IETF Logo Mail Archive

Re: [v6ops] What is new in draft-ietf-opsec-v6-13.txt ?

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 08 March 2018 19:42 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28D551270AC; Thu, 8 Mar 2018 11:42:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m4diQUIyEmdm; Thu, 8 Mar 2018 11:42:08 -0800 (PST)
Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C081124BFA; Thu, 8 Mar 2018 11:42:05 -0800 (PST)
Received: by mail-pg0-x233.google.com with SMTP id q27so2616383pgn.8; Thu, 08 Mar 2018 11:42:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=h4dMh84JXdrW50zgRlCOgATdnXQ4BQ2bFwiHo5rjUWk=; b=gV6XCs50eBiB/Bwfy6DlL4ajuA9Uu7MrijS2Wcl/4YwjCLdvXfNKJVlcGBhQI2v2P7 jaMawXj3omCp82ZrothRG55yCalrXDOHPN8A5RG7+Q46Xp/SumSpZt9pm9RBCHWpj3xV 6p9o9AbO2bRmRm36wZgmUeFiO5xxGhSpsAqgru3yKe/Vk7Y97Wk//Yd1KvAGxKDeidEV qHZySPDCe2Qz9P7UZYiOD/uSBcdyKp/WjMS2v4H9hth8FNqJW8y1lk0nwxrAaA83kAOX xEiQhYHa25kOPrKj5jMEA2+qoSFAZ0Kh71bUtKVvGWZDGN5cZohOTHPoCeo/fDDGQxSj QS2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:cc:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=h4dMh84JXdrW50zgRlCOgATdnXQ4BQ2bFwiHo5rjUWk=; b=E4XR8DyfqME8Hh91YLBXsDt+IxNVprraelsx5EfB07CsREbfzrMUpuD5GNZXMXPE6s WBC46eaN81OBgrpqSyMpcsyH906s+8zuWSVoq9nHzHGV1JQQmusANSCd2gX/v7TBfuAR GIr6tldrD24qR4NuSBrww6NrS6nhS4hf9pAx4qQOYt7X+E1qrOpGck6U4wEYgzVBJJoL TvzE+Rki2sxeyioMoh0yfHJTC+NMEyGkq1RDx03L45Lz0IBeiLahj5hnVh0zASdiQ31x vKOntLvqmh2pyXZNbJRCY1y+r0bReVcCGLWT/mjhCUPklWqslq4oIOZduh1RPziB+H1B Rs6g==
X-Gm-Message-State: APf1xPBQMVKY0OL2ycA8MnDkz7PTmY5dmkvGDNa21hn65kLiyzchKOUe q/2YAPICtg44N2vZ0OYT8EyYad4c
X-Google-Smtp-Source: AG47ELvW+2CZfRenEhi27ifhBaKd21UlhKSLJnI9bc7N0xrFnYLupiTDnM4MIAMcALyNvX7JnxQAKA==
X-Received: by 10.101.83.140 with SMTP id x12mr21429817pgq.288.1520538124781; Thu, 08 Mar 2018 11:42:04 -0800 (PST)
Received: from [192.168.43.75] ([118.148.220.220]) by smtp.gmail.com with ESMTPSA id r1sm22183847pgq.41.2018.03.08.11.42.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Mar 2018 11:42:03 -0800 (PST)
Sender: Brian Carpenter <becarpenter46@gmail.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "opsec@ietf.org" <opsec@ietf.org>, "v6ops@ietf.org WG" <v6ops@ietf.org>
Cc: "draft-ietf-opsec-v6.authors@ietf.org" <draft-ietf-opsec-v6.authors@ietf.org>
References: <B4FE0D94-4506-4FA0-970F-B0343A718D8A@cisco.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <733d8fa5-eb9c-23ec-5beb-81d17bd87a24@gmail.com>
Date: Fri, 09 Mar 2018 08:30:19 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <B4FE0D94-4506-4FA0-970F-B0343A718D8A@cisco.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/sFZfO4ka6sYM8WpIDiSb6hbwVts>
Subject: Re: [v6ops] What is new in draft-ietf-opsec-v6-13.txt ?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2018 19:42:10 -0000

Eric,
On 02/03/2018 02:08, Eric Vyncke (evyncke) wrote:
> There are a lot of changes in the -13 version, many minor and a couple of bigger ones (such the ULA section). A new author, Enno Rey, has joined the team and has provided a tremendous amount of suggestions/changes. We also have acted on the comments from Ole Troan, Ron Bonnica, Bernie Volz, Fernando Gont and Erik Kline.
> 
> As usual you can compare the versions with:
> https://tools.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-13.txt
> 
> The authors will welcome reviews and comments especially on the new section 2.1.2 (Use of ULAs): this 'ugly' topic needs to be in this document and no author wants to recommend it obviously ;-)

I don't see anything ugly in the new text of 2.1.2; it is neutral and accurate. (There are specialised use cases for ULAs such as draft-ietf-anima-autonomic-control-plane, but I don't think it's necessary to mention them here.)
 
> One open point is what to do with 'mostly obsolete' tunneling such as Teredo and 6to4 ? Ole wants to remove those sections completely but the authors feel that we need to keep them to be exhaustive.

I agree with the authors. Also, you say:
"Teredo is now mostly never used and it is no more automated in most	
environment, so, it is less of a threat."

I was amazed recently to discover that this statement is untrue. I refer to fully updated Windows 10 Home laptops (two of them) which came up with an active Teredo interface that I had to disable.

Actually, such a statement is more true of 6to4 today, which I think nobody configures by default.

> Same for the CGN (NAT444) section, not really an IPv6 topic, but an important related-one and the document is in OPSEC WG (which is protocol version agnostic).

However, the scope of the draft is "IPv6 Networks" so this really does seem out of scope to me.

   Brian

v2.23.0 | Report a Bug | By Email