[v6ops] Fwd: (IETF I-D): Implications of IPv6 Addressing on Security Operations (Fwd: New Version Notification for draft-gont-opsec-ipv6-addressing-00.txt)
Fernando Gont <fgont@si6networks.com> Tue, 07 February 2023 04:28 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4927FC1575C9 for <v6ops@ietfa.amsl.com>; Mon, 6 Feb 2023 20:28:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gYZDqiF2Tm11 for <v6ops@ietfa.amsl.com>; Mon, 6 Feb 2023 20:28:27 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C91EBC140C30 for <v6ops@ietf.org>; Mon, 6 Feb 2023 20:28:17 -0800 (PST)
Received: from [10.0.0.133] (unknown [186.19.8.47]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id A7B26280BAB; Tue, 7 Feb 2023 01:28:12 -0300 (-03)
Message-ID: <55adf66d-23cb-0b2c-65d7-8f053a6f9298@si6networks.com>
Date: Tue, 07 Feb 2023 01:28:09 -0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2
Content-Language: en-US
References: <091075f1-033a-5577-60d9-3c6a009b3e21@si6networks.com>
To: IPv6 Operations <v6ops@ietf.org>
From: Fernando Gont <fgont@si6networks.com>
In-Reply-To: <091075f1-033a-5577-60d9-3c6a009b3e21@si6networks.com>
X-Forwarded-Message-Id: <091075f1-033a-5577-60d9-3c6a009b3e21@si6networks.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/YRim_N0igUlbXZ10d4sR6Suy3aU>
Subject: [v6ops] Fwd: (IETF I-D): Implications of IPv6 Addressing on Security Operations (Fwd: New Version Notification for draft-gont-opsec-ipv6-addressing-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 04:28:31 -0000
Folks, FYI, this one is targeted at opsec, but might be of interest to this group: * TXT: https://www.ietf.org/archive/id/draft-gont-opsec-ipv6-addressing-00.txt * HTML: https://www.ietf.org/archive/id/draft-gont-opsec-ipv6-addressing-00.html Thanks! Regards, Fernando -------- Forwarded Message -------- Subject: (IETF I-D); Implications of IPv6 Addressing on Security Operations (Fwd: New Version Notification for draft-gont-opsec-ipv6-addressing-00.txt) Date: Fri, 3 Feb 2023 01:28:17 -0300 From: Fernando Gont <fgont@si6networks.com> To: opsec@ietf.org Hi, All, I happened to participate in an IPv6 deployment meeting with some large content provider. Eventually there was a discussion about how to mitigate some attacks using block-lists, and they argued that they ban offending addresses (/128 for the IPv6 case), following IPv4 practices. While they had already deployed IPv6, some of the associated implications arising from the increased address space seemed to be non-obvious to them. So that's what motivated the publication of this document. * TXT: https://www.ietf.org/archive/id/draft-gont-opsec-ipv6-addressing-00.txt * HTML: https://www.ietf.org/archive/id/draft-gont-opsec-ipv6-addressing-00.html Comments welcome! Thanks, Fernando -------- Forwarded Message -------- Subject: New Version Notification for draft-gont-opsec-ipv6-addressing-00.txt Date: Thu, 02 Feb 2023 19:48:40 -0800 From: internet-drafts@ietf.org To: Fernando Gont <fgont@si6networks.com>, Guillermo Gont <ggont@si6networks.com> A new version of I-D, draft-gont-opsec-ipv6-addressing-00.txt has been successfully submitted by Fernando Gont and posted to the IETF repository. Name: draft-gont-opsec-ipv6-addressing Revision: 00 Title: Implications of IPv6 Addressing on Security Operations Document date: 2023-02-02 Group: Individual Submission Pages: 8 URL: https://www.ietf.org/archive/id/draft-gont-opsec-ipv6-addressing-00.txt Status: https://datatracker.ietf.org/doc/draft-gont-opsec-ipv6-addressing/ Htmlized: https://datatracker.ietf.org/doc/html/draft-gont-opsec-ipv6-addressing Abstract: The increased address availability provided by IPv6 has concrete implications on security operations. This document discusses such implications, and sheds some light on how existing security operations techniques and procedures might need to be modified accommodate the increased IPv6 address availability. The IETF Secretariat
- [v6ops] Fwd: (IETF I-D): Implications of IPv6 Add… Fernando Gont
- Re: [v6ops] Fwd: (IETF I-D): Implications of IPv6… Vasilenko Eduard
- Re: [v6ops] (IETF I-D): Implications of IPv6 Addr… David Conrad
- Re: [v6ops] Fwd: (IETF I-D): Implications of IPv6… Ted Lemon
- Re: [v6ops] (IETF I-D): Implications of IPv6 Addr… Vasilenko Eduard
- Re: [v6ops] Fwd: (IETF I-D): Implications of IPv6… Nick Buraglio
- Re: [v6ops] Fwd: (IETF I-D): Implications of IPv6… Fernando Gont
- Re: [v6ops] Fwd: (IETF I-D): Implications of IPv6… Fernando Gont
- Re: [v6ops] Fwd: (IETF I-D): Implications of IPv6… Fernando Gont
- Re: [v6ops] Fwd: (IETF I-D): Implications of IPv6… Nick Buraglio
- Re: [v6ops] Fwd: (IETF I-D): Implications of IPv6… Henri Alves de Godoy
- Re: [v6ops] (IETF I-D): Implications of IPv6 Addr… Simon
- Re: [v6ops] (IETF I-D): Implications of IPv6 Addr… Fernando Gont