Re: [secdir] secdir review of draft-ietf-opsec-protect-control-plane-04
Ronald Bonica <rbonica@juniper.net> Tue, 14 December 2010 16:05 UTC
Return-Path: <rbonica@juniper.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AAC0E3A6FB6; Tue, 14 Dec 2010 08:05:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.371
X-Spam-Level:
X-Spam-Status: No, score=-106.371 tagged_above=-999 required=5 tests=[AWL=0.228, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DNMomtGCJQl1; Tue, 14 Dec 2010 08:05:22 -0800 (PST)
Received: from exprod7og104.obsmtp.com (exprod7og104.obsmtp.com [64.18.2.161]) by core3.amsl.com (Postfix) with ESMTP id 6CD323A6FB1; Tue, 14 Dec 2010 08:05:21 -0800 (PST)
Received: from source ([66.129.224.36]) (using TLSv1) by exprod7ob104.postini.com ([64.18.6.12]) with SMTP ID DSNKTQeWI2ERhf8cgx5efC5imKjabrj1oyQP@postini.com; Tue, 14 Dec 2010 08:07:03 PST
Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by P-EMHUB03-HQ.jnpr.net (172.24.192.37) with Microsoft SMTP Server (TLS) id 8.2.254.0; Tue, 14 Dec 2010 08:04:26 -0800
Received: from EMBX01-WF.jnpr.net ([fe80::8002:d3e7:4146:af5f]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Tue, 14 Dec 2010 11:04:26 -0500
From: Ronald Bonica <rbonica@juniper.net>
To: Sean Turner <turners@ieca.com>, Glen Zorn <gwz@net-zen.net>, "draft-ietf-opsec-protect-control-plane@tools.ietf.org" <draft-ietf-opsec-protect-control-plane@tools.ietf.org>
Date: Tue, 14 Dec 2010 11:04:25 -0500
Thread-Topic: secdir review of draft-ietf-opsec-protect-control-plane-04
Thread-Index: Acubpr/14Cwlsd7NSeGL8pAU0+7LHwAAaimQ
Message-ID: <13205C286662DE4387D9AF3AC30EF456B02F2A46AC@EMBX01-WF.jnpr.net>
References: <001201cb9b59$acd02d70$06708850$@net> <4D07926A.9030007@ieca.com>
In-Reply-To: <4D07926A.9030007@ieca.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Wed, 15 Dec 2010 00:36:03 -0800
Cc: "opsec-chairs@tools.ietf.org" <opsec-chairs@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-opsec-protect-control-plane-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Dec 2010 16:05:23 -0000
Authors, I think that we can correct this problem with an RFC editors note before the telechat on Thursday. Could one of you please provide the updated text? Ron > -----Original Message----- > From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On Behalf Of > Sean Turner > Sent: Tuesday, December 14, 2010 10:51 AM > To: Glen Zorn; draft-ietf-opsec-protect-control-plane@tools.ietf.org > Cc: opsec-chairs@tools.ietf.org; iesg@ietf.org; secdir@ietf.org > Subject: Re: secdir review of draft-ietf-opsec-protect-control-plane-04 > > I hoping that this was a typo. I pulled out all the registered RADIUS > ports from http://www.iana.org/assignments/port-numbers and 1645/1646: > > sightline 1645/tcp SightLine > sightline 1645/udp SightLine > # admin <iana&sightlinesystems.com> > sa-msg-port 1646/tcp sa-msg-port > sa-msg-port 1646/udp sa-msg-port > # Eric Whitehill <Eric.Whitehill&itt.com> > > > radius 1812/tcp RADIUS > radius 1812/udp RADIUS > # [RFC2865] > radius-acct 1813/tcp RADIUS Accounting > radius-acct 1813/udp RADIUS Accounting > # [RFC2866] > radsec 2083/tcp Secure Radius Service > radsec 2083/udp Secure Radius Service > # Mike McCauley <mikem&open.com.au> May 2005 > radius-dynauth 3799/tcp RADIUS Dynamic Authorization > radius-dynauth 3799/udp RADIUS Dynamic Authorization > # RFC 3576 - July 2003 > > Should 1812 & 1813 be listed or also 2083 & 3799? > > spt > > On 12/14/10 1:39 AM, Glen Zorn wrote: > > I have reviewed this document as part of the security directorate's > ongoing > > effort to review all IETF documents being processed by the IESG. > These > > comments were written primarily for the benefit of the security area > > directors. Document editors and WG chairs should treat these > comments just > > like any other last call comments. > > > > Section 3.1 says: > > > > o Permit RADIUS authentication and accounting replies from > RADIUS > > servers 198.51.100.9, 198.51.100.10, 2001:DB8:100::9, and > 2001: > > DB8:100::10 that are listening on UDP ports 1645 and 1646. > Note > > that this doesn't account for a server using Internet Assigned > > Numbers Authority (IANA) ports 1812 and 1813 for RADIUS. > > > > So, in other words, RADIUS traffic on the ports (officially assigned > for > > more than ten years now) will be blocked. This seems like a very > poor > > example. > > > > > > > >
- [secdir] secdir review of draft-ietf-opsec-protec… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Sean Turner
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Sean Turner
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Carlos Pignataro (cpignata)
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Carlos Pignataro (cpignata)
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Carlos Pignataro (cpignata)
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Joe Abley
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Rodney Dunn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Joe Abley
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Rodney Dunn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Ronald Bonica
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Joe Abley
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Carlos Pignataro (cpignata)