Re: [secdir] secdir review of draft-ietf-opsec-protect-control-plane-04

Joe Abley <> Tue, 14 December 2010 16:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3D3E128C0F9; Tue, 14 Dec 2010 08:53:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.585
X-Spam-Status: No, score=-102.585 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id z6tT-mirAnus; Tue, 14 Dec 2010 08:53:09 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 7AD6428B797; Tue, 14 Dec 2010 08:53:09 -0800 (PST)
Received: from [] ( by with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.71 (FreeBSD)) (envelope-from <>) id 1PSYD0-000LS2-PY; Tue, 14 Dec 2010 16:58:39 +0000
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Joe Abley <>
In-Reply-To: <>
Date: Tue, 14 Dec 2010 11:54:42 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <001201cb9b59$acd02d70$06708850$@net> <> <>
To: Carlos Pignataro <>
X-Mailer: Apple Mail (2.1082)
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
X-Mailman-Approved-At: Wed, 15 Dec 2010 00:36:03 -0800
Subject: Re: [secdir] secdir review of draft-ietf-opsec-protect-control-plane-04
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Dec 2010 16:53:10 -0000

On 2010-12-14, at 11:43, Carlos Pignataro (cpignata) wrote:

> Please note that this was intentional, as a doc produced in Opsec we intended to make it as close to the operational reality we know as possible. And our perspective was that we see more 1645/1646. 

I understand that's your perspective, which is entirely understandable given what cisco devices do by default, but I don't think it's necessarily the case that 1645/1646 are universally prevalent (at least, claims that it is ought to be balanced with some balanced, real-world observation). I take your point that juniper devices accommodate the pre-standard ports as well as the IANA-assigned ones. There are more vendors in the world than just C and J, however.

I think pointing out that 1645/1646 are also used is perfectly valid, for the reasons of operational reality that you mention, but that the examples should use 1812/1813.