IETF Logo Mail Archive

Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-opsec-dhcpv6-shield-05: (with DISCUSS and COMMENT)

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 08 February 2015 04:14 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D5461A016C; Sat, 7 Feb 2015 20:14:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gvAjzXUKphNF; Sat, 7 Feb 2015 20:14:19 -0800 (PST)
Received: from mail-pa0-x229.google.com (mail-pa0-x229.google.com [IPv6:2607:f8b0:400e:c03::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24B561A0081; Sat, 7 Feb 2015 20:14:19 -0800 (PST)
Received: by mail-pa0-f41.google.com with SMTP id kx10so1828169pab.0; Sat, 07 Feb 2015 20:14:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=ALyMcc3lVGpnV0s7g4lesdVnwyBsgy9+nuc2OTKbtqs=; b=lLUisq1FCJ27J/Pp5lbB69Im39ZZSrdaaxpD5VSZAxH5Bon82NUqBnoaGoU8fBmVU7 JD5P1Ub2I+RURNXzlE+oRUDUvF6gp3VF72EC+Nf+WXYF24/7tonHGQ9NYdN0qQ/xtQOm WSU8duhET2B30ByYaiweuaD/wEbIXwmelsxximiIWVO3nvpOPcyDWxilBZyW6z7HD5xb krBmqvjAQPBQ3KRhvoHKMLEuBHTGV+vRX5A8axoybChIxbksHnGP5p+Z6pusO/S/9OW2 A+Yobi+4h03mw61B4w8HqcbaOmaSKi5LxBiVXp8b/kMArQ4ebMS25m3D24jkgHvCm7OH 4GQw==
X-Received: by 10.66.65.138 with SMTP id x10mr18078893pas.74.1423368858435; Sat, 07 Feb 2015 20:14:18 -0800 (PST)
Received: from ?IPv6:2406:e007:67be:1:28cc:dc4c:9703:6781? ([2406:e007:67be:1:28cc:dc4c:9703:6781]) by mx.google.com with ESMTPSA id fx1sm12389380pdb.35.2015.02.07.20.14.13 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 07 Feb 2015 20:14:17 -0800 (PST)
Message-ID: <54D6E294.0@gmail.com>
Date: Sun, 08 Feb 2015 17:14:12 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Ted Lemon <Ted.Lemon@nominum.com>
References: <20150207194616.20651.30892.idtracker@ietfa.amsl.com> <D5B607FA-9B47-4F1B-A0C1-FB0C94A97CDB@bogus.com> <FBCB9A82-C8AF-4319-9795-6402921A791E@nominum.com> <54D6A719.1010401@gmail.com> <E5880069-B8E0-4BEA-B933-08D0A826C4FE@nominum.com>
In-Reply-To: <E5880069-B8E0-4BEA-B933-08D0A826C4FE@nominum.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/opsec/lxQMATP93ycQHiTqgcwfzIJ0ICQ>
Cc: "draft-ietf-opsec-dhcpv6-shield@ietf.org" <draft-ietf-opsec-dhcpv6-shield@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, "draft-ietf-opsec-dhcpv6-shield.ad@ietf.org" <draft-ietf-opsec-dhcpv6-shield.ad@ietf.org>, "draft-ietf-opsec-dhcpv6-shield.shepherd@ietf.org" <draft-ietf-opsec-dhcpv6-shield.shepherd@ietf.org>, The IESG <iesg@ietf.org>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>
Subject: Re: [OPSEC] Ted Lemon's Discuss on draft-ietf-opsec-dhcpv6-shield-05: (with DISCUSS and COMMENT)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Feb 2015 04:14:20 -0000

On 08/02/2015 13:55, Ted Lemon wrote:
> On Feb 7, 2015, at 7:00 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>> However, I don't think you should remove this sentence and the normative reference
>> to RFC 7045:
>>
>>   [RFC7045] requires that nodes be
>>   configurable with respect to whether packets with unrecognized
>>   headers are forwarded, and allows the default behavior to be
>>   that such packets be dropped.
> 
> What does that have to do with DHCPv6 shield?   I guess I don't mind if this is included, but it seems unnecessary.

DHCPv6 Shield matches the definition of "forwarding node" given
in RFC 7045, so reminding implementers of the requirement seems
appropriate to me.

   Brian

v2.23.0 | Report a Bug | By Email