >        Title           : Operational Security Considerations for IPv6 Networks
    >        Authors         : Eric Vyncke
    >                          Kiran Kumar Chittimaneni
    >                          Merike Kaeo
    >                          Enno Rey
    >    Filename        : draft-ietf-opsec-v6-21.txt
    >    Pages           : 52
    >    Date            : 2019-11-03
    > 
    > Abstract:
    >   Knowledge and experience on how to operate IPv4 securely is
    >   available: whether it is the Internet or an enterprise internal
    >   network.  However, IPv6 presents some new security challenges.  RFC
    >   4942 describes the security issues in the protocol but network
    >   managers also need a more practical, operations-minded document to
    >   enumerate advantages and/or disadvantages of certain choices.
    > 
    >   This document analyzes the operational security issues in several
    >   places of a network (enterprises, service providers and residential
    >   users) and proposes technical and procedural mitigations techniques.
    >   Some very specific places of a network such as the Internet of Things
    >   are not discussed in this document.
    > 
    > 
    > The IETF datatracker status page for this draft is:
    > https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/
    > 
    > There are also htmlized versions available at:
    > https://tools.ietf.org/html/draft-ietf-opsec-v6-21
    > https://datatracker.ietf.org/doc/html/draft-ietf-opsec-v6-21
    > 
    > A diff from the previous version is available at:
    > https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-21
    > 
    > 
    > Please note that it may take a couple of minutes from the time of submission
    > until the htmlized version and diff are available at tools.ietf.org.
    > 
    > Internet-Drafts are also available by anonymous FTP at:
    > ftp://ftp.ietf.org/internet-drafts/
    > 
    > _______________________________________________
    > OPSEC mailing list
    > OPSEC@ietf.org
    > https://www.ietf.org/mailman/listinfo/opsec