Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-23.txt

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 09 February 2021 15:35 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BCA43A0E6F for <opsec@ietfa.amsl.com>; Tue, 9 Feb 2021 07:35:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.92
X-Spam-Level:
X-Spam-Status: No, score=-11.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=GqPZfPue; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Czu6FUWy
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wXvuiA1y0sgm for <opsec@ietfa.amsl.com>; Tue, 9 Feb 2021 07:35:08 -0800 (PST)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3146A3A0ECE for <opsec@ietf.org>; Tue, 9 Feb 2021 07:35:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4200; q=dns/txt; s=iport; t=1612884907; x=1614094507; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=uI0+Z8ALv7JAmiMM230/pZGCom7LooeippUGm02o3oc=; b=GqPZfPueaWVgQGoDpTuRrYSuhCRTKPSWxHVERZbFiqisQOimSa+HQ8rV tgHDjXQCJ8BXR/CkRqU0DKL0e7A2aBoQ7dPmqGDZsJzq59krXYUtipavS ksr1rgIvgAvrUMd+zP4gcKFRmdW7YNeYWGVZqMd54gRVDdHanIHRxqvpk c=;
X-IPAS-Result: =?us-ascii?q?A0AcCgDJqSJg/4QNJK1iHgE8DAILFYMiUQd2WjYxhEGDS?= =?us-ascii?q?AOOEQOZHIJTA1QLAQEBDQEBGA0IAgQBAYRLAheBawIlOBMCAwEBAQMCAwEBA?= =?us-ascii?q?QEFAQEBAgEGBHGFYQEMhkMBAQEBAwEBIREMAQEsDAsEAgEIEQMBAgMCJgICA?= =?us-ascii?q?iULFAEICAIEE4JwAYJVAy4BDqQoAooldoEygwQBAQaBNwIOQUSCPBiCEgmBD?= =?us-ascii?q?iqCdoQDgk2DcyYbgUE/gTgcglY+gl0BAQIBARWBRoMWNIIrgU8Ka2oEUQIUD?= =?us-ascii?q?jkWJ2kqHC2QIIMnpUwKgnqJNpJRAxYJgy6BNIkTlTCUNIsrlksCBAIEBQIOA?= =?us-ascii?q?QEGgWwjgVdwFRohKgGCPglHFwINkhCFFIVFczcCBgEJAQEDCXyLFwEB?=
IronPort-PHdr: =?us-ascii?q?9a23=3Av3txVhTaMzYtV+RCx0I1A1d3M9psv++ubAcI9p?= =?us-ascii?q?oqja5Pea2//pPkeVbS/uhpkESQBN+J6v9YhazRqa+zEWAD4JPUtncEfdQMUh?= =?us-ascii?q?IekswZkkQmB9LNEkz0KvPmLklYVMRPXVNo5Te3ZE5SHsutZlDOrDu19zFBUh?= =?us-ascii?q?n6PBB+c+LyHIOahs+r1ue0rpvUZQgAhDe0bb5oahusqgCEvcgNiowkIaE0mR?= =?us-ascii?q?Y=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,165,1610409600"; d="scan'208";a="643143768"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Feb 2021 15:35:05 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 119FZ1HC002719 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <opsec@ietf.org>; Tue, 9 Feb 2021 15:35:04 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 9 Feb 2021 09:35:01 -0600
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 9 Feb 2021 10:35:01 -0500
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 9 Feb 2021 10:35:00 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ATpxPZKVH8PuRzLDWUiQjJ6WovS/I0w9uu28bKJVZ68YPu9Kdy7ng0ZWDkxMoWIHOy7z3ruzmqivWtW4ZmfmL3iqp84c8FQxJ/B9aAUqkzHyn4t02RRme5OS59wuq+vDlKAMGWJ5huhGoopxmA4FO4LAuqaq21zghY49cnreGbONcs1yxnnvtg8LrAW7CTMH5BTCmgz/4fKTjjxVvUmBLKX6AiXSUWo/1EW75nUF0GStCu8GlJFfAA7u/ZXhEJ1rWWsLVfCgso2VQEfjwary/41JdVy+GOjn+5eu1Bf/Y9VdfvSagP2l/43vPwD7hC+fSB+gkp5OlQ+G6Zxn/Ja6iw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uI0+Z8ALv7JAmiMM230/pZGCom7LooeippUGm02o3oc=; b=IZH7NJo+Fcd2WkE960TYY0oicCiyMoSm2b83bVl5j03Wh643VJnPjHmTdB4vvMszGC6MpPqN+pStcjbTFRxt0jx5gEogxqHr7lXyz+gNTZlJ22TF7u3reiErlknMGo5j9UodLBHw6Kiezm2B2ADRQAcqwIsdf98ZoFGIRnhmv+GM5xWLl0SMyaGSSUubifdIkxwThCo+0U27VVfWp0enEfinGbeEl4eoATEcvzn01pz+e5S3Rxb+k77ZjWNFQvp/HSyGTiH3N2xCQKM0icyQDmafgGW5397PgLZaDijngzY9Arfh5LBLcDv7/JbQF1Vlw25f/a2CA0Ayw/8eylHctg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uI0+Z8ALv7JAmiMM230/pZGCom7LooeippUGm02o3oc=; b=Czu6FUWyTSCQcmH3aHJZbFL8bcU3YwrZGCJNFNghbGpdBxZvGRPMHs+j8kvNKxvcFT4feRz73886LGGHqjWuItN6P/JNdV/sETVmXsFYiNGYEyNZDOpCgKhk0RhguWUyssm3HYTDpyGNAuFze6ryqj7WwTYapEdc1pYCTbMeDHg=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB4870.namprd11.prod.outlook.com (2603:10b6:510:34::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.23; Tue, 9 Feb 2021 15:35:00 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::7d4c:6b05:89aa:85b]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::7d4c:6b05:89aa:85b%3]) with mapi id 15.20.3825.030; Tue, 9 Feb 2021 15:35:00 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: [OPSEC] I-D Action: draft-ietf-opsec-v6-23.txt
Thread-Index: AQHW/vc/9gHb9rsgMECzKRoF3xn9n6pQBRSA
Date: Tue, 9 Feb 2021 15:35:00 +0000
Message-ID: <E8B9DC64-74E2-4F8A-BA2B-808A67DB7512@cisco.com>
References: <161288407300.28367.13151446036912368833@ietfa.amsl.com>
In-Reply-To: <161288407300.28367.13151446036912368833@ietfa.amsl.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:c9d4:e122:d86f:c845]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: be5fd4ae-888b-4e0d-8de9-08d8cd104323
x-ms-traffictypediagnostic: PH0PR11MB4870:
x-microsoft-antispam-prvs: <PH0PR11MB487086128E587470D89EE778A98E9@PH0PR11MB4870.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /0KCCaRKTPKOMupSXYlw2imzBEcG5GLJBm4eHr1WRZsGlE2IWEz19SDGFhXc+Imhh4Bzg9sGf1JwNFQvh1SLWAyLIzruBxyo9DjOi6fDUbYDarPsZTuYiUA70jpPTAtNdQNbb1wFwh2idixIzs5WQmvkYrDbL++Xo4S5I02deM5APuc0MCK6Byk6lBcXg0HaXl6QhQVu6rZMPiXPnSJWMm0tkR32Ax4mJnznUj0hSao1uKAPAGal2rSnvZWQKgNbBZPHQXk1lKZeHdOJP9oKoRgpU/xO2Yossbnmz5tbWQTx/qdiyktcTe8GefVOQOZO4S+O7hfxny56b9R7odrEDZDob/EXUA0OY6gzED8H1UwL4TmAoG57YsdTcKgYMeD9UHblilbieRCiP9kvVm2h/zcfnVzziEt9GZLFjKsRqGYp2AzhIzqxjJXWysQS0drUdPpl2k0DOo+P0cKfxPChMNLGWhhWQSAAfZ5XALSQOr/6tRgiuh77FboyKrAAWl8JjMnLadVsRmTQdT5PES/PQK8gRcF47VjGqpEHVRUnWKM4V27HMTR+V0FS5yKdxfim0aCgRTPWtIKeUO9TTNwg2CP6oqep4CfTbA+rS9ISsxsFyAG+38QLoES2fnRbTGLcZW9hGa1i1dNJkfB+qcGlwA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(346002)(136003)(39860400002)(376002)(366004)(91956017)(2616005)(5660300002)(66556008)(316002)(64756008)(66476007)(6486002)(966005)(86362001)(66446008)(6512007)(478600001)(66574015)(83380400001)(33656002)(6916009)(66946007)(76116006)(8936002)(8676002)(6506007)(2906002)(53546011)(71200400001)(36756003)(186003)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?Ynp2c1ZSdCswMVlrdUxCVHJEc2M2KzUyRWN1M05pMDRJSzVSb2pUS2NIaHA3?= =?utf-8?B?SENhWFZYeU1xeHMwRjF4Vm5USkRteFpEMEFESjNUNWxBc1owbC8zZWsweHg2?= =?utf-8?B?TjdoM2Y3aFRiWjc4dmV6K1NJSjgvVlR1RWdncjlPUldaelNtdGRyQzBERXpz?= =?utf-8?B?RmcxdVpvTXp1cVVNZlBKZHI0K0dRMVF4ak9OSEtTamZNOE9SK0NlS296T3lL?= =?utf-8?B?VEhldGRwYjhzQ2tTYUFKZkoxeVhQa1RvOWlUYVZlRE5hQXQxaHlOT1d4K1o0?= =?utf-8?B?NTlaUWFQc2JsUVFoOG9pTjI2bFB5R0U3KzVvZXZnNUJKenZ1dWdYRzR1RUxx?= =?utf-8?B?RnpJaFU1dXpFa3hvSjVLSEpEL3RmWTVyQk9CZm5TNGVqcEZ2TTJFS05ZWmww?= =?utf-8?B?eTZCYTczT1BJSmNQa2NyZHVpNUdTNjJhMVpaR1JyMVNJSzJOT2hNMDIvTmxx?= =?utf-8?B?SlFGWHhDdVN6SXU2Q2p0NEFtZkFPVzhlZXFzVWZSTnY1dE45dXQ5YzAzei8r?= =?utf-8?B?QitLZzBXekk0SjF5aERKV0pYL0JNaW5TdDBLSXdKcEdSWTY4NzYyNE5Jemls?= =?utf-8?B?RGhkZEt1RXphSWlPM0F1U0NVTUxxTmNNVGFaV1F4b1dBQUNlTDA3NDIwY3dt?= =?utf-8?B?b01VTXBvcmhvM0FldUxObDVwd04yOWpJV0hpRzRuSU0zZU50d3ZERjY2U1F1?= =?utf-8?B?UHcvYnlhQWVTd0NkU2pvTmhPeWFteUozaWxocEpMWDNyTkwrTWdDakIyaUhl?= =?utf-8?B?MDNWWHVOb2dPaTVTSGxMSklTT3ZKT21hWUUreDU2MUxNUG1mT1A3UVFEOERL?= =?utf-8?B?TWdKY0pnQWpYL1htc3BqUFBqd2lVVEszb3FqVFVpRTRBMTVzMDk2SFdHcFJv?= =?utf-8?B?YjA0N1VJYS9Cbkt5RjJ3c1g4ZmdxSUZZeXBPVDl4ekxmdmd4RVJPdU8zV2JU?= =?utf-8?B?bVg3NUF2Rll4NVJ5WUxOcHhlMDZvcEJRSllXN1VobGZsVnRFR2dPMFJlTjNm?= =?utf-8?B?eHRCYThzUHlWekxYSGhsbDA3OVczUnBvSjBkTXhrNjZmaVVEbEFwV1I3VTIv?= =?utf-8?B?ejZtaUFXNXFLdXNMNkl2dVZzck01b3E1QXluN0ZOOHNSd2wxWFNjVGdtM3Z4?= =?utf-8?B?SnUvNWEvNUt1eERjeXhHRmpLOGErVXJJaFY1MExoVklwNTBINVlmUldkRGFQ?= =?utf-8?B?cG5Sb1g2dEJ1MTA2QStVZG11b1p6T09Lc0lIYTQwVDBPcW1kK05XenQ1REg4?= =?utf-8?B?eGRxbkNjQStDT1h1YTdBenlHdW50MHAzekVBUXYyaDh6QTJPblQvNzlycVVY?= =?utf-8?B?dG1rbThDUS84L1JTcjltSXBKZnV2NUJvaWlIK3p2bVY3MHNWNU9YNFd2a00r?= =?utf-8?B?WllpYjBVckZzaHMrOVYwVFJGRG9tU1E0ei9raHUrVWdQOU9wNjlnUEV2c0RS?= =?utf-8?B?bDFDUkZYYitFNzFta2xGTGxsKzZJVWNFdEV0cGZrU2xMNHU0RytlMFZweW1m?= =?utf-8?B?eFVCZkZURHJ4T3QrQVRXZlp6QXJBZEJoVm8rbEpwcVRzUGxjNTNzVHdwZHJQ?= =?utf-8?B?QXhsbWp3Ky9rN0xrdDUxZDhrMTRJQ0Fia2JVVG01WWNqZ1o2dzVGVGpGRjdp?= =?utf-8?B?ckhLSUNoYXdJcFlaUnpTU3p4VnB2OUFUSnVCVHVIWHE2MXVreERLQlZaQ3By?= =?utf-8?B?MUFYN1QrYUF4M1ZzZk1haHJOY25CWnJEM1A3ZC9JSTIvWDl3LzNvMEVadllZ?= =?utf-8?B?dnVjWkVsN25FREZaRi8rN0Jlbm9PNWg4OTM5WmswNkRkTUdmUlYzNnBFT3JN?= =?utf-8?B?S2p1OTFRQm1rRkdkbHJUY1YwT0VvWkFNNmdCSVVMNkV1b3ByMXVYNUdidXdV?= =?utf-8?Q?Z4Aoc7dDBxcqu?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <59E9151FBD50474CB300703D2E373682@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: be5fd4ae-888b-4e0d-8de9-08d8cd104323
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Feb 2021 15:35:00.1613 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QnfK5LuDSM3r1SYc11x0uIobGsR1HqlvY1tp8A1pA/RtnRUJSvCgCY9UFOC9qhcZj3dQ5GbkZLhMKHnrXW4/0w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4870
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/XRTbrSTvK8OetemgqbCEZwBW1jI>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-23.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2021 15:35:10 -0000

This -23 version should address all the points raised during the IETF Last Call.

I am contacting the OPSEC AD & chairs to move forward with the publication (this could include another IETF Last Call though as there are 250 changes:
https://www.ietf.org/rfcdiff?url1=draft-ietf-opsec-v6-21&url2=draft-ietf-opsec-v6-23 )

Thank you for your support

-éric 

-----Original Message-----
From: OPSEC <opsec-bounces@ietf.org> on behalf of "internet-drafts@ietf.org" <internet-drafts@ietf.org>
Reply-To: "opsec@ietf.org" <opsec@ietf.org>
Date: Tuesday, 9 February 2021 at 16:21
To: "i-d-announce@ietf.org" <i-d-announce@ietf.org>
Cc: "opsec@ietf.org" <opsec@ietf.org>
Subject: [OPSEC] I-D Action: draft-ietf-opsec-v6-23.txt


    A New Internet-Draft is available from the on-line Internet-Drafts directories.
    This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure WG of the IETF.

            Title           : Operational Security Considerations for IPv6 Networks
            Authors         : Eric Vyncke
                              Kiran Kumar
                              Merike Kaeo
                              Enno Rey
    	Filename        : draft-ietf-opsec-v6-23.txt
    	Pages           : 56
    	Date            : 2021-02-09

    Abstract:
       Knowledge and experience on how to operate IPv4 securely is
       available: whether it is the Internet or an enterprise internal
       network.  However, IPv6 presents some new security challenges.  RFC
       4942 describes the security issues in the protocol, but network
       managers also need a more practical, operations-minded document to
       enumerate advantages and/or disadvantages of certain choices.

       This document analyzes the operational security issues associated
       with several types of network (enterprises, service providers, and
       residential users) and proposes technical and procedural mitigation
       techniques.  The residential users case assumes a managed ISP CPE
       device.  Some very specific types of networks such as the Internet of
       Things (IoT) and unmanaged home networks are not discussed in this
       document.


    The IETF datatracker status page for this draft is:
    https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/

    There are also htmlized versions available at:
    https://tools.ietf.org/html/draft-ietf-opsec-v6-23
    https://datatracker.ietf.org/doc/html/draft-ietf-opsec-v6-23

    A diff from the previous version is available at:
    https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-23


    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at tools.ietf.org.

    Internet-Drafts are also available by anonymous FTP at:
    ftp://ftp.ietf.org/internet-drafts/


    _______________________________________________
    OPSEC mailing list
    OPSEC@ietf.org
    https://www.ietf.org/mailman/listinfo/opsec