IETF Logo Mail Archive

Re: [v6ops] [OPSEC] Asking for a review of draft-ietf-opsec-v6-08

"Fred Baker (fred)" <fred@cisco.com> Fri, 17 June 2016 22:32 UTC

Return-Path: <fred@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1219412DBFC; Fri, 17 Jun 2016 15:32:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -115.947
X-Spam-Level:
X-Spam-Status: No, score=-115.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Ovb3yV5DZPW; Fri, 17 Jun 2016 15:32:28 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9413D12DBFB; Fri, 17 Jun 2016 15:32:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1960; q=dns/txt; s=iport; t=1466202748; x=1467412348; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=uYO2xMeWPqEl5O8QFyfiGYJRSIDliwUty0PCV7/Tl0E=; b=hfObx0avZoDtz4F/oPcmF7lqVUe5wULPPFs84LX1mbOakoA3tYArdG19 7sPx4pzeuVFXPvj/vB33svrZ7IW6s3YjyOIsNjXHqBfZ+v76lS5rRIJ8Q l7SCv//h8/8DvZyKky8EfNfxOXBt4y5RhvkeNC22SJ/Jxgv8qeDg2BM7z I=;
X-Files: signature.asc : 833
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ArAgDAeWRX/5RdJa1dgz6BUwaCUwsErDWJc4IPgXqGFwKBJTgUAQEBAQEBAWUnhEsBAQEDAXkFCwIBCBguIRElAgQOBQ6ICAMPCL0HDYNeAQEBAQEBAQEBAQEBAQEBAQEBARAOiB6CVoJDgU8RAQaDQoIvBZhBNAGDLYFqhxiBeoFTjU+ICodsAR42g3BuiRM2fwEBAQ
X-IronPort-AV: E=Sophos;i="5.26,485,1459814400"; d="asc'?scan'208";a="116317886"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jun 2016 22:32:27 +0000
Received: from XCH-RCD-012.cisco.com (xch-rcd-012.cisco.com [173.37.102.22]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id u5HMWRRk006087 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 17 Jun 2016 22:32:27 GMT
Received: from xch-rcd-013.cisco.com (173.37.102.23) by XCH-RCD-012.cisco.com (173.37.102.22) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Fri, 17 Jun 2016 17:32:26 -0500
Received: from xch-rcd-013.cisco.com ([173.37.102.23]) by XCH-RCD-013.cisco.com ([173.37.102.23]) with mapi id 15.00.1104.009; Fri, 17 Jun 2016 17:32:26 -0500
From: "Fred Baker (fred)" <fred@cisco.com>
To: Mark Smith <markzzzsmith@gmail.com>
Thread-Topic: [OPSEC] [v6ops] Asking for a review of draft-ietf-opsec-v6-08
Thread-Index: AQHRyOggeDyqZS3K60Gt+g5HwDkDsw==
Date: Fri, 17 Jun 2016 22:32:26 +0000
Message-ID: <DAFDCB90-4BD0-4DC2-BE59-FABB9530796F@cisco.com>
References: <D386FF93.75916%evyncke@cisco.com> <CAAedzxqBr=ApvGTUrjNUnRmpcamkt4OH1CchcDEWgDcXRgo8Fw@mail.gmail.com> <173d2c6b-4cbf-88da-cf20-710a90e04c7e@gmail.com> <38465846B6383D4A8688C0A13971900C48DBF82F@ge2eml2k1004> <CAO42Z2z_pgBrn3bNRagx4W2FYn4aJ=NYNGwzDk+Q2o373qux+A@mail.gmail.com>
In-Reply-To: <CAO42Z2z_pgBrn3bNRagx4W2FYn4aJ=NYNGwzDk+Q2o373qux+A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3124)
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.19.64.125]
Content-Type: multipart/signed; boundary="Apple-Mail=_696219FF-1835-49DD-A1B9-D7283FFD114D"; protocol="application/pgp-signature"; micalg="pgp-sha1"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/YDFJ0yjIMs3xtS9Rh59GKO_Yccg>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "draft-ietf-opsec-v6@ietf.org" <draft-ietf-opsec-v6@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, "linkedin@xn--debrn-nva.de" <linkedin@xn--debrn-nva.de>, "fgont@si6networks.com" <fgont@si6networks.com>, Marco Ermini <Marco.Ermini@resmed.com>
Subject: Re: [v6ops] [OPSEC] Asking for a review of draft-ietf-opsec-v6-08
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2016 22:32:30 -0000

> On Jun 16, 2016, at 2:43 AM, Mark Smith <markzzzsmith@gmail.com> wrote:
> 
> If you truly want to hide a host from the Internet, yet still allow it
> to access things on the Internet, under IPv6 your network would use
> ULA addressing, and have a per-application protocol proxy server that
> makes all requests look like they've entirely originated from the
> application proxy server itself. To the Internet server, the
> application proxy server would appear to be the application end host
> making the requests, preventing any internal host identifiers or other
> attributes from leaking.

Even there, beware the email header.

v2.23.0 | Report a Bug | By Email