Hi Fernando,
Thank you very much for the updated document. It looks good to me,
Just a comment:
where statesĀ "...This option was originally specified in [RFC6553
<https://tools.ietf.org/html/rfc6553>]. It has been deprecated by
[I-D.ietf-roll-useofrplinfo
<https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh-filtering-05#ref-I-D.ietf-roll-useofrplinfo>]."
I would replace "deprecated" by "updated", since the roll-I-D updates
the RPL Option with a new value. What do you think?
Thanks,
Ines.
On 06.03.2018 03:22, Fernando Gont wrote:
Folks,
This rev is meant to address your feedback regarding opt 0x23
(draft-ietf-roll-useofrplinfo).
Please do let us know if your concerns have been addressed.
Thanks!
Cheers,
Fernando
On 03/05/2018 08:31 PM, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Operational Security Capabilities for IP
Network Infrastructure WG of the IETF.
Title : Recommendations on the Filtering of IPv6 Packets
Containing IPv6 Extension Headers
Authors : Fernando Gont
Will(Shucheng) Liu
Filename : draft-ietf-opsec-ipv6-eh-filtering-05.txt
Pages : 35
Date : 2018-03-05
Abstract:
It is common operator practice to mitigate security risks by
enforcing appropriate packet filtering. This document analyzes both
the general security implications of IPv6 Extension Headers and the
specific security implications of each Extension Header and Option
type. Additionally, it discusses the operational and
interoperability implications of discarding packets based on the IPv6
Extension Headers and IPv6 options they contain. Finally, it
provides advice on the filtering of such IPv6 packets at transit
routers for traffic *not* directed to them, for those cases in which
such filtering is deemed as necessary.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-opsec-ipv6-eh-filtering/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh-filtering-05
https://datatracker.ietf.org/doc/html/draft-ietf-opsec-ipv6-eh-filtering-05
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-ipv6-eh-filtering-05
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec