* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Opsec Status Pages

Operational Security Capabilities for IP Network Infrastructure (Active WG)
Ops Area: Ignas Bagdonas, Warren Kumari | 2004-Oct-14 —  
Chairs
 
 


IETF-104 opsec minutes

Session 2019-03-25 1120-1220: Berlin/Brussels - Audio stream - opsec chatroom

Minutes

minutes-104-opsec-01 minutes



          Meeting: OPSEC at IETF-104
          Day: Monday 3/25/2019
          Jabber: Warren Kumari
          Notes: Chris Morrow (retyped by Eric Vyncke) and ???
          
          draft-ietf-opsec-v6-14, Operational Security Considerations for IPv6
          Networks, K. Chittimaneni
          ==============================================================================================
          
          The speaker could not make it due to plane having issues...
          Co-chair and co-author Éric Vyncke presenting from his own laptop, video
          not displayed. Slides not available.  Éric: "Slides are hard.. we're
          doing this freehand!"
          
          Document started in 2012.
          
          Main change since last version (present 15, diff from -14):  (actually,
          datatracker says newest version is -16, so diff of -16 and -15 from
          -14. Added by Éric after the WG meeting: there are 2 days between -15
          and -16, I should have been clearer though.
          
          We do not cover IoT world, just ISP, residential or enterprise.
          
          Various disucssion about ULA, the discussion was very fraugt with peril,
          point now to ULA usage considerations document instead of trying to cover
          this in the opsec document.  Now we simply say "go to ULA considerations"
          we say what ULA is, and "go there".
          
          Jen Linkova try not to introduce confusion ULA RFC1918, (text draws
          similarity to 1918 private address space): "ULAs are like 1918, please
          don't do that?"
          Éric: "great! 3 lines to 2 lines!! w00t!"
          
          Bunches of followup from Fernando Gont and Ron Bonica, thank you for
          those.
          
          section about SLAAC and generating MAC addresses (2.1.4) has many changes,
          mostly reductions in text.  also discussion of MAC addresses wrt SAVI
          in 2.6
          section 2.3.2 SAVI updated
          section 2.3.3 on securing DHCP is all new text
          
          Éric: the authors would like to have a second WGLC.
          
          Ron Bonica, speaking as regular member, not co-chair, like to bring up
          some document issues:
          1) first section says "we should use PI for security" - do we really
          want to recommend that?  would explode routing tables.
            Eric: maybe we need to address wording
             Eric: "better to get PI so you are independent from your ISP, etc"
               Jen: "should not be in the document... not really security?"
               Rudiger: "Can't find security reasoning for PI? Where is it?"
               RonBonica: "Idiosyncracies of ipv6...." don't often translate
               to security
                  considerations... linkage between idiosyncracies and security
                  considerations
                  ought to be linked better.
            JenL: have written IRR words about PA and PI.  PI words should not be
            in this document.  private
          
          2) there are other points that talk about quirks of IPv6, but not about
          whether these are security consideration.  For example, it says some
          networks drop extension headers.  that may be true but it is not a
          security consideration.
            Eric as author: yes, we need to address text.
          
          RonB: as co-chair:  how many have read this document in the last year?
          how many would be willing to comment in the next year? about 5 to 10.
          
          Nathalie Trenaman of RIPE NCC: have been following for years:  Yes,
          words about PI addresses should not be in the document.  I agree with
          Jen's comments about 1918 private address space. But aside from that
          "move forward please".
          
          Ron B: as co-chair again.  will look for a new version and will perhaps
          do wg last call.
          
          Tim Chown:  some people consider some of the topics to be risk management,
          not security consideration.  Some people conflate the two.  Maybe there
          should be a section about risk.
          Eric: I will re-read 7381 that we co-authored to check whether there is
          a section about risk management.
          
          enhanced-feasible-path-reverse-path-filtering, Sriram Kitapuldi
          ===============================================
          
          Sriram Kitapuldi NIST: have reviewed document and think it is good shape
          and ask for wg last call.
          
          RobB: as co-chair.  I agree and will do wg last call.
          
          Meeting Ajorned....  11:45am
          
          



Generated from PyHt script /wg/opsec/minutes.pyht Latest update: 24 Oct 2012 16:51 GMT -