I reread this document with an eye towards publication.
generally I think it is good and ready for publication modula the
comments below which obviously you can take at your discretion or not.
section 1
Among such controls is the enforcement of
filtering policies, such that undesirable traffic is blocked.
is awkward.
IPv6 supporting security controls can enforce filtering policy such
that undesirable traffic is blocked.
I take issue with the example in this sentence
Only
in some exceptional cases (such as military operations networks)
could this approach to mitigating the aforementioned security
implications be thought of as a longer-term strategy.
the people who find that sort of approach necessary know who they are.
the same applies to a similar stanza in 2.1
the citations in section 2 for toolkits. read like advertising and
should be detuned accordingly. citing them as examples is fine. if the
third citation is factually incorrect in some fashion it should be dropped.
[Waters2011] provides an example of how this could be achieved
using publicly available tools (besides incorrectly claiming the
discovery of a "0day vulnerability").
section 3.
Unless properly managed, tunneling mechanisms might result in
negative security implications
statement is vague even when followed by the citation.
might result in exposure is more explicit and simpler.
drop "therefore" from the second paragraph
section 3.6
It should be noted that dig is part of bind or bindutils it is a
product of ISC and while it comes with lots of unix systems it is not
generic to them.
On 1/22/13 12:17 PM, Warren Kumari wrote:
On Jan 10, 2013, at 11:28 AM, Warren Kumari <[email protected]> wrote:
Hello OpSec!
This starts a working group last call for
draft-ietf-opsec-ipv6-implications-on-ipv4-nets-02 -- "Security Implications of IPv6
on IPv4 Networks"
The draft is available at
http://tools.ietf.org/html/draft-ietf-opsec-ipv6-implications-on-ipv4-nets-02
and
https://datatracker.ietf.org/doc/draft-ietf-opsec-ipv6-implications-on-ipv4-nets/
Please review this draft to see if you think it is ready for publication. Send
comments to the list.
The WGLC will end on 25th January 2013.
This is a reminder to please provide feedback on this draft -- so far I do not
think we have enough feedback to call consensus.
Thanks to the folk we do have feedback from; Wes, Simon and Rama...
W
--Warren, speaking as OpSec WG co-chair
--
I had no shoes and wept. Then I met a man who had no feet. So I said, "Hey man,
got any shoes you're not using?"
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
--
The duke had a mind that ticked like a clock and, like a clock, it regularly
went cuckoo.
-- (Terry Pratchett, Wyrd Sisters)
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
