IETF Logo Mail Archive

Re: [v6ops] [OPSEC] Call for WG adoption - Recommendations on Filtering of IPv6 Packets Containing IPv6 Extension Headers

Tim Chown <tjc@ecs.soton.ac.uk> Tue, 14 October 2014 22:47 UTC

Return-Path: <tjc@ecs.soton.ac.uk>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08E421A000C; Tue, 14 Oct 2014 15:47:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.007
X-Spam-Level:
X-Spam-Status: No, score=-2.007 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.786, SPF_NEUTRAL=0.779] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lGtUEq9zhuVT; Tue, 14 Oct 2014 15:47:06 -0700 (PDT)
Received: from falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [IPv6:2001:630:d0:f102::25e]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCCE71A0019; Tue, 14 Oct 2014 15:47:05 -0700 (PDT)
Received: from falcon.ecs.soton.ac.uk (localhost [127.0.0.1]) by falcon.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id s9EMkqxb009604; Tue, 14 Oct 2014 23:46:52 +0100
X-DKIM: Sendmail DKIM Filter v2.8.2 falcon.ecs.soton.ac.uk s9EMkqxb009604
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=ecs.soton.ac.uk; s=201304; t=1413326815; bh=aN4Dx8qZz9jTsemKEUGKeTA/79Y=; h=Mime-Version:Subject:From:In-Reply-To:Date:Cc:References:To; b=UQ8vJp4yDSnajAQUddYmZKm/EhXSOqxINEP40UO3Xhcn81kno+YHtGPcQe3SGCBEM GldF75Fi8U0uhhdKVz/HuDdCaYxqG61rUatZMqFxup57vce7U9IfLB0njc7dFr+ure UHgmXK+9PfvYyCSghmhpkOq2N6BRTZ4dsky8Td5s=
Received: from gander.ecs.soton.ac.uk ([2001:630:d0:f102:250:56ff:fea0:401]) by falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [2001:630:d0:f102:250:56ff:fea0:68da]) envelope-from <tjc@ecs.soton.ac.uk> with ESMTP (valid=N/A) id q9DNkq17613133797Z ret-id none; Tue, 14 Oct 2014 23:46:54 +0100
Received: from [192.168.1.108] (host213-123-213-183.in-addr.btopenworld.com [213.123.213.183]) (authenticated bits=0) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id s9EMkdQ6018707 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 14 Oct 2014 23:46:40 +0100
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Tim Chown <tjc@ecs.soton.ac.uk>
In-Reply-To: <543CCA7D.6060900@bogus.com>
Date: Tue, 14 Oct 2014 23:46:39 +0100
Content-Transfer-Encoding: quoted-printable
Message-ID: <EMEW3|b0ba13ecbdde5c2687b53eda56307929q9DNkq03tjc|ecs.soton.ac.uk|9FAF4D5B-217D-40E8-997A-924B05CF045D@ecs.soton.ac.uk>
References: <201410101259128179113@gmail.com> <279945F5-9A00-41AB-903E-FF4F858CB387@employees.org> <alpine.DEB.2.02.1410130907280.14735@uplift.swm.pp.se> <B499E06A-887A-4A9B-8FB9-EE2D3A1F9095@employees.org> <alpine.DEB.2.02.1410130926090.14735@uplift.swm.pp.se> <Pine.LNX.4.64.1410130723530.25821@shell4.bayarea.net> <543C2700.3060404@gmail.com> <543C3008.80506@isi.edu> <543CB5B4.9030203@bogus.com> <543CC7D1.7080602@isi.edu> <543CCA7D.6060900@bogus.com> <9FAF4D5B-217D-40E8-997A-924B05CF045D@ecs.soton.ac.uk>
To: joel jaeggli <joelja@bogus.com>
X-Mailer: Apple Mail (2.1878.6)
X-ECS-MailScanner: Found to be clean, Found to be clean
X-smtpf-Report: sid=q9DNkq176131337900; tid=q9DNkq17613133797Z; client=relay,forged,no_ptr,ipv6; mail=; rcpt=; nrcpt=6:0; fails=0
X-ECS-MailScanner-Information: Please contact the ISP for more information
X-ECS-MailScanner-ID: s9EMkqxb009604
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/G_xrTGuMLT2oScj-l0JLiY74aT0
Cc: "C. M. Heard" <heard@pobox.com>, opsec <opsec@ietf.org>, v6ops <v6ops@ietf.org>
Subject: Re: [v6ops] [OPSEC] Call for WG adoption - Recommendations on Filtering of IPv6 Packets Containing IPv6 Extension Headers
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 22:47:09 -0000

On 14 Oct 2014, at 08:02, joel jaeggli <joelja@bogus.com> wrote:

> On 10/13/14 11:50 PM, Joe Touch wrote:
>> 
>> 
>> On 10/13/2014 10:33 PM, joel jaeggli wrote:
>>> On 10/13/14 1:03 PM, Joe Touch wrote:
>>>> 
>>>> 
>>>> On 10/13/2014 12:24 PM, Brian E Carpenter wrote:
>>>> ...
>>>>> Exactly. I believe this draft, and the options draft, are *exactly* what
>>>>> the IETF should do (and why we have an E in our name instead of an S;
>>>>> we are not the Internet Standards Task Force). If our standards are
>>>>> unrealistic, we should be the ones to do something about it...
>>>> 
>>>> If it's that our standards are unrealistic, it would be useful to
>>>> address this as changes to the standards.
>>> 
>>> It's not entirely unrealistic to expect a consensus about observed
>>> reality to emerge from ops before it evolves into protocol maintenance.
>> 
>> Observed reality doesn't include recommendations.
>> 
>> And if observed reality requires consensus, I doubt you're describing
>> anything that involves either observation or reality.
> 
> ...
> 
> The goals of the v6ops working group are:
> 
> 1. Solicit input from network operators and users to identify
> operational issues with the IPv4/IPv6 Internet, and
> determine solutions or workarounds to those issues. These issues
> will be documented in Informational or BCP RFCs, or in
> Internet-Drafts.
> 
> This work should primarily be conducted by those areas and WGs
> which are responsible and best fit to analyze these problems, but
> v6ops may also cooperate in focusing such work.
> 
> 2. Publish Informational or BCP RFCs that identify potential security
> risks in the operation of shared IPv4/IPv6 networks, and document
> operational practices to eliminate or mitigate those risks.
> 
> This work will be done in cooperation with the Security area and
> other relevant areas or working groups.
> 
> 3. As a particular instance of (1) and (2), provide feedback to
> the IPv6 WG regarding portions of the IPv6 specifications that
> cause, or are likely to cause, operational or security concerns,
> and work with the IPv6 WG to resolve those concerns. This feedback
> will be published in Internet-Drafts or RFCs.
> ...

… which suggests publishing the observations / problem statement in one draft in v6ops, and then progressing   recommendations in a separate document in conjuction with opsec seems perfectly reasonable?

I’m puzzled by the length of this conversation / debate…

Tim

v2.23.0 | Report a Bug | By Email