IETF Logo Mail Archive

Re: [v6ops] [OPSEC] Call for WG adoption - Recommendations on Filtering of IPv6 Packets Containing IPv6 Extension Headers

joel jaeggli <joelja@bogus.com> Tue, 14 October 2014 07:02 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0835B1A6FC0; Tue, 14 Oct 2014 00:02:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.769
X-Spam-Level:
X-Spam-Status: No, score=0.769 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FH_HOST_EQ_D_D_D_D=0.765, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, RDNS_DYNAMIC=0.982] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uvXhGMTLoQwP; Tue, 14 Oct 2014 00:02:25 -0700 (PDT)
Received: from minorthreat.org (ec2-54-68-221-247.us-west-2.compute.amazonaws.com [54.68.221.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F9B91A6FBE; Tue, 14 Oct 2014 00:02:25 -0700 (PDT)
Received: from mb-aye.local (c-67-188-0-113.hsd1.ca.comcast.net [67.188.0.113]) (authenticated bits=0) by minorthreat.org (8.14.9/8.14.9) with ESMTP id s9E722xB098881 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 14 Oct 2014 07:02:03 GMT (envelope-from joelja@bogus.com)
Message-ID: <543CCA7D.6060900@bogus.com>
Date: Tue, 14 Oct 2014 00:02:21 -0700
From: joel jaeggli <joelja@bogus.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:33.0) Gecko/20100101 Thunderbird/33.0
MIME-Version: 1.0
To: Joe Touch <touch@isi.edu>, Brian E Carpenter <brian.e.carpenter@gmail.com>, "C. M. Heard" <heard@pobox.com>
References: <201410101259128179113@gmail.com> <279945F5-9A00-41AB-903E-FF4F858CB387@employees.org> <alpine.DEB.2.02.1410130907280.14735@uplift.swm.pp.se> <B499E06A-887A-4A9B-8FB9-EE2D3A1F9095@employees.org> <alpine.DEB.2.02.1410130926090.14735@uplift.swm.pp.se> <Pine.LNX.4.64.1410130723530.25821@shell4.bayarea.net> <543C2700.3060404@gmail.com> <543C3008.80506@isi.edu> <543CB5B4.9030203@bogus.com> <543CC7D1.7080602@isi.edu>
In-Reply-To: <543CC7D1.7080602@isi.edu>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="wAc2j9lGx1esRGuGT9jaH5GnmdoVAKNCo"
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/KNCpzbvdn2BzkByWVvSb6OyFqfw
Cc: opsec <opsec@ietf.org>, v6ops <v6ops@ietf.org>
Subject: Re: [v6ops] [OPSEC] Call for WG adoption - Recommendations on Filtering of IPv6 Packets Containing IPv6 Extension Headers
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 07:02:28 -0000

On 10/13/14 11:50 PM, Joe Touch wrote:
> 
> 
> On 10/13/2014 10:33 PM, joel jaeggli wrote:
>> On 10/13/14 1:03 PM, Joe Touch wrote:
>>>
>>>
>>> On 10/13/2014 12:24 PM, Brian E Carpenter wrote:
>>> ...
>>>> Exactly. I believe this draft, and the options draft, are *exactly* what
>>>> the IETF should do (and why we have an E in our name instead of an S;
>>>> we are not the Internet Standards Task Force). If our standards are
>>>> unrealistic, we should be the ones to do something about it...
>>>
>>> If it's that our standards are unrealistic, it would be useful to
>>> address this as changes to the standards.
>>
>> It's not entirely unrealistic to expect a consensus about observed
>> reality to emerge from ops before it evolves into protocol maintenance.
> 
> Observed reality doesn't include recommendations.
> 
> And if observed reality requires consensus, I doubt you're describing
> anything that involves either observation or reality.

...

The goals of the v6ops working group are:

1. Solicit input from network operators and users to identify
operational issues with the IPv4/IPv6 Internet, and
determine solutions or workarounds to those issues. These issues
will be documented in Informational or BCP RFCs, or in
Internet-Drafts.

This work should primarily be conducted by those areas and WGs
which are responsible and best fit to analyze these problems, but
v6ops may also cooperate in focusing such work.

2. Publish Informational or BCP RFCs that identify potential security
risks in the operation of shared IPv4/IPv6 networks, and document
operational practices to eliminate or mitigate those risks.

This work will be done in cooperation with the Security area and
other relevant areas or working groups.

3. As a particular instance of (1) and (2), provide feedback to
the IPv6 WG regarding portions of the IPv6 specifications that
cause, or are likely to cause, operational or security concerns,
and work with the IPv6 WG to resolve those concerns. This feedback
will be published in Internet-Drafts or RFCs.
...

> Joe
>

v2.23.0 | Report a Bug | By Email