Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Mon, 08 February 2021 16:24 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78CDC3A10EB for <opsec@ietfa.amsl.com>; Mon, 8 Feb 2021 08:24:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=U9DiNC3c; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=lCrRli05
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id udFnTe9dd1RN for <opsec@ietfa.amsl.com>; Mon, 8 Feb 2021 08:24:54 -0800 (PST)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F9C53A10F3 for <opsec@ietf.org>; Mon, 8 Feb 2021 08:24:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12382; q=dns/txt; s=iport; t=1612801495; x=1614011095; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=EcVjAp4j467xCkWVkLTlNryLwPWD8P8sUIabiYMITps=; b=U9DiNC3c8OlHbs1ScIcUSA7QfTxyLItRbwFNGDXSygpB/25XUR8LjmTY tEsjJW0ol7nUk33k8YsGcH0DJZg7Xo4cZtXVtOiCnt6qBrQA5DGm1U0k9 1XU7n3CGi0tKO5MYKmlVgTibOs4T6bKqqtXcf2KkYMyqhH2iyLjWhteiy 4=;
IronPort-PHdr: =?us-ascii?q?9a23=3AW5NQ3BVqTLiiy/fJI3SP4ohHhmLV8LGuZFwc94?= =?us-ascii?q?YnhrRSc6+q45XlOgnF6O5wiEPSBNyHuf1BguvS9avnXD9I7ZWAtSUEd5pBH1?= =?us-ascii?q?8AhN4NlgMtSMiCFQXgLfHsYiB7eaYKVFJs83yhd0QAHsH4ag7dp3Sz6XgZHR?= =?us-ascii?q?CsfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wR?= =?us-ascii?q?zM8XY=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AFCgBiZSFg/51dJa1fAx0BAQEBCQE?= =?us-ascii?q?SAQUFAUCBT4FTIy4Hdlo2MYRBg0gDjg8Dih+OfYFCgREDVAsBAQENAQEYCwo?= =?us-ascii?q?CBAEBgVaCdQIXgWsCJTgTAgMBAQsBAQUBAQECAQYEcYVhDYVxAQEBAwEBASE?= =?us-ascii?q?RDAEBByULAQsCAgIBCBEDAQIBAgIRFQICAhkGBgsVCAgCBA4FFIMSAYJVAw4?= =?us-ascii?q?gAQ6kBwKKJXaBMoMFAQEGgTcCDkFEgjgNC4ISCQWBCSqCd4JsBVBHhB2CJyY?= =?us-ascii?q?bgUE/gTgcglY+ghtCAQECAQEVfxIBEgE4Ch4IglI0giyBTxqBHyYBAw0kIAI?= =?us-ascii?q?UDg0BIQoWJxwYFzAYHB0QA5AVB4JmQaRwWwqCeok2jSSFKQMfgy6BM4kTkDm?= =?us-ascii?q?EdZY6iSODAY5fE4RYAgICAgQFAg4BAQaBbSNncHAVGiEqAYI+CUcXAg2OIYN?= =?us-ascii?q?xhRSFRXQCMgMCBgEJAQEDCXyLHAEB?=
X-IronPort-AV: E=Sophos;i="5.81,162,1610409600"; d="scan'208";a="858351932"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Feb 2021 16:24:53 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id 118GOqYk014966 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 8 Feb 2021 16:24:52 GMT
Received: from xfe-aln-003.cisco.com (173.37.135.123) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 8 Feb 2021 10:24:52 -0600
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Mon, 8 Feb 2021 10:24:51 -0600
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 8 Feb 2021 11:24:51 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QKAdyX/pKVHCaxdwhrHRmcyuXdwhqgQBCvXDsSoOvqD8Dn6jw/jgJZ/ynTp8bB9W3lg2p9ZJ9CO5nsTAh0WpSp1ntJs9Mf05HrvVFtjZLhODoJXFOUG3C0dvenI+4lKnemqJYGkx/lXJkLw2+a6DG3JUQQRV0gG77b/zvr25Uy6aDD5pZNt+512AIwY3Im3HoZ2Qb807h8sonfr/kiOlYpjJsWI+o2I2z/uYor/vOwBhjmROdqKv2JYvemxIDfYig7UO4lXLRErJiP+hPOsnMy5b7+MOQ5xOmL65JD5GAdfMsrrpwTUUtsq8Wla+g3w00JxOjfQIwuGU7aIblsmnhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EcVjAp4j467xCkWVkLTlNryLwPWD8P8sUIabiYMITps=; b=DG8GgIpVub2jZmI78h1pDYSl4Xiu1wUZZbKy3cvShWu27qhdcyhe8WIibF4eGQKeCPaKBKluuBIomXmWNd9iNKEnGd3dFCHtgOvKD3iKygaHIWsLhJ9z4QDskQNWlpThutk3K84nb76QedmUTbemCBvl7bj/ZVwXlD2euWfV2j8ciM1WbDDDu1D/D8b7mwPQz6NwyJhMBE95AOqOdxVUC9JJlqYiMQPoHwcAbQBKhhQM/io4HXgwmn8k0Nm6Z42ZFpFDo2kBgUNG04qOfRdpLGRVWxhr/fHkLmfIRpTY0lyESlwwA+h+i+MEl2CSKLNmFnzMDgbNS2GvoUqOfO7UvQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EcVjAp4j467xCkWVkLTlNryLwPWD8P8sUIabiYMITps=; b=lCrRli05lddiCbTmiGwzxw1RTyVe7R/EaQKKQEzpQsvGdt36si1JKgOdnAk+CRJEhifwiDvu+p8s50sXD6cPROkdbj8EQ5jhlr9p/3wVrD5po0hhBRwtcL11Q383QYumH/bnKM6B/nwyLAgUIaIahslBxIe3dd2wGTUI48b+il8=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB5000.namprd11.prod.outlook.com (2603:10b6:510:41::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.23; Mon, 8 Feb 2021 16:24:50 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::7d4c:6b05:89aa:85b]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::7d4c:6b05:89aa:85b%3]) with mapi id 15.20.3825.030; Mon, 8 Feb 2021 16:24:50 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Bob Hinden <bob.hinden@gmail.com>
CC: Gyan Mishra <hayabusagsm@gmail.com>, "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt
Thread-Index: AQHVkxvTCwtKb9Pe4UuuiLsWFfIPgg==
Date: Mon, 8 Feb 2021 16:24:50 +0000
Message-ID: <F258731C-5D41-43A6-AE6F-6160C6FA7A69@cisco.com>
References: <157281820483.13177.8617036261217670675@ietfa.amsl.com> <82AA0F9C-7836-464F-8F19-69FEDB197D53@gmail.com> <1AAA80C6-080B-492D-ABC9-645B9CEFDC99@cisco.com> <CABNhwV3AjvdExSin+etj8tF9Tzt-0VB45Nmb3hwV_REVPmiO8g@mail.gmail.com> <3BB16B9C-9065-466B-9A9A-51C5D314E126@cisco.com> <E52D2FF2-A02D-4DCC-B82F-21A0BFD8607D@gmail.com>
In-Reply-To: <E52D2FF2-A02D-4DCC-B82F-21A0BFD8607D@gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:a139:7459:c380:8975]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1e2a3c3f-8eb0-4ff7-e25d-08d8cc4e0f16
x-ms-traffictypediagnostic: PH0PR11MB5000:
x-microsoft-antispam-prvs: <PH0PR11MB5000BE4D703CCC18D6EBA45FA98F9@PH0PR11MB5000.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: AiZkVAmhYYnrlTw3yorjPWOyS9Y61Q1eFSTRKm4Q/LgNLWDUsbsufzukuHVgMakWCF7jbP8TDrWPiAM3EhWK/7WehPw/sdW5kdtXSDFgP5wbl3W2GxdZrsvSDhxNAs9I9C4URNsT5ZFpxgvlK/LfUdhME9mjwqP5EFwBLK8KJA92glcVOpRwAMcxN2FOHOKDOTOA/G+IlfppAZGTA4vnc+XH1ae2LthxEvYXqhLahZdfYXUEvtzCOMZlutAskMTTrV+QydufzemywoYlBClG0IOA6pZ/VY4FjT5hsADgH/4ekNm+4dtV2M7w+nDXnFMv8l0NBRX40vnA9UauBiFAbnH+Tv1nfOgnns9vSXZPgK07nyE303VnCy1GkKRTToKhiHo/G7i318aDqQgKytEWExik9AONO97wiH37XJ3b6AYTTvbiX43G5zsJ5DyB6eeLVKPkouWoVgitdF6q8SwBZUHGiD8FcqWlQsvzs8H6nIYxoJct0QtJcCtQlVlB6FfvWRJKsjkFSunswwOWSvhjYbLLguIVMTGYRfKQZhc/JILYW6oW83uyJ44QrdxvAtHfckPabJm39h1emafgJOi1MIyEX0u23BDUw7fyyhpAGkqoP1PFyggh+hFS+9Av2gSX2qPgFHlfZuQ3HrxqpiHvlA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(366004)(376002)(396003)(39860400002)(346002)(2616005)(15974865002)(186003)(6486002)(36756003)(478600001)(2906002)(71200400001)(76116006)(6506007)(8936002)(53546011)(64756008)(83380400001)(66556008)(316002)(966005)(33656002)(66446008)(66946007)(66476007)(5660300002)(6512007)(4326008)(45080400002)(91956017)(8676002)(66574015)(6916009)(86362001)(54906003)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?bG9DdlhHS1FHSElvUWY3UVhndjVLbEloTzIzU0htWTJISEk4SzQ1QmxzT1Az?= =?utf-8?B?OVFHUkM4ZXpwRnNKZUgrZENxZHRualFjZDMwU2lBS3FhWG9HYUZDSjNHYi92?= =?utf-8?B?SzBIQyt2QTlOTk9WV3ljR3BiYlBBWFBWVXJhREpPd3U3QXhoeUFNL1BIZUY4?= =?utf-8?B?b2VsQzFIcTY5WW16MEcvTkF6ZnZjVGRWTTY5T1hQVUFnc1ZWVWtwMWFiSnpD?= =?utf-8?B?eDk5R2x4T0dmT3FQcnRkRVhNUjEzVmhseFVGWStiWVMyemphWHpCKzYwRWIy?= =?utf-8?B?eVZZcnp3eFVNSUt0cUhyKzJtWXJUWG5BOUxYWGpiYmw0NjFUR0lKSkVRR2Iy?= =?utf-8?B?ZHo4N1BJa1ltV3JoNXcyMkdCbmhEMVlQQTlQRGxFd295UlkwS2gyTmhpdEtm?= =?utf-8?B?Z2RhaTlBbjE3YXBaZWNDem5VdzllV1BIUXdHM2NvS0JxTzU3cTIxZ3VOOGFo?= =?utf-8?B?SFNoNFIwZ2JVVHM2UmMyVkZ4Ny9YOVBKVFp6cFp6Mmc5Vlc4NzNkbW1JRE9q?= =?utf-8?B?a3VjSGY3QTI5dnpRL01SdlBpRXQ4TjRYbGk5RjNTVXErRU96cGdUNTlsS21n?= =?utf-8?B?M05aZnpGVlZTWjU3YVVzcGxEL2tMTHNidXFPN2FlTkkrRVpMZnB1cWhWQWpp?= =?utf-8?B?M2lva1MxdmovSFNpZnBENE5WTmh2Wnc5clZrZVZuMm5nWmZ5YUhKa0p6d0RB?= =?utf-8?B?UHplaWJjeHBTMnYrQ1JNVmNhUVZkYmhnRThqcUM4TDJWRG1TeHVSTHlieC82?= =?utf-8?B?OFFyUC9JY2VGcExtUVhRYk9NM0lBdzRZc1NHVXpPcWoxeXNCZ3RIbi9jaExW?= =?utf-8?B?dktjaTRSc3ZiWE1aYTB3SVpuMzYzUDJuU245WUkrNW1HcWJDMzVLSitDc3ZB?= =?utf-8?B?UWF5SmRrVjhKejZjRjFwY0tydVRqb2ppWktvdURmSnRSZWZ1amt2eFhxNStQ?= =?utf-8?B?UENCc0lESjljQTdENnhwdjV4U2lXNUw3OTNvQTZhZ0pxTzdlSGdCeGdtN3Yr?= =?utf-8?B?b1htY0VxeHV6Z01qbDE0MytoNm1qd0VjdHMvdmFleW83SEdHUWt3VHJTSzJO?= =?utf-8?B?NzlGUkZKWUZ5cVJxdlZzSER2cWF5NUxnVm16NWZvV2Y1eDdzVjh1T3l4dmNR?= =?utf-8?B?cTdCMkpqbHk2UTdHWGwxMldrT1hwamxYQkhxc0tRV0tGRkU5VVRPdTI5b3N1?= =?utf-8?B?RFJLeDFUZHdKN2cvWExTRXJtdDRJREs2TlpiUUcxaTJhYmlDOTRCZ29vRmJC?= =?utf-8?B?RnZLVDJpUDVyYTAvNmhOcjhzb1V5YUFzQStNNUVWbXI1R2lNQmpmSkoxN2Zm?= =?utf-8?B?TEZmQ0R2VVllZWVRNUppSDVqZnpZMHdLay8rZ0pMczJwdC91RjdncUxLWkl1?= =?utf-8?B?bWZxUFdOY3NpaWhqYk1tNUtxK0ZoV1hWSDljM1FrR3c1WjR5Qk84TklyNzRT?= =?utf-8?B?NnZna3BPcjJHcU1keDAyWTlHeGx4WkZ4YUxMTmMvS3p5Rmhyd2hTREZlQ3Yx?= =?utf-8?B?em50RUNwWjNNekx6TDFPd0xqSzdWbTdoY2E0RDVzcjF3V0MzOXF3M28wcXlO?= =?utf-8?B?Ni9YZFhTZkNQWVBycWlicEFja2o0eGhDdUdJNlRlMmx3cDZGOUJGZWN2bDNu?= =?utf-8?B?Z20ySmhhbEFjU2p4TzVMNEM2R2M2Z3lmSjY2YnFzbWhzL3owRWF3ZHRyVnRZ?= =?utf-8?B?YUdvOEg3Y1NGdlVpaERwN21qT1FjdGpLZHh3OWNSaXlxbnpEYXdnaG40Tkds?= =?utf-8?B?L0tTNHgwWWJuOHp6bFhuYjk3TUxHYUh4cFZHQXBzSW5aRVFzdXlQak1QR1ZL?= =?utf-8?B?QWUwck9MblRuMGErbEtzSFE4NWRZaHRTVE5IRXZEZ3VZYkhMT3ZSdzE0RlBN?= =?utf-8?Q?2+72eoO21h/UI?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <E25FF84531F89942A55C2D10D90AF381@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1e2a3c3f-8eb0-4ff7-e25d-08d8cc4e0f16
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Feb 2021 16:24:50.3507 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YTHPdnQnOzp5Dj+m89+54jOSoiOT0Mn2JhUDE/G3a1PGJw6d0AoTaCKF+7kvY7q390AA4YSnKRHlh7ooCcgS7w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5000
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/kzUQoTbyHh9wHchTbcMMRaYt9V4>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2021 16:24:57 -0000

Hello Bob,

Better late than never...

Based on your feedback, the new text reads now as:

" 2.2.2.  Hop-by-Hop Options Header

   The hop-by-hop options header, when present in an IPv6 packet, forced
   all nodes implementing the previous IPv6 specification [RFC2460] to
   inspect and possibly process this header.  This enabled denial-of-
   service attacks as most, if not all, routers could process this kind
   of packets in hardware but have to process this packet in software
   hence competing with other software tasks as handling the control and
   management planes.

   Section 4.3 of the current Internet Standard for IPv6, [RFC8200], has
   taken this attack vector into account and made the processing of hop-
   by-hop options header by intermediate routers explicitly
   configurable."

The new text looks clearer and more accurate (thanks to your suggestion). Do you have any more comment on this text ?

Regards,

-éric

-----Original Message-----
From: Bob Hinden <bob.hinden@gmail.com>
Date: Saturday, 9 November 2019 at 17:46
To: Eric Vyncke <evyncke@cisco.com>
Cc: Bob Hinden <bob.hinden@gmail.com>om>, Gyan Mishra <hayabusagsm@gmail.com>om>, "opsec@ietf.org" <opsec@ietf.org>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt

    Eric,

    > On Nov 8, 2019, at 11:57 PM, Eric Vyncke (evyncke) <evyncke@cisco.com> wrote:
    > 
    > Gyan
    > 
    > Thank you very much for your shepherd write-up, very much appreciated by the authors.
    > 
    > The list of the ‘obsoleted’ references is intentional indeed to ensure that readers understand that ‘old’ documents have been replaced. The text in the document is clear about the obsolete and current document. So, we do prefer to leave the references like they are as we believe that they make the document more valuable for the reader.

    I went back and reread this.  The text:

       2.2.2.  Hop-by-Hop Options Header

       The hop-by-hop options header, when present in an IPv6 packet, forces
       all nodes in the path to inspect this header in the original IPv6
       specification [RFC2460].  This enables denial of service attacks as
       most, if not all, routers cannot process this kind of packets in
       hardware but have to 'punt' this packet for software processing.
       Section 4.3 of the current Internet Standard for IPv6, [RFC8200], has
       taken this attack vector into account and made the processing of hop-
       by-hop options header by intermediate routers optional.

    I don’t understand why this is talking about RFC2460 at all.  Seems like it would less confusing to only describe what is in RFC8200.  Nor is “punt” correct way to describe this.   Way too colloquial.

    Describing RFC8200 behavior as “optional" is quite right, RFC8200 says:

       ...now expected that nodes along a packet's delivery path only examine and process the
          Hop-by-Hop Options header if explicitly configured to do so

    It’s not optional if configured to do so.  It would be better to use the RFC8200 words.

    Lastly the “Original" IPv6 Specification was RFC1883.

    Bob

    p.s. I agree about the references to RFC 3068 and RFC 3627.







    > 
    > Regards
    > 
    > -éric
    > 
    > From: Gyan Mishra <hayabusagsm@gmail.com>
    > Date: Saturday, 9 November 2019 at 08:28
    > To: Eric Vyncke <evyncke@cisco.com>
    > Cc: "opsec@ietf.org" <opsec@ietf.org>rg>, "i-d-announce@ietf.org" <i-d-announce@ietf.org>
    > Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt
    > 
    > Eric
    > 
    > I submitted the shepherd write-up.
    > 
    > I ran the idnits and it found the following obsolete references.  We should clear that up before we publish it.  I can update my comments on that once the draft is updated.
    > Checking references for intended status: Informational
    >   ----------------------------------------------------------------------------
    > 
    >   -- Obsolete informational reference (is this intentional?): RFC 2460
    >      (Obsoleted by RFC 8200)
    > 
    >   -- Obsolete informational reference (is this intentional?): RFC 3068
    >      (Obsoleted by RFC 7526)
    > 
    >   -- Obsolete informational reference (is this intentional?): RFC 3627
    >      (Obsoleted by RFC 6547)
    > 
    > Thank you
    > 
    > Gyan
    > 
    > On Mon, Nov 4, 2019 at 9:38 AM Eric Vyncke (evyncke) <evyncke@cisco.com> wrote:
    >> Hello Gyan,
    >> 
    >> Thank you for reminding the author to post the 'gist' of the changes with version -21.
    >> 
    >> Our OPS AD, Warren "Ace" Kumari,  has kindly reviewed our document and has identified more than 70 areas where the text was ambiguous or using bad English... No wonder, none of the 4 authors are English-speaking native: it is a mix of Estonian (Merike who also speaks German and Russian[1]), one of the 22 (?) language of India (KK), German (Enno who also speaks French and Spanish) and French (myself also speaking Dutch) __ __ IETF community is really diverse !
    >> 
    >> Thank you very much in advance for finalizing the shepherd write-up
    >> 
    >> -éric
    >> 
    >> [1] I can be wrong for Merike BTW but she is quadri-lingual
    >> 
    >> On 04/11/2019, 15:26, "Gyan Mishra" <hayabusagsm@gmail.com> wrote:
    >> 
    >>     Hi Eric
    >> 
    >>     Just checking what the updates are that went in v21 since this document is now ready to be published just pending my Shepard writeup which I plan to finish this week.
    >> 
    >>     Thank you
    >> 
    >>     Gyan
    >> 
    >>     Sent from my iPhone
    >> 
    >>     > On Nov 3, 2019, at 4:56 PM, internet-drafts@ietf.org wrote:
    >>     >
    >>     >
    >>     > A New Internet-Draft is available from the on-line Internet-Drafts directories.
    >>     > This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure WG of the IETF.
    >>     >
    >>     >        Title           : Operational Security Considerations for IPv6 Networks
    >>     >        Authors         : Eric Vyncke
    >>     >                          Kiran Kumar Chittimaneni
    >>     >                          Merike Kaeo
    >>     >                          Enno Rey
    >>     >    Filename        : draft-ietf-opsec-v6-21.txt
    >>     >    Pages           : 52
    >>     >    Date            : 2019-11-03
    >>     >
    >>     > Abstract:
    >>     >   Knowledge and experience on how to operate IPv4 securely is
    >>     >   available: whether it is the Internet or an enterprise internal
    >>     >   network.  However, IPv6 presents some new security challenges.  RFC
    >>     >   4942 describes the security issues in the protocol but network
    >>     >   managers also need a more practical, operations-minded document to
    >>     >   enumerate advantages and/or disadvantages of certain choices.
    >>     >
    >>     >   This document analyzes the operational security issues in several
    >>     >   places of a network (enterprises, service providers and residential
    >>     >   users) and proposes technical and procedural mitigations techniques.
    >>     >   Some very specific places of a network such as the Internet of Things
    >>     >   are not discussed in this document.
    >>     >
    >>     >
    >>     > The IETF datatracker status page for this draft is:
    >>     > https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/
    >>     >
    >>     > There are also htmlized versions available at:
    >>     > https://tools.ietf.org/html/draft-ietf-opsec-v6-21
    >>     > https://datatracker.ietf.org/doc/html/draft-ietf-opsec-v6-21
    >>     >
    >>     > A diff from the previous version is available at:
    >>     > https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-21
    >>     >
    >>     >
    >>     > Please note that it may take a couple of minutes from the time of submission
    >>     > until the htmlized version and diff are available at tools.ietf.org.
    >>     >
    >>     > Internet-Drafts are also available by anonymous FTP at:
    >>     > ftp://ftp.ietf.org/internet-drafts/
    >>     >
    >>     > _______________________________________________
    >>     > OPSEC mailing list
    >>     > OPSEC@ietf.org
    >>     > https://www.ietf.org/mailman/listinfo/opsec
    >> 
    >> 
    > 
    > 
    > --
    > Gyan S. Mishra
    > IT Network Engineering & Technology
    > Verizon Communications Inc. (VZ)
    > 13101 Columbia Pike FDC1 3rd Floor
    > Silver Spring, MD 20904
    > United States
    > Phone: 301 502-1347
    > Email: gyan.s.mishra@verizon.com
    > www.linkedin.com/in/networking-technologies-consultant
    > 
    > _______________________________________________
    > OPSEC mailing list
    > OPSEC@ietf.org
    > https://www.ietf.org/mailman/listinfo/opsec