Markus Thanks very much for your review, I know it takes time to do.
I have accepted most of them except those marked with EVY>> Thanks again and see you in Berlin, your ::1 ;-) -éric From: Markus deBruen <[email protected]<mailto:[email protected]>> Date: Wednesday 15 June 2016 at 07:04 To: Eric Vyncke <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, Fred Baker <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "Howard, Lee" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Aw: Asking for a review of draft-ietf-opsec-v6-08 Hi Eric, the draft is very well written and contains useful guidance/recommendations. Sections 2.4 and 2.5 do not contain much IPv6-specific information and sections 2.7.2.* do not give much guidance. However, these three sections together amount to ~11 pages (1/3 of the document). If you could shorten these sections, the document would become more manageable. EVY>> hum good idea: we the authors also feel that the overall text could be improved in the form (keeping the content), alas, we also lack time to redo much of it... (see my reply 4 weeks after your review!) Some minor comments and nits: 2.1.2 "... The latter would be problematic." I suspect by "latter" you mean NPTv6. Better make that explicit. EVY>> actually, we meant that IPv6 NAPT is problematic regarding logging... Thanks "A typical argument is that there are too many mistakes made with filters and ULAs make things easier to hide machines." Why "to hide machienes"? I would suggest "to set filters". 2.1.4 "... privacy extension addresses should be used" Punctuation mark is missing. 2.2 still TBD EVY>> argh indeed, cannot fix it in -09, so, a -10 is to be expected 2.3.2 "... for protecting hosts connected against..." "Connected hosts" maybe!? 2.3.4 "RFC6980 [RFC6980] aims to update RFC4861 [RFC4861]" "[RFC6980] updates [RFC4861]" EVY>>> time flies... The original sentence was written when RFC 6980 was still a draft... 2.7.2 "embeb" -> embed 2.7.2.4 "... operational problems" Punctuation mark is missing. EVY>> Sigh... Working in XML does not help :-( Thanks 2.7.2.8 The second "MAP-E" should be "MAP-T". 2.8 "device to authenticated" -> "device authenticated" EVY>> ??? We wanted to say that only authenticated and authorised user can manage the devices (changed the text to "authorised users" as authorisation requires authentication) 3.1 "bogon and reserved space" Some links might be helpful (e.g. to IANA). 5 "[RFC7084] (which obsoletes [RFC6204]" Missing ")" "[RFC7084] states that a clear choice must be given to the user to select one of those two policies." Does it? I did not find the corresponding passage. EVY>> good catch, it is REC-49 of RFC 6092 Throughout the document there are some "IPV6", "DOS" and " ", which should be replaced with "IPv6", "DoS" and " ". I hope these comments are helpful. Cheers, Markus ---- Ein Mi, 15 Jun 2016 12:50:29 +0200 Eric Vyncke (evyncke)<[email protected]<mailto:[email protected]>> hat geschrieben ---- The authors (and OPSEC WG chairs) would really appreciate if a review of https://tools.ietf.org/html/draft-ietf-opsec-v6-08 is done in the coming days/weeks (in time to submit a -09 in case it needs to be amended). This I-D is about the operation security considerations when operating an IPv6 network (both as Service Provider and enterprise/subscriber). Thanks a lot in advance for your review and be sure to include [email protected]<mailto:[email protected]> in your reply. - the authors (Merike, KK and Eric) - the chairmen (Gunter and Eric) PS: Markus, Fred, Fernando and Lee, as you kindly volunteered to review it during IETF-95, I also put your names ;-)
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
