Re: [OPSEC] Iotdir early review of draft-ietf-opsec-v6-21

Gert Doering <gert@space.net> Tue, 16 February 2021 10:35 UTC

Return-Path: <gert@space.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 418AA3A11C0 for <opsec@ietfa.amsl.com>; Tue, 16 Feb 2021 02:35:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=space.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4gGIgtw77xhq for <opsec@ietfa.amsl.com>; Tue, 16 Feb 2021 02:35:06 -0800 (PST)
Received: from gatekeeper1-relay.space.net (gatekeeper1-relay.space.net [IPv6:2001:608:3:85::38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5558D3A11BA for <opsec@ietf.org>; Tue, 16 Feb 2021 02:35:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=space.net; i=@space.net; q=dns/txt; s=esa; t=1613471706; x=1645007706; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=75qtKtUCynA7rKT7ywuakDC7WKOTbp98a6i0Hs49zQg=; b=hSpckqcSizw8Cr18rD1f8WNc2W/fZcaMoJOfNLzy9kPIN8sIpwXUHKbb cuSArJIA+0wISCNGlTTABmJM0jMD1l0FZfZDjkUhrkSrgL7iCamCm04sS EwGpkj3LVoC3vhfzI5QnJGKQ9sRorWNiaZjzOncK4QZEW7kGCvkChSR5b zSqtI6bcj3ihsEm8GCHYsbGTaUeRFB33OShuSvlvTiLVjJi2gVxz6mijZ sLLaAtn5uo8xYpCe0fadcdrlMYTRm43+Ov9Zr0JUu9/tKiJ4ciga1Jgrv Hekl0MCk+Ywj/mdo6CrkH8io8QKWnO8mZwhyZojaq4in6A/jT6lEj3PbQ g==;
IronPort-SDR: wpjbHAG6lm8g9DIyVoF8WKI/XWiar6Yow/cmYm/oN1EU0UWkCBpkI+m5V76MMVs3ZChckl3weL tX7tbbXlCPxxf0Y3p16x3ljH/S/IwMK0TlYgrQSElqkTecVlMbsKb8MLLiJwl98L/zrB0zaqsx IPJbZvnGUWf4u/4HI6eZLW22k2Aw/IQAtnPoxZzYKa11gpLtNI66ON25zF43sRlALKmDWZDoww JqCNh431vR6LjQNARypyVXJx2lYllk5+W9MVomPPsjVS4G1hF/dBcrsbaZi0wJ00Fgx7UvBjI5 Wxw=
X-SpaceNet-SBRS: None
Received: from mobil.space.net ([195.30.115.67]) by gatekeeper1-relay.space.net with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Feb 2021 11:35:00 +0100
X-Original-To: opsec@ietf.org
Received: from mobil.space.net (localhost [IPv6:::1]) by mobil.space.net (Postfix) with ESMTP id 2C32443B83 for <opsec@ietf.org>; Tue, 16 Feb 2021 11:34:57 +0100 (CET)
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
Received: from moebius4.space.net (moebius4.space.net [IPv6:2001:608:2:2::251]) by mobil.space.net (Postfix) with ESMTP id D409440D97; Tue, 16 Feb 2021 11:34:56 +0100 (CET)
Received: by moebius4.space.net (Postfix, from userid 1007) id CC8F7F5C59; Tue, 16 Feb 2021 11:34:56 +0100 (CET)
Date: Tue, 16 Feb 2021 11:34:56 +0100
From: Gert Doering <gert@space.net>
To: Stuart Cheshire <cheshire=40apple.com@dmarc.ietf.org>
Cc: =?iso-8859-1?Q?=C9ric?= Vyncke <evyncke@cisco.com>, Ted Lemon <mellon@fugue.com>, "opsec@ietf.org" <opsec@ietf.org>, Warren Kumari <warren@kumari.net>
Message-ID: <YCuf0JXkQLngR2Y1@Space.Net>
References: <157394737956.25908.2003745932020934234@ietfa.amsl.com> <DA7A5C72-C893-4240-A716-B0BD37122916@doubleshotsecurity.com> <7BCD5A24-D200-48F9-8410-7F1D5BA28B28@cisco.com> <20F36D91-A80F-49F8-9820-BAB18BACB4B5@fugue.com> <2B0A426F-9414-4FC2-99A1-DF71D495F02C@cisco.com> <99FA8310-CDA8-4FCA-90F9-FE0952D95D93@fugue.com> <1EA99726-2050-4B05-8D8F-924A52D2303E@apple.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1EA99726-2050-4B05-8D8F-924A52D2303E@apple.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/nfFgVffoo83H8x6BlIvuaV0mQkY>
Subject: Re: [OPSEC] Iotdir early review of draft-ietf-opsec-v6-21
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Feb 2021 10:35:10 -0000

Hi,

On Mon, Feb 15, 2021 at 07:33:47PM -0800, Stuart Cheshire wrote:
> Thank you Éric for making this change.
> 
> If ISPs were to to implement and enable RA-Guard in ISP-supplied home gateways, that would break both Apple HomeKit and the upcoming Project Connected Home over IP <https://www.connectedhomeip.com/>. 

Why so?    What sort of RAs are these devices sending to the network
shared with the "home gateway"?

> It would be a pity to break residential IoT in the infancy of the IoT industry, and it would create a lot of support telephone calls for Apple, other residential IoT vendors, and ISPs.

If "basic network hygiene" creates support calls, something is not right.

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279