IETF Logo Mail Archive

Re: [v6ops] Asking for a review of draft-ietf-opsec-v6-08

Lorenzo Colitti <lorenzo@google.com> Fri, 17 June 2016 02:12 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2D3B12D924 for <v6ops@ietfa.amsl.com>; Thu, 16 Jun 2016 19:12:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.126
X-Spam-Level:
X-Spam-Status: No, score=-4.126 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pr893rxMSC0P for <v6ops@ietfa.amsl.com>; Thu, 16 Jun 2016 19:12:13 -0700 (PDT)
Received: from mail-io0-x233.google.com (mail-io0-x233.google.com [IPv6:2607:f8b0:4001:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76E2012DC66 for <v6ops@ietf.org>; Thu, 16 Jun 2016 19:12:11 -0700 (PDT)
Received: by mail-io0-x233.google.com with SMTP id 5so66541571ioy.1 for <v6ops@ietf.org>; Thu, 16 Jun 2016 19:12:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=F55m/HLDOKD3NVKGrkeTL+aBiT0k1zDA7h6eJsCzxUA=; b=ozdm0+s0hMkh+EK/aBd3osiBX5kj1lUL+0v5JqcGCmuofAyZjn6HQdHm9EOW92H/Nl Z0co7W3KueEsUvJI3ZJEA1zJCrlhu1OCxceLrAKhUoRH19nxdG3Ewhn/DPPcyzVXU/cr gB0m9oI7sjvtGuSdhtnHcGC74XrgODXtlzeL7ad5YHcARCcuTuZ/FWqQR8bkKw4+pw4x pWOs4LeBF8v0I6UJ45ISc0pTaQIPeAs4936r2oKU899dB+5Hcq8emFwaY4OHjjVOvmQ9 CxNZkPA6BFnUcpdK8LchXcybZt/h4hTr1GC8mZ4gtMWzDL3ZFo1sBhNVtGZHhlF98QYe BesA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=F55m/HLDOKD3NVKGrkeTL+aBiT0k1zDA7h6eJsCzxUA=; b=Uubp3JFG+ex9tpHh7Kws3EZnkcZs7PtOc1p0dzw65wZZeE1pOy4t1M3Z1zxTEHc32r 8z98MtEBVlXpmvFGWppPKRt1WNraftsB1QibjLLVzX0OlPmg3phPNRs9IfPlGKi/NJ5H RCf1UP1L/s77OBmgO84eh53iLmGdr4X26F1I36Z4KIU1mcXfPFFdHGXFQf6BOcuXCgOx JnV/lyuwzgDW8WMAgC0uaENWSGWT52ve487ScV1MNT8f80ihl7/wMg0D2zPz3mcon463 WFI9GZ6TJ6vslVUhtHP54zkNjmdN6pDZ3WIzRZSf0Rxff3BczTx75e07TwXKBSx3xAQx n8Ow==
X-Gm-Message-State: ALyK8tLvP08Aw3pkzj149GYm1l7mcSMHtTpDOTgQfLRKpQ8wnggznWA1KLD+a/dzFI+E0VP0CFnQVRiVOtvLc2j2
X-Received: by 10.107.14.140 with SMTP id 134mr7624410ioo.94.1466129530574; Thu, 16 Jun 2016 19:12:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.225.228 with HTTP; Thu, 16 Jun 2016 19:11:50 -0700 (PDT)
In-Reply-To: <CAAedzxqBr=ApvGTUrjNUnRmpcamkt4OH1CchcDEWgDcXRgo8Fw@mail.gmail.com>
References: <D386FF93.75916%evyncke@cisco.com> <CAAedzxqBr=ApvGTUrjNUnRmpcamkt4OH1CchcDEWgDcXRgo8Fw@mail.gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 16 Jun 2016 19:11:50 -0700
Message-ID: <CAKD1Yr0GEH0tE1m94tuKmXcdQwRSHxF26fC4Da6FZObH6c_gYA@mail.gmail.com>
To: Erik Kline <ek@google.com>
Content-Type: multipart/alternative; boundary="001a113fef80ddd36805356fe1f1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ksnk4OfOjekuZEIpAVDon4D60LU>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "draft-ietf-opsec-v6@ietf.org" <draft-ietf-opsec-v6@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, "linkedin@xn--debrn-nva.de" <linkedin@xn--debrn-nva.de>, "fgont@si6networks.com" <fgont@si6networks.com>
Subject: Re: [v6ops] Asking for a review of draft-ietf-opsec-v6-08
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2016 02:12:13 -0000

On Wed, Jun 15, 2016 at 12:45 PM, Erik Kline <ek@google.com> wrote:

> Section 2.1.2 is far too permissive for my tastes.  We need to be able
> to say that ULA+IPv6 NAT is NOT RECOMMENDED by the IETF.
>

+1. I recall long queues at the mike at IETF 94 saying that.


> Section 2.6.1.5 could punch up the SAVI stuff a bit more as well.  We
> should, in my opinion, make it painfully clear that DHCP (of any
> protocol) in the absence of link-layer security/auditability features
> does not provide any satisfactory way "to ensure audibility and
> traceability" [Section 2.1.6].


+1. Instead of the text you have here, I would suggest citing section 9.1
of draft-ietf-v6ops-host-addr-availability, which deals with the problem in
detail.

v2.23.0 | Report a Bug | By Email