[lacnog] [BCOP] BCOP Draft-2: open for comments

Lucimara Desiderá lucimara en cert.br
Lun Jun 18 17:35:37 BRT 2018 

Guys,

On 16/06/18 14:40, JORDI PALET MARTINEZ wrote:
> I see your point, and I hope nobody is so short-minded to read the document that way.
> 
>   
> 
> However, just in case, we can have a prominent General Requirement:
> 
>   
> 
> GR-03: The CPE MUST support IPv6 following RFC7084 and transition mechanisms (draft-ietf-v6ops-transition-ipv4aas), in order to avoid the risk of a premature obsolescence.

We have to take a lot of care here:

1) I think this is a bit out of scope of this document especially 
because there is an specific BCOP for IPv6 requirements. (Maybe it is 
time to update that).

We have tried to cover IPv6 security when included that SHOULD support 
RFC 6092 and also anti-spoofing for both IPv4 and IPv6.

Suggestions are welcome for other aspects of IPv6 Security that are not 
covered in this draft and should be.

2) We can't put a MUST for implementation based on a draft. In fact I 
think we can't even include as optional because drafts can change at any 
moment (or being abandoned unfinished).
> 
>   
> 
> The mention to draft-ietf-v6ops-transition-ipv4aas will be sufficient once it is an RFC, because it already has a MUST for RFC7084.
> 
>   
> 
> I think it makes a lot of sense.
> 
> 
> Regards,
> 
> Jordi
> 
>   
> 
>   
> 
>   
> 
> De: BCOP <bcop-bounces en lacnog.org> en nombre de Jan Zorz <zorz en isoc.org>
> Responder a: This list is to discuss BCOPs in LACNOG <bcop en lacnog.org>
> Fecha: sábado, 16 de junio de 2018, 15:59
> Para: "bcop en lacnog.org" <bcop en lacnog.org>
> Asunto: Re: [BCOP] BCOP Draft-2: open for comments
> 
>   
> 
> He he, should we declare absence of IPv6 support a security risk? :D
> 
> On a serious note - somebody could go, get this list of requirements, discover that IPv6 is not a requirement and with straight face order cpe's without IPv6 support. That's a risk that I see.
> 
> I would add just a sentence at the beginning that it is presumed for the purpose of the document that IPv6 and IPv4 protocols are supported, implemented and enabled.
> 
> Cheers, Jan
> 
> ---
> 
> Sent from mobile phone, please excuse brevity and top-posting
> 
> On 16 Jun 2018, at 16:33, JORDI PALET MARTINEZ <jordi.palet en consulintel.es> wrote:
> Hi Jan,
> 
> 
> 
> It is a "minimum security for acquisition", not minimum features ... Those features are better documented in RFC7084 and if you want to support transition soon, hopefully in the RFC resulting from draft-ietf-v6ops-transition-ipv4aas
> 
> 
> 
> I think when done, we can also bring it to RIPE ?
> 
> 
> 
> Regards,
> 
> Jordi
> 
>   
> 
>   
> 
> 
> 
> -----Mensaje original-----
> 
> De: BCOP <bcop-bounces en lacnog.org> en nombre de Jan Zorz - ISOC <zorz en isoc.org>
> 
> Responder a: This list is to discuss BCOPs in LACNOG <bcop en lacnog.org>
> 
> Fecha: sábado, 16 de junio de 2018, 15:27
> 
> Para: <bcop en lacnog.org>
> 
> Asunto: Re: [BCOP] BCOP Draft-2: open for comments
> 
> 
> 
>      On 16/06/2018 04:59, Lucimara Desiderá wrote:
>   Hello LACNOG Community
>   
>   
>   
>   After two rounds of discussions, we are releasing today the Draft-2 of
>   
>   the BCOP document "Minimum security requirements for CPEs acquisition".
>   
>   
>   
>   Until July 22, 2018, the Draft-2 will be open for comments and
>   
>   suggestions from the whole LACNOG community and you are all welcome to
>   
>   provide feedback and make contributions. Contributors from M3AAWG will
>   
>   also have the opportunity to review the document.
>   
>   
>   
>   The Draft-2 is available at the link below. In order make comments and
>   
>   to see others' suggestions, please sign in to Google Docs and request
>   
>   permission to edit.
>   
>   
>   
>   https://docs.google.com/document/d/1_Sa8ZEnKXiAnh_xRc-J44VXadUGdr98MT_MZrA5sALc/edit?usp=sharing
> 
>      
> 
>      Hey,
> 
>      
> 
>      Thank you for sharing, this is a great document. I skimmed through while
> 
>      waiting for my flight home at Helsinki airport and document looks in
> 
>      good shape. It's a bit IETF-ish, but on the other hand that also gives
> 
>      clarity to the language.
> 
>      
> 
>      One thing that I'm missing is that IPv6 is not requested as a must
> 
>      anywhere. Do we presume that new CPEs have IPv6 by default anyway?
> 
>      
> 
>      Cheers and thnx, Jan
> 
> 
>      BCOP mailing list
> 
>      BCOP en lacnog.org
> 
>      https://mail.lacnic.net/mailman/listinfo/bcop
> 
>      
> 
> 
> 
> 
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.consulintel.es
> The IPv6 Company
> 
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
> 
> 
> 
> BCOP mailing list
> BCOP en lacnog.org
> https://mail.lacnic.net/mailman/listinfo/bcop
> _______________________________________________ BCOP mailing list BCOP en lacnog.org https://mail.lacnic.net/mailman/listinfo/bcop
> 
> 
> 
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.consulintel.es
> The IPv6 Company
> 
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
> 
> 
> 
> 
> _______________________________________________
> BCOP mailing list
> BCOP en lacnog.org
> https://mail.lacnic.net/mailman/listinfo/bcop
>

Más información sobre la lista de distribución LACNOG