IETF Logo Mail Archive

Re: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering

Warren Kumari <warren@kumari.net> Tue, 05 June 2012 18:57 UTC

Return-Path: <warren@kumari.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6C2B21F867A for <opsec@ietfa.amsl.com>; Tue, 5 Jun 2012 11:57:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.999
X-Spam-Level:
X-Spam-Status: No, score=-105.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YZMpOMGR7D9Y for <opsec@ietfa.amsl.com>; Tue, 5 Jun 2012 11:57:35 -0700 (PDT)
Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by ietfa.amsl.com (Postfix) with ESMTP id 2B65E21F86A1 for <opsec@ietf.org>; Tue, 5 Jun 2012 11:57:35 -0700 (PDT)
Received: from dhcp-220-207.meetings.nanog.org (dhcp-220-207.meetings.nanog.org [199.187.220.207]) by vimes.kumari.net (Postfix) with ESMTPSA id DDEC91B40115; Tue, 5 Jun 2012 14:57:33 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="windows-1252"
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <4FC7C0C2.9080708@juniper.net>
Date: Tue, 05 Jun 2012 11:57:45 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <A0BA22A1-9F54-4DB5-A83A-22477543A937@kumari.net>
References: <55C66AF5-F84F-44BF-9972-8725244F3302@kumari.net> <BCF52336-92E7-41AB-8E32-D029DB2B24C4@kumari.net> <4FC7C0C2.9080708@juniper.net>
To: Dave Dugal <dave@juniper.net>
X-Mailer: Apple Mail (2.1278)
Cc: "opsec@ietf.org" <opsec@ietf.org>, Warren Kumari <warren@kumari.net>
Subject: Re: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2012 18:57:36 -0000

On May 31, 2012, at 12:04 PM, Dave Dugal wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Warren.
> 
> I have also read Fernando's draft and do see the value and benefit of
> proposing a more granular approach to IP options filtering.  Many
> times, the only mitigation for a particular attack or issue is to drop
> all optioned packets, which depending on configuration and topology
> can do more harm than good.  BCP'ing a more finely granular approach
> is not without merit.
> 
> Should we adopt this draft, I do agree with previous comments that
> perhaps more fine-tuning of recommended options, tradeoffs and caveats
> is warranted, but that discussion can continue within the WG.
> 
> I support the adoption of this draft as an OPSEC working group document.

Great, thank you..

Anyone else? We only have another 2 or so days before the adoption call closes, and I'd really like to see some more feedback, even a simple "Support" or "No, worst idea ever!!!"

W


> 
> - ---
> Dave Dugal
> Sr. Product Security Incident Wrangler
> 
> 
> On 5/31/2012 9:42 AM, Warren Kumari <warren@kumari.net> proclaimed ...
>> Dear Working Group,
>> 
>> We are now halfway through the call for adoption on this draft --
>> please take a moment to read and comment on if you support the
>> adoption of this draft…
>> 
>> W On May 24, 2012, at 11:58 AM, Warren Kumari wrote:
>> 
>>> Dear Working Group,
>>> 
>>> This is to start a two week poll to adopt 
>>> draft-gont-opsec-ip-options-filtering ( helpful link:
>>> http://tools.ietf.org/html/draft-gont-opsec-ip-options-filtering-04)
>>> 
>>> 
> as an OpSec Working Group draft.
>>> 
>>> Please send your comments to the OpSec list (opsec@ietf.org).
>>> 
>>> This adoption call closes on June 7th, 2012.
>>> 
>>> (This document was discussed in the Paris meeting, and not enough
>>> people had read the document to be able to predict consensus.
>>> Please take a moment (or 5) to read and comment. I should mention
>>> that Memorial Day is coming up in the US soon -- there is nothing
>>> quite so enjoyable as reading drafts on the beach -- try it!)
>>> 
>>> W
>>> 
>>> -- With Feudalism, it's your Count that votes.
>>> 
>>> 
>>> _______________________________________________ OPSEC mailing
>>> list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
>>> 
>> 
>> _______________________________________________ OPSEC mailing list 
>> OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
>> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (MingW32)
> 
> iEYEARECAAYFAk/HwMIACgkQh59lzatuAqXiuwCgtXDacC7wSx0gtdfC41JRXcJN
> 03MAoPf9m5FVlWOrHlOJzsPrRI117UqR
> =lEqG
> -----END PGP SIGNATURE-----
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
> 

--
What our ancestors would really be thinking, if they were alive today, is: "Why is it so dark in here?"

    -- (Terry Pratchett, Pyramids)

v2.23.0 | Report a Bug | By Email