[lacnog] [BCOP] BCOP Draft-2: open for comments

JORDI PALET MARTINEZ jordi.palet en consulintel.es
Mar Jun 19 13:16:05 BRT 2018


I think you're reading an older version. It has been decided to be a complementary document from RFC7084, not updating it.



https://datatracker.ietf.org/doc/draft-ietf-v6ops-transition-ipv4aas/?include_text=1



Regards,

Jordi

 

 



-----Mensaje original-----

De: Lucimara Desiderá <lucimara en cert.br>

Fecha: martes, 19 de junio de 2018, 17:52

Para: JORDI PALET MARTINEZ <jordi.palet en consulintel.es>, This list is to discuss BCOPs in LACNOG <bcop en lacnog.org>, Latin America and Caribbean Region Network Operators Group <lacnog en lacnic.net>

Asunto: Re: [BCOP] BCOP Draft-2: open for comments



    

    

    On 19/06/18 12:42, JORDI PALET MARTINEZ wrote:

    >      > Hi Lucimara,

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      > I just responded to Christian regarding the BCOP for IPv6 requirements, but let me be more specific. If you're referring to RIPE554, that one is more targeted to ICT equipment in general, not CPEs, and in general, I think IPv6 is relevant as a MUST for any new acquisition, which means it should be stated in every BCOP.

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      > A reference to a draft is always updated by IETF with the corresponding RFC number. Same as when an RFC is updated, etc.

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      > Also, it may depend on the time of publication of our document, may be by then a draft is already an RFC.

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      > And you have always a way to incorporate text to explain it, something like "xxxx IETF WG is working on this document, and if approved it MUST be also fullfilled".

    > 

    >      

    > 

    >      I prefer saying  "MUST support RFC xxxx and all its updates."

    > 

    > 

    > 

    > Nope, because not all the documents in IETF update others ...

    > 

    > 

    > 

    >      

    > 

    >      This way, if/when the update is approved, it will automatically be part

    > 

    >      of the requirement. No need to name any draft or IETF WG. Otherwise the

    > 

    >      BCOP document will be outdated when the draft changes.

    > 

    >   

    > 

    > A BCOP is a live document. The name says it: "Best Current". Every few years may need some updates. We can't expect to be the same forever. Even IETF BCPs sometimes need to be updated. I strongly disagree with not having something useful in a BCOP document because will be outdated, it will not make sense!

    > 

    Yes, BCOPs should be updated frequently but is not desirable to 

    purposely make it to be obsolete soon.

    

    I keep my view that we can't put a MUST requirement in something that is 

    not approved yet. The draft itself says it will "Updates: RFC7084 (if 

    approved)"

    

    So IF APPROVED it will turn into a MUST requirement in the BCOP.

    

    > 

    > 

    >    

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      > Regards,

    > 

    >      >

    > 

    >      > Jordi

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      > -----Mensaje original-----

    > 

    >      >

    > 

    >      > De: Lucimara Desiderá <lucimara en cert.br>

    > 

    >      >

    > 

    >      > Fecha: lunes, 18 de junio de 2018, 22:31

    > 

    >      >

    > 

    >      > Para: This list is to discuss BCOPs in LACNOG <bcop en lacnog.org>, JORDI PALET MARTINEZ <jordi.palet en consulintel.es>, Latin America and Caribbean Region Network Operators Group <lacnog en lacnic.net>

    > 

    >      >

    > 

    >      > Asunto: Re: [BCOP] BCOP Draft-2: open for comments

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >      On 16/06/18 14:40, JORDI PALET MARTINEZ wrote:

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >      Guys,

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >      > I see your point, and I hope nobody is so short-minded to read the document that way.

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > However, just in case, we can have a prominent General Requirement:

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > GR-03: The CPE MUST support IPv6 following RFC7084 and transition mechanisms (draft-ietf-v6ops-transition-ipv4aas), in order to avoid the risk of a premature obsolescence.

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >      We have to take a lot of care here:

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >      1) I think this is a bit out of scope of this document especially

    > 

    >      >

    > 

    >      >      because there is an specific BCOP for IPv6 requirements. (Maybe it is

    > 

    >      >

    > 

    >      >      time to update that).

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >      We have tried to cover IPv6 security when included that SHOULD support

    > 

    >      >

    > 

    >      >      RFC 6092 and also anti-spoofing for both IPv4 and IPv6.

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >      Suggestions are welcome for other aspects of IPv6 Security that are not

    > 

    >      >

    > 

    >      >      covered in this draft and should be.

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >      2) We can't put a MUST for implementation based on a draft. In fact I

    > 

    >      >

    > 

    >      >      think we can't even include as optional because drafts can change at any

    > 

    >      >

    > 

    >      >      moment (or being abandoned unfinished).

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > The mention to draft-ietf-v6ops-transition-ipv4aas will be sufficient once it is an RFC, because it already has a MUST for RFC7084.

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > I think it makes a lot of sense.

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > Regards,

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > Jordi

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > De: BCOP <bcop-bounces en lacnog.org> en nombre de Jan Zorz <zorz en isoc.org>

    > 

    >      >

    > 

    >      >      > Responder a: This list is to discuss BCOPs in LACNOG <bcop en lacnog.org>

    > 

    >      >

    > 

    >      >      > Fecha: sábado, 16 de junio de 2018, 15:59

    > 

    >      >

    > 

    >      >      > Para: "bcop en lacnog.org" <bcop en lacnog.org>

    > 

    >      >

    > 

    >      >      > Asunto: Re: [BCOP] BCOP Draft-2: open for comments

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > He he, should we declare absence of IPv6 support a security risk? :D

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > On a serious note - somebody could go, get this list of requirements, discover that IPv6 is not a requirement and with straight face order cpe's without IPv6 support. That's a risk that I see.

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > I would add just a sentence at the beginning that it is presumed for the purpose of the document that IPv6 and IPv4 protocols are supported, implemented and enabled.

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > Cheers, Jan

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > ---

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > Sent from mobile phone, please excuse brevity and top-posting

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > On 16 Jun 2018, at 16:33, JORDI PALET MARTINEZ <jordi.palet en consulintel.es> wrote:

    > 

    >      >

    > 

    >      >      > Hi Jan,

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > It is a "minimum security for acquisition", not minimum features ... Those features are better documented in RFC7084 and if you want to support transition soon, hopefully in the RFC resulting from draft-ietf-v6ops-transition-ipv4aas

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > I think when done, we can also bring it to RIPE ?

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > Regards,

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > Jordi

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > -----Mensaje original-----

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > De: BCOP <bcop-bounces en lacnog.org> en nombre de Jan Zorz - ISOC <zorz en isoc.org>

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > Responder a: This list is to discuss BCOPs in LACNOG <bcop en lacnog.org>

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > Fecha: sábado, 16 de junio de 2018, 15:27

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > Para: <bcop en lacnog.org>

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > Asunto: Re: [BCOP] BCOP Draft-2: open for comments

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >      On 16/06/2018 04:59, Lucimara Desiderá wrote:

    > 

    >      >

    > 

    >      >      >   Hello LACNOG Community

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >   After two rounds of discussions, we are releasing today the Draft-2 of

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >   the BCOP document "Minimum security requirements for CPEs acquisition".

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >   Until July 22, 2018, the Draft-2 will be open for comments and

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >   suggestions from the whole LACNOG community and you are all welcome to

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >   provide feedback and make contributions. Contributors from M3AAWG will

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >   also have the opportunity to review the document.

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >   The Draft-2 is available at the link below. In order make comments and

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >   to see others' suggestions, please sign in to Google Docs and request

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >   permission to edit.

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >   https://docs.google.com/document/d/1_Sa8ZEnKXiAnh_xRc-J44VXadUGdr98MT_MZrA5sALc/edit?usp=sharing

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >      Hey,

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >      Thank you for sharing, this is a great document. I skimmed through while

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >      waiting for my flight home at Helsinki airport and document looks in

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >      good shape. It's a bit IETF-ish, but on the other hand that also gives

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >      clarity to the language.

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >      One thing that I'm missing is that IPv6 is not requested as a must

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >      anywhere. Do we presume that new CPEs have IPv6 by default anyway?

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >      Cheers and thnx, Jan

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >      BCOP mailing list

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >      BCOP en lacnog.org

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >      https://mail.lacnic.net/mailman/listinfo/bcop

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > **********************************************

    > 

    >      >

    > 

    >      >      > IPv4 is over

    > 

    >      >

    > 

    >      >      > Are you ready for the new Internet ?

    > 

    >      >

    > 

    >      >      > http://www.consulintel.es

    > 

    >      >

    > 

    >      >      > The IPv6 Company

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > BCOP mailing list

    > 

    >      >

    > 

    >      >      > BCOP en lacnog.org

    > 

    >      >

    > 

    >      >      > https://mail.lacnic.net/mailman/listinfo/bcop

    > 

    >      >

    > 

    >      >      > _______________________________________________ BCOP mailing list BCOP en lacnog.org https://mail.lacnic.net/mailman/listinfo/bcop

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > **********************************************

    > 

    >      >

    > 

    >      >      > IPv4 is over

    > 

    >      >

    > 

    >      >      > Are you ready for the new Internet ?

    > 

    >      >

    > 

    >      >      > http://www.consulintel.es

    > 

    >      >

    > 

    >      >      > The IPv6 Company

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >      > _______________________________________________

    > 

    >      >

    > 

    >      >      > BCOP mailing list

    > 

    >      >

    > 

    >      >      > BCOP en lacnog.org

    > 

    >      >

    > 

    >      >      > https://mail.lacnic.net/mailman/listinfo/bcop

    > 

    >      >

    > 

    >      >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      > **********************************************

    > 

    >      > IPv4 is over

    > 

    >      > Are you ready for the new Internet ?

    > 

    >      > http://www.consulintel.es

    > 

    >      > The IPv6 Company

    > 

    >      >

    > 

    >      > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

    > 

    >      >

    > 

    >      >

    > 

    >      >

    > 

    >      

    > 

    > 

    > 

    > 

    > **********************************************

    > IPv4 is over

    > Are you ready for the new Internet ?

    > http://www.consulintel.es

    > The IPv6 Company

    > 

    > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

    > 

    > 

    > 

    




**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.





Más información sobre la lista de distribución LACNOG