IETF Logo Mail Archive

Re: [v6ops] Asking for a review of draft-ietf-opsec-v6-08

Markus deBruen <linkedin@xn--debrn-nva.de> Wed, 15 June 2016 13:05 UTC

Return-Path: <linkedin@xn--debrn-nva.de>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1365A12D677; Wed, 15 Jun 2016 06:05:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4P3EJKojH9Ed; Wed, 15 Jun 2016 06:05:28 -0700 (PDT)
Received: from sender163-mail.zoho.com (sender163-mail.zoho.com [74.201.84.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EB2312D60D; Wed, 15 Jun 2016 06:05:02 -0700 (PDT)
Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1465995895129657.7123757883129; Wed, 15 Jun 2016 06:04:55 -0700 (PDT)
Date: Wed, 15 Jun 2016 15:04:54 +0200
From: Markus deBruen <linkedin@xn--debrn-nva.de>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
Message-ID: <155542a20aa.f178b1d213436.8516278435436621650@xn--debrn-nva.de>
In-Reply-To: <D386FF93.75916%evyncke@cisco.com>
References: <D386FF93.75916%evyncke@cisco.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_31302_6541596.1465995894976"
X-Priority: Medium
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/CjwMH2I2eta7Vmr0hq_uPlAm54I>
X-Mailman-Approved-At: Tue, 28 Jun 2016 11:30:35 -0700
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "draft-ietf-opsec-v6@ietf.org" <draft-ietf-opsec-v6@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, "fgont@si6networks.com" <fgont@si6networks.com>
Subject: Re: [v6ops] Asking for a review of draft-ietf-opsec-v6-08
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2016 13:19:10 -0000

Hi Eric, 

the draft is very well written and contains useful guidance/recommendations. Sections 2.4 and 2.5 do not contain much IPv6-specific information and sections 2.7.2.* do not give much guidance. However, these three sections together amount to ~11 pages (1/3 of the document). If you could shorten these sections, the document would become more manageable. 
Some minor comments and nits: 
2.1.2 
"... The latter would be problematic." 
I suspect by "latter" you mean NPTv6. Better make that explicit. 

"A typical argument is that there are too many mistakes made with filters and 
ULAs make things easier to hide machines." 
Why "to hide machienes"? I would suggest "to set filters". 

2.1.4 
"... privacy extension addresses should be used" 
Punctuation mark is missing. 

2.2 
still TBD 

2.3.2 
"... for protecting hosts connected against..." 
"Connected hosts" maybe!? 

2.3.4 
"RFC6980 [RFC6980] aims to update RFC4861 [RFC4861]" 
"[RFC6980] updates [RFC4861]" 

2.7.2 
"embeb" -&gt; embed 

2.7.2.4 
"... operational problems" 
Punctuation mark is missing. 

2.7.2.8 
The second "MAP-E" should be "MAP-T". 

2.8 
"device to authenticated" -&gt; "device authenticated" 

3.1 
"bogon and reserved space" 
Some links might be helpful (e.g. to IANA). 

5 
"[RFC7084] (which obsoletes [RFC6204]" 
Missing ")" 

"[RFC7084] states that a clear choice must be given to the user to select one 
of those two policies." 
Does it? I did not find the corresponding passage. 

Throughout the document there are some "IPV6", "DOS" and " ", which should be 
replaced with "IPv6", "DoS" and " ". 

I hope these comments are helpful. 

Cheers, 
Markus 



---- Ein Mi, 15 Jun 2016 12:50:29 +0200 Eric Vyncke (evyncke)&lt;evyncke@cisco.com&gt; hat geschrieben ---- 

  The authors (and OPSEC WG chairs) would really appreciate if a review of https://tools.ietf.org/html/draft-ietf-opsec-v6-08 is done in the coming days/weeks (in time to submit a -09 in case it needs to be amended).
 
 
 This I-D is about the operation security considerations when operating an IPv6 network (both as Service Provider and enterprise/subscriber).
 
 
 Thanks a lot in advance for your review and be sure to include opsec@ietf.org in your reply.
 
 
 - the authors (Merike, KK and Eric)
 - the chairmen (Gunter and Eric)
 
 
 PS: Markus, Fred, Fernando and Lee, as you kindly volunteered to review it during IETF-95, I also put your names ;-)

v2.23.0 | Report a Bug | By Email