Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-security WGLC
Lorenzo Colitti <lorenzo@google.com> Wed, 20 November 2013 06:51 UTC
Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EBFF1AE35E for <v6ops@ietfa.amsl.com>; Tue, 19 Nov 2013 22:51:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.525, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CkHJdNHhUStP for <v6ops@ietfa.amsl.com>; Tue, 19 Nov 2013 22:51:07 -0800 (PST)
Received: from mail-ie0-x22f.google.com (mail-ie0-x22f.google.com [IPv6:2607:f8b0:4001:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 9598F1AE35D for <v6ops@ietf.org>; Tue, 19 Nov 2013 22:51:07 -0800 (PST)
Received: by mail-ie0-f175.google.com with SMTP id u16so12623822iet.20 for <v6ops@ietf.org>; Tue, 19 Nov 2013 22:51:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=me5EGiaco+gdh1/Of3zgSVbdvAMjVQm2hOTmPy5L0ro=; b=ThecD09ds0FWlk8zwv3GxY1jHBCEKjw7afb0rZOBk6tv/qJD27uAMJZw/UqqlpJ8G8 WcaKVd7Q7/mTYYLv8nOu06WhLLYe85d3v3q1FTggTtK2Qw0S+VkzL/tVFn0f9Khk868w QrWY8HsQxWKcxck/GNEeTv4DtjIZt59hiJOsTXZJk/qQ57qQKGdSh355VRsxCaojkUHc Mv5dW/CAIcTAkRPbAsbgyoUeWBuBKekluO6m5P8rgZCVV1R3d0C0G4I4UkTJ7iFQBedS ySGPG/Vbqqnvx6F8WZ+HypkWgL9n/QHqWHAEs3huBCKtbhiThDhYbWhQEXceaAsZtq8O oFgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=me5EGiaco+gdh1/Of3zgSVbdvAMjVQm2hOTmPy5L0ro=; b=TmuZ6+w26hXem09KKLoU2EAybzDSNLuEZoLNKkh5t6fNF+ERy1QP+TacRKVVDRyeWY /Q4BzlvXDVIc6VDAFC1ly+UYisefZD9fs4qa71N8Fpu5buoqTc+XexSyveCgdH3GSHg/ sxEANZq43CmnZSorfyXDEm0SnN/EFTIdSMzqB9oWuSi2GAQSQSCeMvy2SFT2AFdxa2BB +7M2PcJiU76TyYUFqW7PxoQm55wk3hNV2YaKG9Png+JLPtsKCf49JQnblcj2GAGnQpKO QmM1igcwN9QQu1uzAPcktFmoomPVcsJuWymKH1T6g6hh96f/OutFo8FmqetLlAkH2onp U61w==
X-Gm-Message-State: ALoCoQl3yjvSdwc27h8qnTLG+OpE8errKk2k7VFsuug2lAAzC5zH4Vimo2tuKYbrLqN++WYig24txx/OIiGYXS4ZkLO7WEq04jl2MThda2B/1v7/9nxy61WK868S+vtPnMD4gSOg7lRpa55e6d9POpqP1yNrkQiXVSmYyMpQ1ULFgtQUTTMOK2kgIlwHZ57yyfnN41FyGx90
X-Received: by 10.50.43.131 with SMTP id w3mr22277294igl.17.1384930261145; Tue, 19 Nov 2013 22:51:01 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.86.106 with HTTP; Tue, 19 Nov 2013 22:50:41 -0800 (PST)
In-Reply-To: <5288FC15.5080508@globis.net>
References: <201311101900.rAAJ0AR6025350@irp-view13.cisco.com> <CAB0C4xOfz_JAjEEJZ-Zz7MBEyZhVzrAE+8Ghf1ggC3+9pyHmNg@mail.gmail.com> <989B8ED6-273E-45D4-BFD8-66A1793A1C9F@cisco.com> <5288FC15.5080508@globis.net>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Wed, 20 Nov 2013 15:50:41 +0900
Message-ID: <CAKD1Yr1gQ8r80NxbJwxbNc8esm1ekk1JGMUoQo712CpvLJ8ogw@mail.gmail.com>
To: Ray Hunter <v6ops@globis.net>
Content-Type: multipart/alternative; boundary="047d7bfea18641415d04eb9634a1"
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>
Subject: Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-security WGLC
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2013 06:51:09 -0000
On Mon, Nov 18, 2013 at 2:25 AM, Ray Hunter <v6ops@globis.net> wrote: > Summary: I don't have answers to my own points below, but neither does > this draft, so whilst I welcome the authors sharing their experiences, I > can't support publishing it as-is as a v6ops WG document. > > The bottom line is that I wouldn't be happy if my own ISP adopted the > policy exactly as-documented in the draft. > Would you be happier if your ISP implemented the "simple security" recommendations in RFC 6092 and dropped all unsolicited packets to your network except IPsec? I think we probably need something more sophisticated. And being > realistic, we're probably not yet ready to write it. > So let's not throw out the baby with the bathwater then? This group exists to share operational experience, and that is what this draft does. It does not make any recommendations; even the rules it presents are examples. I can't see anyone construing this as a recommendation or endorsement of any sort. We published RFC 6092. Why shouldn't we publish this one? It seems to me that there's no real difference between this document and RFC 6092; fundamentally, they both simply describe a security profile without making any claim about whether it is a recommended profile. If anything, at least this one has the advantage that it was deployed before it was standardized... I support this document.
- [v6ops] draft-ietf-v6ops-balanced-ipv6-security W… Fred Baker
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Tarko Tikan
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Marc Lampo
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Guillaume Leclanche
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Guillaume Leclanche
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mikael Abrahamsson
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… cb.list6
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Ted Lemon
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… cb.list6
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Tore Anderson
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mikael Abrahamsson
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Tarko Tikan
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Marc Lampo
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mikael Abrahamsson
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mark ZZZ Smith
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Ted Lemon
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Tarko Tikan
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Ted Lemon
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Marc Lampo
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Tarko Tikan
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mikael Abrahamsson
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mark Andrews
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mikael Abrahamsson
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Marc Lampo
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mikael Abrahamsson
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Brian E Carpenter
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Sander Steffann
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Marc Lampo
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mikael Abrahamsson
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… joel jaeggli
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… joel jaeggli
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Tassos Chatzithomaoglou
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… cb.list6
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mark ZZZ Smith
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mark ZZZ Smith
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Tassos Chatzithomaoglou
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Ray Hunter
- [v6ops] draft-ietf-v6ops-balanced-ipv6-security W… Fred Baker
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Marc Lampo
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Joe Touch
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mikael Abrahamsson
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… de =?iso-8859-1?q?Br=FCn?=, Markus
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Marc Lampo
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mark ZZZ Smith
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Marc Lampo
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Ray Hunter
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Marc Lampo
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Ray Hunter
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Lorenzo Colitti
- [v6ops] RFC 6092 [was draft-ietf-v6ops-balanced-i… Brian E Carpenter
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mark ZZZ Smith
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Mark ZZZ Smith
- Re: [v6ops] RFC 6092 [was draft-ietf-v6ops-balanc… Marc Lampo
- Re: [v6ops] RFC 6092 [was draft-ietf-v6ops-balanc… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Ray Hunter
- Re: [v6ops] RFC 6092 [was draft-ietf-v6ops-balanc… Brian E Carpenter
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Ray Hunter
- Re: [v6ops] RFC 6092 [was draft-ietf-v6ops-balanc… cb.list6
- Re: [v6ops] draft-ietf-v6ops-balanced-ipv6-securi… Brian E Carpenter