IETF Logo Mail Archive

Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-gont-opsec-ipv6-eh-filtering-00.txt

Fernando Gont <fgont@si6networks.com> Thu, 17 July 2014 22:06 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7AA91B281A; Thu, 17 Jul 2014 15:06:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.132
X-Spam-Level:
X-Spam-Status: No, score=-1.132 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SORBS_WEB=0.77, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 197EmMqK-Ayh; Thu, 17 Jul 2014 15:06:03 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DED6A1A0342; Thu, 17 Jul 2014 15:06:02 -0700 (PDT)
Received: from [209.226.201.241] (helo=[10.205.138.219]) by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <fgont@si6networks.com>) id 1X7toM-0002kw-Fe; Fri, 18 Jul 2014 00:05:58 +0200
Message-ID: <53C848C0.8040506@si6networks.com>
Date: Thu, 17 Jul 2014 16:05:52 -0600
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "C. M. Heard" <heard@pobox.com>, Joe Touch <touch@isi.edu>
References: <20140704235122.9794.84948.idtracker@ietfa.amsl.com> <53C35CC4.2070304@gmail.com> <53C57F39.7080800@gont.com.ar> <53C5C279.2090600@gmail.com> <53C5C91C.2020203@isi.edu> <53C5CAEE.5080805@si6networks.com> <53C6B1E5.4060905@isi.edu> <Pine.LNX.4.64.1407161401400.6057@shell4.bayarea.net>
In-Reply-To: <Pine.LNX.4.64.1407161401400.6057@shell4.bayarea.net>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/cYxrtbp7UotQnBtgxF4gBCwnUdE
Cc: OPSEC <opsec@ietf.org>, Internet Area <int-area@ietf.org>, IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-gont-opsec-ipv6-eh-filtering-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jul 2014 22:06:03 -0000

Hi, Mike,

On 07/16/2014 04:13 PM, C. M. Heard wrote:
> OK, or even desirable, to block things like that.  In fairness to Mr. Gont, this 
> draft is MUCH better that the initial versions of the corresponding IPv4 options 
> filtering document.

Thanks. And it's an individual -00 version. Nothing is set on stone.


  Even it I don't agree with all of them, the filtering
> recommendations in this draft do seem to motivated by legitimate operational 
> concerns, not blanket paranoia.
> 
> I think we should move further discussion back to OPSEC and V6OPS.

Agree.

Thanks!
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email