draft-ietf-opsec-ip-options-filtering-03.txt   draft-ietf-opsec-ip-options-filtering-04.txt 
Operational Security Capabilities for F. Gont Operational Security Capabilities for F. Gont
IP Network Infrastructure (opsec) UTN-FRH / SI6 Networks IP Network Infrastructure (opsec) UTN-FRH / SI6 Networks
Internet-Draft R. Atkinson Internet-Draft R. Atkinson
Intended status: BCP Consultant Intended status: BCP Consultant
Expires: January 10, 2014 C. Pignataro Expires: January 12, 2014 C. Pignataro
Cisco Cisco
July 9, 2013 July 11, 2013
Recommendations on filtering of IPv4 packets containing IPv4 options. Recommendations on filtering of IPv4 packets containing IPv4 options.
draft-ietf-opsec-ip-options-filtering-03.txt draft-ietf-opsec-ip-options-filtering-04.txt
Abstract Abstract
This document provides advice on the filtering of IPv4 packets based This document provides advice on the filtering of IPv4 packets based
on the IPv4 options they contain. Additionally, it discusses the on the IPv4 options they contain. Additionally, it discusses the
operational and interoperability implications of dropping packets operational and interoperability implications of dropping packets
based on the IP options they contain. based on the IP options they contain.
Status of this Memo Status of this Memo
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 10, 2014. This Internet-Draft will expire on January 12, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 28, line 12 skipping to change at page 28, line 12
operational impact if dropped. However, dropping packets containing operational impact if dropped. However, dropping packets containing
IPv4 options that are in use can cause real operational problems in IPv4 options that are in use can cause real operational problems in
deployed networks. Therefore, the practice of dropping all IPv4 deployed networks. Therefore, the practice of dropping all IPv4
packets containing one or more IPv4 options without careful packets containing one or more IPv4 options without careful
consideration is not recommended. consideration is not recommended.
7. Acknowledgements 7. Acknowledgements
The authors would like to thank Panos Kampanakis, Donald Smith, Ron The authors would like to thank Panos Kampanakis, Donald Smith, Ron
Bonica, Arturo Servin, and Merike Kaeo for providing thorough reviews Bonica, Arturo Servin, and Merike Kaeo for providing thorough reviews
and valuable comments. and valuable comments. Merike Kaeo also contributed text used in
this document.
Part of this document is initially based on the document "Security Part of this document is initially based on the document "Security
Assessment of the Internet Protocol" [CPNI2008] that is the result of Assessment of the Internet Protocol" [CPNI2008] that is the result of
a project carried out by Fernando Gont on behalf of UK CPNI (formerly a project carried out by Fernando Gont on behalf of UK CPNI (formerly
NISCC). Fernando Gont would like to thank UK CPNI (formerly NISCC) NISCC). Fernando Gont would like to thank UK CPNI (formerly NISCC)
for their continued support. for their continued support.
8. References 8. References
8.1. Normative References 8.1. Normative References
 End of changes. 5 change blocks. 
5 lines changed or deleted 6 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/