IETF Logo Mail Archive

Re: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering

Fernando Gont <fernando@gont.com.ar> Thu, 31 May 2012 18:46 UTC

Return-Path: <fernando.gont.netbook.win@gmail.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4025F21F86DB for <opsec@ietfa.amsl.com>; Thu, 31 May 2012 11:46:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qm4VMMVxq8Jz for <opsec@ietfa.amsl.com>; Thu, 31 May 2012 11:46:23 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 4D63821F86E0 for <opsec@ietf.org>; Thu, 31 May 2012 11:46:23 -0700 (PDT)
Received: by yhq56 with SMTP id 56so1118081yhq.31 for <opsec@ietf.org>; Thu, 31 May 2012 11:46:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=yjOxlyltsmH60KklomfOed4HUTf1ZiO4109Neh/cEh8=; b=O7tZRomF16JVKlL1VoTyN2EiJhGfkHOAOlPzfd77Q48wrB+NkAc627IalIDSj4NwAl wMISPGpUWtPz8qiJRQ1N0ZcBv10HwTr53s/s/WYLADiulNGiYUvv5wtPe+IRdRrA4rI0 xxNG98hzSZbE9Yk/GVJY6wv7Ai3c3P7pA4vvBg8k7H37NhCO1y84sh9+bHLgvSkNGh+u tVihs+GEMdq7gUxZioQ+n4CpEd56884hpFDVpznKaDZz3yDY57u+1dWjmNmkj3pGKdMO aSx2ojunVA6/HVj+f/slhuqmPsgcEJ2CKAGExJifdOC0xKKpgHkh0f3rnRE+SlRdKFLm 0I5w==
Received: by 10.236.177.35 with SMTP id c23mr3299821yhm.26.1338489982898; Thu, 31 May 2012 11:46:22 -0700 (PDT)
Received: from [192.168.0.212] (61-128-17-190.fibertel.com.ar. [190.17.128.61]) by mx.google.com with ESMTPS id b8sm5659082anm.4.2012.05.31.11.46.02 (version=SSLv3 cipher=OTHER); Thu, 31 May 2012 11:46:21 -0700 (PDT)
Sender: Fernando Gont <fernando.gont.netbook.win@gmail.com>
Message-ID: <4FC7BC53.40102@gont.com.ar>
Date: Thu, 31 May 2012 15:45:39 -0300
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: John Leslie <john@jlc.net>
References: <55C66AF5-F84F-44BF-9972-8725244F3302@kumari.net> <BCF52336-92E7-41AB-8E32-D029DB2B24C4@kumari.net> <20120531181136.GB93700@verdi>
In-Reply-To: <20120531181136.GB93700@verdi>
X-Enigmail-Version: 1.5pre
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: opsec@ietf.org, Warren Kumari <warren@kumari.net>
Subject: Re: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2012 18:46:24 -0000

On 05/31/2012 03:11 PM, John Leslie wrote:
>    Fernando recommends dropping a lot of optioned packets, many of which
> I see no particular reason to drop -- the security issues seem minor.

Could you please list a few of such?

We've been very careful in not recommending dropping packets for which
there's a use case, and just recommended those that have been obsoleted.

Therefore, your comment kind of comes as a surprise... (but some have
been recommended to be dropped in error, we'd be happy to fix the document).

Thanks,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

v2.23.0 | Report a Bug | By Email