Re: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering
Warren Kumari <warren@kumari.net> Tue, 05 June 2012 18:57 UTC
Return-Path: <warren@kumari.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6C2B21F867A for <opsec@ietfa.amsl.com>; Tue, 5 Jun 2012 11:57:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.999
X-Spam-Level:
X-Spam-Status: No, score=-105.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YZMpOMGR7D9Y for <opsec@ietfa.amsl.com>; Tue, 5 Jun 2012 11:57:35 -0700 (PDT)
Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by ietfa.amsl.com (Postfix) with ESMTP id 2B65E21F86A1 for <opsec@ietf.org>; Tue, 5 Jun 2012 11:57:35 -0700 (PDT)
Received: from dhcp-220-207.meetings.nanog.org (dhcp-220-207.meetings.nanog.org [199.187.220.207]) by vimes.kumari.net (Postfix) with ESMTPSA id DDEC91B40115; Tue, 5 Jun 2012 14:57:33 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="windows-1252"
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <4FC7C0C2.9080708@juniper.net>
Date: Tue, 05 Jun 2012 11:57:45 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <A0BA22A1-9F54-4DB5-A83A-22477543A937@kumari.net>
References: <55C66AF5-F84F-44BF-9972-8725244F3302@kumari.net> <BCF52336-92E7-41AB-8E32-D029DB2B24C4@kumari.net> <4FC7C0C2.9080708@juniper.net>
To: Dave Dugal <dave@juniper.net>
X-Mailer: Apple Mail (2.1278)
Cc: "opsec@ietf.org" <opsec@ietf.org>, Warren Kumari <warren@kumari.net>
Subject: Re: [OPSEC] Call for adoption of draft-gont-opsec-ip-options-filtering
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2012 18:57:36 -0000
On May 31, 2012, at 12:04 PM, Dave Dugal wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Warren. > > I have also read Fernando's draft and do see the value and benefit of > proposing a more granular approach to IP options filtering. Many > times, the only mitigation for a particular attack or issue is to drop > all optioned packets, which depending on configuration and topology > can do more harm than good. BCP'ing a more finely granular approach > is not without merit. > > Should we adopt this draft, I do agree with previous comments that > perhaps more fine-tuning of recommended options, tradeoffs and caveats > is warranted, but that discussion can continue within the WG. > > I support the adoption of this draft as an OPSEC working group document. Great, thank you.. Anyone else? We only have another 2 or so days before the adoption call closes, and I'd really like to see some more feedback, even a simple "Support" or "No, worst idea ever!!!" W > > - --- > Dave Dugal > Sr. Product Security Incident Wrangler > > > On 5/31/2012 9:42 AM, Warren Kumari <warren@kumari.net> proclaimed ... >> Dear Working Group, >> >> We are now halfway through the call for adoption on this draft -- >> please take a moment to read and comment on if you support the >> adoption of this draft… >> >> W On May 24, 2012, at 11:58 AM, Warren Kumari wrote: >> >>> Dear Working Group, >>> >>> This is to start a two week poll to adopt >>> draft-gont-opsec-ip-options-filtering ( helpful link: >>> http://tools.ietf.org/html/draft-gont-opsec-ip-options-filtering-04) >>> >>> > as an OpSec Working Group draft. >>> >>> Please send your comments to the OpSec list (opsec@ietf.org). >>> >>> This adoption call closes on June 7th, 2012. >>> >>> (This document was discussed in the Paris meeting, and not enough >>> people had read the document to be able to predict consensus. >>> Please take a moment (or 5) to read and comment. I should mention >>> that Memorial Day is coming up in the US soon -- there is nothing >>> quite so enjoyable as reading drafts on the beach -- try it!) >>> >>> W >>> >>> -- With Feudalism, it's your Count that votes. >>> >>> >>> _______________________________________________ OPSEC mailing >>> list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec >>> >> >> _______________________________________________ OPSEC mailing list >> OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec >> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (MingW32) > > iEYEARECAAYFAk/HwMIACgkQh59lzatuAqXiuwCgtXDacC7wSx0gtdfC41JRXcJN > 03MAoPf9m5FVlWOrHlOJzsPrRI117UqR > =lEqG > -----END PGP SIGNATURE----- > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > -- What our ancestors would really be thinking, if they were alive today, is: "Why is it so dark in here?" -- (Terry Pratchett, Pyramids)
- [OPSEC] Call for adoption of draft-gont-opsec-ip-… Warren Kumari
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Warren Kumari
- Re: [OPSEC] Call for adoption of draft-gont-opsec… John Leslie
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Fernando Gont
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Dave Dugal
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Warren Kumari
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Smith, Donald
- Re: [OPSEC] Call for adoption ofdraft-gont-opsec-… Panos Kampanakis
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Fernando Gont
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Ronald Bonica
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Smith, Donald
- Re: [OPSEC] Call for adoption of draft-gont-opsec… John Kristoff
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Fernando Gont
- Re: [OPSEC] Call for adoption of draft-gont-opsec… Warren Kumari