►
From YouTube: IETF96-OPSEC-20160720-1400
Description
OPSEC meeting session at IETF96
2016/07/20 1400
B
A
Hello,
welcome
welcome
everybody.
You
have,
you
know,
ended
up
in
the
operation.
Security
working
group,
I
hope
that
was
showing
tension.
If
not
you
know
the
it's
very
nice
weather
outside
also,
you
can
also
enjoy
the
wonderful
things
of
Berlin
so
going
to
the
next
page
here.
So
before
we
kick
off
there
like
a
few
administrative
things,
we
need
to
figure
out,
so
the
blue
sheets
are
being
you
know,
they're
going
around
right
now.
Now
there
is
a
little
bit
of
an
unfortunate
situation
about
them.
B
A
A
A
Okay,
thank
you.
Thank
you
so
going
forward.
We
also
have
the
the
note
well,
which
you
have
probably
you
know
seen
already
a
few
times.
You
know
since
the
last
idea,
if
you
have
updated
it
on
you
know
on
this
slide
here
and
for
the
lost
version.
I'm,
not
the
lawyer,
so
I
have
no
clue
what
was
the
difference
between
the
one
before
the
last
one
and
the
last
one
but
I
know
take
it
into
account.
It's
important
and
then
I
believe
we
go
to
the
agenda.
E
F
A
Okay,
okay,
so
just
just
a
quick
recap:
you
know
what
I
denote
IDF
95
million
as
heirs.
We
had
like
two
sections:
there
were
like
pretty
densely
packed
with
documents
and
with
information,
so
that
went
all
pretty
well
now,
as
a
result
of
that.
At
this
point
in
time,
we
have
like
two
active
working
group
documents:
the
extension
header
filtering
for
v6
and
the
v6
no
document
which
will
be
discussed
here
is
the
first
topic
in
our
agenda
here
and
we
also
ended
up
with
one.
You
know
relatively
active
document
to
do
with
the
ipv6.
A
You
know
threat
model
elements.
For
the
rest,
we
didn't
really
have
any
documents
going
towards
iesg
and
all
other
you
know
big
disasters
or
you
know
progress
we'd
actually
happened.
You
know
within
the
operation
security
working
group
also
as
an
observation,
the
discussions
in
the
working
group
list.
You
know
the
earth,
it
can
be
improved.
I
think-
and
I
know
I
would
actually
like
to
ask
the
work
group
also
if
people
commit
to
actually
you
know,
do
read
a
note.
A
Reviews
of
drafts
know
during
one
of
these
sessions
here
to
also
come
forward
and
execute
on
those
reviews.
It
will
be
appreciated
by
the
members
of
the
working
group
and
also
particularly
by
the
you
know,
by
the
authors
of
the
documents
so
moving
onwards,
so
agenda
bashing.
So
this
is
the
agenda.
What
we
have
set
up.
We
have
three
topics
today,
any
comments,
any
suggestions,
any
requests
for
modifications.
Please
pick
up
nope.
Okay,
then
we
have
an
agenda
yep.
B
And
you
will
know
that
we
have
plenty
of
time
so
discussion,
a
modern
welcome
and
we
can
go
over
the
20
minutes
per
slot
easy
okay.
So
I
will
advise
the
author,
basically
explaining
as
well.
What
are
their
draft
about?
The
document
about
sue
newcomers
can
understand
what
you
are
talking
about.
As
we
have
time.
B
B
B
It
has
been
running
since
2012,
usually
a
good
amount
of
interaction.
What
we
change
into
the
latest
revision,
which
is
09,
is
basically
adding
some
references
to
new
document,
notably
the
one
from
fred
baker
about
the
hop-by-hop
extension
headers,
which
was
a
major
threat,
usually
on
network,
but
Fred
proposal
is
basically
changing
the
behavior
in
this
chain.
If
you
have
nothing
configure
on
an
interface
that
we
cried,
the
inspection
of
hot
biopic
senators,
pretty
much
like
RSVP,
for
instance,
you
do
not
need
to
inspect
so
that's
a
proposed
on
their
editors.
B
Well,
new
references
to
existing
document
and
I
was
talking
some
point
of
time
into
this
document
about
an
at
64,
mainly
from
the
stage
foot
point
of
view,
but
we
see
more
and
more
deployment
of
stateless,
not
64,
specifically
in
AP
physics,
only
data
center.
So
we
did
a
brief
sentence
on
this.
I
mean
for
the
security
aspect
is:
doesn't
change
a
lot
thanks
to
the
review
of
many
people.
B
A
lot
of
typos
has
been
fixed,
so
that's
good,
and
then
we
asked
mid-june
for
comments,
because
in
bruno's
arrest,
three
people,
including
a
guy
called
Fernanda
gun
just
in
front
of
the
Rope,
promised
basically
to
review
document
and
send
commands
you
receive
comments
from
near
watford
baker
and
marcus
and
a
few
others.
No
to
be
honest
as
a
no
today
I
was
running
out
of
steam
from
due
to
vacation,
preparing
this
and
so
on.
So
at
dinner,
I
was
unable
to
act
upon
all
the
comments,
so
I
stopped
briefly.
B
Just
before
year
was
command,
which
is
pretty
long,
so
don't
ask
and
basically
the
outward
in
209
and
just
want
to
be
sure
that
the
change
we
made
there
to
comply
with
your
review
of
others
still
kind
of
got.
The
consensus
in
the
group.
One
of
the
part
was
that
we
said
at
the
beginning
that
RPV's
is
solemn
during
is
doable,
but
in
practice
impossible
to
do
we
change
it
into
in
practice.
It
may
be
extremely
difficult
to
remember,
except
if
you
have
a
good
eye,
Pam
cause
they
need.
B
It
comes
a
little
bit
easier
which
and
refusing,
as
were,
regarding
the
ownership
of
an
address
and
text
regarding
law
enforcement
agency.
That
can
tell
you
basically
who
is
dis
address
on
oh.
Can
we
block
an
address
to
do
that
blah
blah
blah
blah,
so
we
add
it
to
qualification
there
and
mr.
active
ownership
of
an
address
and
with
technical
responsible
could
be
very
different.
B
We
remove
the
text
about
law
enforcement
agency
and
simply
add
the
text,
because
not
only
l
EA
can
ask
you
to
shut
down
some
traffic,
but
you
as
well
as
an
operator.
You
want
to
do
it
on
your
own
in
case
of
whatever
incident
there.
So
I
don't
think
they
are
critical
again.
If
you
don't
agree
with
the
change,
that's
now
must
be
0.
Never
so
neither
a
recliner
Lorenzo
quality
are
in
the
room
because
there's
a
ferry
topic
of
them
of
mine
as
well.
B
G
Think
there's
a
I,
don't
know
if
it's
active
but
I
think
there
was
a
document
in
v6
ops
about
the
usage
of
your
lies.
Yeah.
That
might
be
interesting
to
be
honest,
I
haven't
been,
you
know,
tracking
it
so
I,
don't
know
if
it
has
been
dropped
or
it's
like
still
be
imported
but
might
be
useful.
It's
already
the.
B
Usage
of
la's
already
referred
by
this
document,
but
the
last
sentence
that
the
ITF
does
not
recommend
the
use
of
you
la
NPT
I
hate
to
write
the
sentence
into
a
document
without
hitting
as
reference.
So
if
anybody
knows
about
the
reference
or
to
find
it,
I
use
google
sorry,
but
I
wasn't
able
to
find
it.
B
E
Joe
legally,
this
is
literally
like
one
of
the
most
fun
things
you
can
try
and
get
a
recommendation
on
out
of
any
group
in
the
IDF
is
what
and
how
to
do
things
with
you
la's
so
yeah
I
mean
finding
a
consensus
position
there.
That's
like
that,
you
can
point
to
in
this
document
is
not
likely.
So
that
means
you
know.
Your
position
should
be
in
this
document.
Okay,.
E
H
H
I
H
I
B
Only
two
minutes
on
this
topic,
mocking
strange
I,
was
expecting
to
pass
privacy
addresses
we
added
the
sentence
and
sing
it
once
they
recline
proposing
it
that
dot1x
can
indeed
with
reduce
accounting
use.
Accounting
can
also
lock
the
use
of
ipv6
addresses
and
a
username
so,
which
is
good
now
I've,
been
told
by
class.
Fear
anger
that
when
you're
using
structure
like
Eddie
Rome,
you
will
get
the
username
being
anonymous
so
which
that's
not
help.
So
we
need
to
change
the
text
day
around
it.
This
way,
stateful
dhcp
lease.
B
So
as
a
point
of
time,
we
were
telling
ya
dhcp
scan
of
cool
because
you
get
a
static,
IP
v6
addresses,
even
it
doesn't
help
so
much
about
finding
waste
using
these
mystics
address.
But,
of
course,
if
you
want
to
use
the
stat
the
static
v6
addresses
per
user,
you
need
to
be
sure
it's
always
map
to
the
same
mac
address
to
the
same
port
on
the
switch
there's.
B
A
reason
why
we
added
detailing
security
is
pretty
much
like
da
twenties,
so
next
step
for
us,
the
tree
otters
really
want
to
get
this
moving
and
acting
on
all
the
comments.
There
is
also
one
complete
section,
which
is
about
extension
headers,
which
is
currently
three
letters
TBD,
which
is,
of
course
a
little
bit
too
too
small.
I
would
like
to
refer
to
your
draft,
and
I
would
have
really
that
after
me,
you
explain
a
bit
more
what's
inside.
B
The
only
thing
I
want
to
do
is
really
make
a
difference
in
this
document
between
transit
provider.
That,
in
my
opinion,
say,
should
not
touch
extension
address
except
accession
errors
that
are
damaging
to
the
infrastructure
and
enterprise
edge
middle
box
firewall
or
whatever.
They
should
know
approach
a
whitelist
approach.
I
do
not
know,
let's
say
mobile
ipv6,
so
I
have
no
reason
to
accept
routing
header
and
destination
header
on
this
kind
of
stuff.
B
Biyanka
Panthers
will
not
send
a
lot
of
comments
like
such
as
removing
references
to
death
ID.
If
you
remember
23
years
ago,
there
were
a
lot
of
discussion
regarding
NDP
and
the
efficiency
of
NDP
over
Wi-Fi
and
changing
timers
and
the
like.
Those
ID
has
been
merged
as
something
so
we
simply
remove
them.
B
B
B
Other
suggestions:
should
we
talk
about
the
privacy
section,
I,
don't
see
how
it
would
fit
here.
That's
about
operational
security
of
a
network.
If
you
want
to
say
privacy
of
a
network,
don't
know
whether
we
can
still
really
apply
this,
but
it
should
be
a
different
document
so
busy
he
does
too
am
going
push
it
around
at
anyway,
thanks
to
Bryan
face
command.
Of
course,
then
I
started
to
pass
the
long
list
of
gear.
What
commands
it's
about
six
page,
so
we
thank
you
very
much
for
sending
them.
B
Many
of
them
are
about
English
and
typos,
and
suggestions
for
texts,
I'm
skipping
them
only
focusing
on
the
most
important
point,
and
one
is
that
you
say
that
this
is
a
draft
which
is
informational,
but
in
some
place
you
are
recommend,
doing
recommendation
or
best
practice
so
which
is
not
the
best
practice
document.
They
are
not
aiming
this.
We
want
to
be
informational
to
be
some.
It's
simpler.
J
B
Announcing
for
these
documents
will
be
22
code
about
best
given
practice,
so
we
need
to
change
the
text
and
afraid
and
that's
why
we
started
this
document
in
2012
just
before
the
world
that
pv6
lounge
we're
talking
about.
Ipv6
is
new
and
you
and
you
and
you
on
one
side
is
no
Manu
I
mean
there
are
people
in
this
room
at
least
50
see
if
I
can
see
that
I
use
to
run
ipv6
Network
safely
for
45
years
now,
so
it's
the
more
new
for
them.
B
Okay,
but
maybe
it's
still
new
for
somebody
which
is
reading
the
document
all
fully
before
deploying
activities
in
the
network,
not
five
years
after
okay.
So
I
will
change
them
out
the
text,
but
it's
still
for
newcomers
in
the
ipv6
world.
So
I
will
keep
the
new
but
change
it
somehow
any.
I
got
some
proposal
as
well
for
the
ula
press
and
PTV
6
section
there.
I
put
one
sentence
and
I
do
not
want
to
open
this
can
of
form.
So
I
would
suggest
that
we
keep
this
sentence
here.
B
I
mean
changing
authors
with
the
deny
ATF
many
anguish.
As
I
said
now,
there
was
a
section
about
3gpp
which
basically
it
was
yuri
rotting
it
a
couple
of
years
ago,
and
we
simply
cut
and
paste,
because
familiy
gpp
is
a
different
vocabulary
for
the
same
concept
so
and
we
need
to
do
some
rewarding.
So
I
read
between
the
line
that
Lee
was
volunteering.
To
do
to
be.
Writing.
Thank
you
need,
okay,
and
that's
it
so
by
points
that
again,
I
would
love
to
really
to
finish
this
document
and
get
up.
H
Clinical
question
about
section
about
I
using
multicast
and
battery
lives,
and
so
all
right,
you
for
some
reason,
do
not
refer
to
RFC
777,
to
which
recommends
vendors
to
use
unicast
erase
that
arrays
to
reduce
a
battery
life
consumption.
And
do
you
think
it
should
be
explicitly
say
that
multicast
snooping
might
be
useful
feature
in
this
case,
because
I
have
not
found
any
reference
to
it
in
the
document?
Okay,.
G
You
Fernando
it's
not
that
I
suggest
that
you
cover
this
topic
because
it
might
get
Lee
might
be
like
you
know,
my
stock,
the
document,
but
when
you
were
covering
savvy
I,
was
wondering
you
know
that
in
some
lists
or
actually
in
practice,
they
are
discussing
mac,
address,
randomization
and
I'm
curious
about
you
know
what
effect
that
might
have
on
what
some
of
the
stuff
that
we
are
currently
employing.
I'm,
not
suggesting
that
you
cover
that,
because
I
guess
that
is
like
territory
that
it's
kind
of
like
unknown
to
some
extent.
B
J
Lee
Howard,
you
had
asked
about
a
privacy
considerations,
section
I
tend
to
think
you're
right
as
I
look
back
at
the
the
title
in
the
abstract
we
might
just
because
we
like
to
have
a
privacy
considerations,
see
if
there's
some
kind
of
thinking
out
loud
so
for
a
network
operator.
What
are
their
privacy
considerations?
There
might
be
logging
considerations
of
customer
proprietary
network
information
or
PII
private,
you
personally
identifiable
information
which
could
include,
for
instance,
IP
addresses,
especially
if
they're
you
know,
FFF
e
addresses.
J
That
sounds
like
a
reasonably
short
section
so
that
you
know
I'm
going
to
I'm
going
to
send
you
text
for
privacy
considerations
and
hope
that
somebody
else
will
post
the
list
or
something
and
say
hey
I
thought
of
this
also
might
go
in
that
section.
As
for
the
3gpp
section,
I
think
my
comment
was
this
was
educational
for
me
because
I
didn't
know
anything
about
how
3gpp
does
this,
which
makes
it
really
hard
for
me
to
try
and
suggest
what
it
ought
to
say.
J
Having
said
that,
because
I
want
to
support
you
in
getting
this
out,
I
will
try
to
find
somebody
who
does
not
wait.
Looking
around
anybody
here
know
anything
about
3gpp.
Oh
hey,.
E
E
B
A
He
also
you
know
from
perspective
that
his
draft
has
been
active
from
like
2012.
You
said,
so
it
will
be
interesting
to
come
to
a
closure.
So
what
I
was
thinking
about
doing
to
sort
of
try
to
facilitate
that?
If
you
can
actually
spin,
like
you
know
other
quickly,
like
Ashton,
you
check
actually
with
the
main
people
who
provided
you
with
comments,
and
then
we
do
like
a
short.
You
know,
lost
working
group
last
call,
and
then
we
can
actually
move
this
thing
forward.
So.
C
K
Good
afternoon
everyone,
my
name,
is
Mario
georgescu
I'm
from
nine
state
of
Science
and
Technology
and
I'm
be
talking
about
an
attempt
to
build
a
threat
model
for
ipv6
trends
and
technologies.
Here
so
yeah,
let's
dive
in
essentially
I.
This
is
my
slide.
I've
been
showing
a
lot
in
BMW
gee.
Maybe
some
other
people
know
it
as
well.
K
Yeah
I'm
sure
many
or
all
of
you
know
about
the
lack
of
backwards
compatibility
in
ipv6
and
the
fact
that
we
only
have
like
a
pistol
six
percent
of
our
key
v6
preference
in
like
world
wide
usage
and
that
yeah
we'll
have
to
go
through
to
the
transition
period,
and
many
of
you
actually
probably
worked
on
developing
these
trends
and
technologies
there.
There
are
a
couple
now:
there's
there's
great
diversity
and
I.
K
It
begs
the
question
like
what
are
the
implications
of
using
this
fraction
technologies
implications
on
security
of
using
Eastern
Asian
technologies
in
a
network.
I
think
there
are
like
very
fair
amount
of
security
considerations
in
one
of
the
RFC's
already
published,
but
in
at
least
my
opinion
and
other
people,
I've
talked
to
there's
some
lack
of
structure.
That's
that's!
What
we're
trying
to
bring
in
with
this
thread
model-
and
we
are
trying
to
use
the
stride
approach.
We
have
a
reference
now.
Thank
you
all
for
noticing.
K
There
wasn't
one
on
the
draft,
so
it's
referencing
experiences,
since
we
thread
modeling
at
Microsoft
from
Adam
short
stack
Eddie
on
that's
the
main
point
of
the
draft
is
prob.
It
provides
complementary
security
considerations
to
RSC
494
to
and
as
collateral
dope
contributions.
We
think
this
might
apply
to
like
protocols
developed
in
the
IDF,
some
of
the
generic
steps
that
are
considered
for
stride.
So
now
the
steps
are
fairly
simple.
So,
first
of
all,
we
have
to
establish
sort
of
function
or
detail
the
function
that
the
transition
technology
is
supposed
to
be
doing.
K
Also,
we
we
propose
the
way
to
generically
classify
generation
technologies
in
the
beamed
up,
BMW
draft
and
we're
thinking.
This
giant
classification
can
be
reused
here
because
some
of
the
threat
analysis
data
can
be
reused
for
multiple
duration
technologies.
Then,
of
course,
we'll
have
to
decompose
the
technology.
Look
at
the
sub
components,
look
at
the
sub
protocols
and
essentially
establish
more
of
the
attack
area.
K
Then
the
most
important
part
identified
the
threats
we
will
have
strike.
The
data
flow
diagram
association
that
we
proposed
some
levels
of
trust
documenting
some
of
the
threats
in
a
standardized
format
and
yeah.
Look
at
some
of
the
complex
threats
that
might
arise
between
the
like.
The
combination
of
the
basic
threats
and
yeah
validation
has
the
the
last
step
through
some
penetration
testing
or
or.
H
K
So
this
is
I'm
fairly
sure.
Most
of
you
know
about
stride,
but
just
to
give
a
quick
overview
stride,
this
essentially
I'm
mnemonic
and
a
classification
model
which
stands
for
spoofing,
tampering,
repudiation
information,
disclosure,
denial
of
service
and
elevation
of
privilege,
and
these
threat
to
do
it.
So
the
third
classification
also
gives
a
rough
idea
on
how
the
trash
can
be
mitigated,
because
the
desired
properties
associated
course,
our
authentication,
integrity,
accountability,
confidentiality,
availability
and
authorization
and
yeah
just
some
examples
at
this
level
because
we're
talking
about
they
are
three
layer
for
technologies
and
yeah.
K
You
may
think.
Well,
how
does
elevation
of
privilege
will
look
work
here?
Well,
if
you
get
an
access
to
a
privileged
part
of
the
network,
that's
salvation
of
privilege
now
yeah
in
establishing
the
function.
We
we
gave
some
examples
for
the
general
classic
the
categories
we
define
so,
for
example,
for
those
that
Network
the
function
would
be
yeah
well.
I
know
this
is
the
generic
step.
This
is
the
section
5.1
for
those
dr.
engine
technologies,
so
ensuring
a
safe
data
exchange
between
a
nodes
over
a
tall
stack
infrastructure.
K
Now,
in
terms
of
the
general
categories
and
how
they
can
be
associated
with
the
existing
transition
technologies,
this
is
so.
The
four
groups
would
be
dual
stack:
single
translation,
double
translation
and
encapsulation
and
is
how
this
is
how
some
of
the
trends
and
technologies
we'd
fall
into.
These
groups
like
have
draw
a
light
layer
operator
operations,
RFC,
242,
13
or
and
double
translation
for
64,
X,
lat
and
so
on.
K
Now
there
were
some
there
wasn't
discussions.
We
had
received
some
feedback
form
Fernando
Don
about
the
DFT
elements
and
how
we
should
be
like
that.
How
the
elements
that
were
used
in
Microsoft
and
network
elements
could
be
mapped
and
I
guess
this.
This
is
a
fairly
controversial,
I
I,
don't
really
know
so.
This
is
how
I
define
them
for
now.
If
you
have
any
feedback,
it's
welcome
now.
K
This
is
the
how
an
essentially
a
dual
stack
model
with
all
those
that
use
case
would
be
so
we'll
have
a
customer
device,
that's
an
external
entity
and
then
we'll
have
a
process.
That's
the
doll,
stack
node
and
then
we'll
have
a
provider
data
store
which
well
we're
trying
to
connect
to,
and
then
we
would
want
to
look
at
the
protected
assets
and
the
entry
points
and
the
way
I
said
it
or
cape.
These
can
all
be.
K
K
Now,
there's
the
the
stride,
eft
Association
will
associate
some
some
of
the
threat
threats
to
certain
types
of
VFD
elements.
So,
for
example,
an
external
entity
is
prone
to
stuffing
and
repudiation
threats
more
than
other
elements,
so
I
think
this
can
help
here
as
well,
so
for
network
elements.
That's
why
it
would
be
very
important
to
clearly
identify
the
relationship
between
the
DFD
elements
and
the
actual
network
elements
that
go
into
a
tradition,
technology,
yeah
and
then
from
these.
K
This
is
the
format
we
we
fall
off
so
we'll
have
like
some
threat,
ID,
which
is
supposed
to
be
a
code
and
if
there's
a
need
for
having
that
in
the
ITF,
the
code
could
be
like
I'll
show
in
the
next
slide,
something
like
IDF
tdb,
which
is
thread
database
and
then
some
like
the
code
for
the
protocol
and
then
some
serial
number,
so
I
think
I
went
too
far
yeah
and
then
we
will
have
like
some
description.
K
Like
a
samurai's
description
of
the
threat,
we
will
have
an
association
with
the
strata
lines
because
the
thread
can
be
potentially
associated
with
all
the
we
always
tried
to
trade
pacific
like
classes,
then
some
details
about
the
mitigation,
so
what
they
actually
exists
so
far
or
if
it
doesn't.
What
should
we
do
about
it?
The
likelihood
which
is
depending
on
how
you
build
a
DFT?
What's
the
level
of
likelihood-
and
this
can
be
like
a
stepwise
fing-
it
can
be
low,
high
and
or
you
can
have
some
intermediary
number
there
I.
K
The
an
idea
was
to
use
something
like
CBS
s
scoring
and
then
you'll
have
an
expert
database
of
well
an
expert
analysis
and
then
some
numbers
for
each
of
the
threats
that
can
be.
That
can
be
an
expansion
of
this
simple
low-high
system
and
then
some
validation.
So
if
the
threat
was
validated
yeah
some
details
about
how
it
was
validated
and
or
if
it
was
validated,
so
these
are
some
examples.
I
took
like
that's
art
spoofing,
so
you
can
basically
do
everything
is
except
except
for
elevation
of
privilege
and
yeah.
K
K
Now,
if
you
look
at
some
of
those
basic
threads
I
presented
earlier,
some
of
them
can
be
combined
to
actually
have
a
bit
like
a
bigger
impact
or
higher
likelihood.
So
yeah.
If
you
combine
her
harp
one,
which
was
the
ARP
spoofing
thread
with
the
neighbor
discovery,
I
forgot,
which
one
that
was
for
what
it's
not
there
anyways
so
yeah,
you
could
essentially
get
a
higher
likelihood
of
of
exploitation
and
then
you'll
have
some
more
information
about
you.
K
How
you
could
mitigate
this
complex
threat,
so
yeah
has
for
the
clutter
district
contribution,
as
I
was
saying
earlier,
so
we
could
have
some
thread
database
for
the
ITF
Phyllis
desired.
We
could
also
reuse
some
of
these
generic
steps
to
actually
give
some
structure
to
security
considerations
which,
to
me
at
least,
and
many
or
some
other
people,
I've,
talked
to
a
lack,
a
bit
of
structure
like
if
you
have
some
simple
steps
like
if
I
identify
the
function
associated
technology
with
some
kind
of
generic
category,
they
compose
it.
K
What's
what's
I,
don't
know
some
sort
of
diagram
and
then
look
at
the
look
at
the
threats
and
you
try
to
validate
them.
So
that's
that's
about
it.
For
me,
I
now
have
some
questions
for
up
sex.
So
how
many
people
have
read
the
draft
so
I
know
Fernando,
husband
and
Joel
I?
Guess
two
people,
okay
nightly.
M
L
Okay,
well,
first,
it's
a
good
idea,
I
think
in
some
ways,
okay,
I
have
some
questions
about
you
know
the
devil
is
in
the
details:
yeah.
A
L
Well,
a
couple
questions
right
on
that
one:
okay,
there's
I
think
there's
we
could
probably
we
should
probably
should
probably
do
more
on
what
that
is.
I
mean
I,
think,
there's
there's
more
than
that
I
mean
I
can
just
write
off
top
of
my
head.
I
can
think
leakage.
You
know
people
use
certain
fields,
doing
a
formation.
K
L
Let
me
say
that,
because
if
it's
my
network,
my
data,
I'm
an
enterprise
I
own,
it
I
need
to
see
that
for
for
certain
things,
if
you're,
if
you're
a
you,
know
a
one-out
optimizer,
you
need
to
see
certain
parts
of
the
data
you
know
I
mean
so
so
it'sit's,
there's
more
nuanced
than
that
for
confidentiality,
you
see
what
I'm
saying
the
III
think
there
I
mean
there's
more
categories
and
we
I
think
it's
a
good
as
I
say
it's
a
good
idea.
I
think
I.
K
K
K
L
I
guess
what
I
mean
to
say
is
like
it's
like
that
kind
of
stuff
is
like
Pat.
If
I
see
passive
monitoring,
what
I
would
I
start.
Thinking
is
like
you
shouldn't
take
traces,
because
you
can
see
the
decrypted
data
inside
there
and,
if
I
own,
that
data
I
have
every
right
to
see
that
data.
You
see
what
I
mean,
and
so
that's
not
really
an
infant
information.
Disclosure
category
I
am
easy.
I
mean
I'm.
K
J
J
I
so
I
think
nilly
knees
right.
Obviously
that
you
know
yes
in
some
cases,
be
able
to
see,
data
is
is
appropriate,
but
it's
still
a
threat.
I
mean
that
I
think
we
still
need
still
model
it
as
a
threat,
and
maybe
we
need
a
note
saying,
and
it
may
be
a
considerations.
A
separate
section
of
the
document
saying
there
are
other
considerations
we're
doing.
Some
of
these
things
is
appropriate.
Their
attire.
K
Yeah
sure
no
no
okay,
no
I
was
I
was
understanding
the
the
mileage
suggestion,
as
this
is
not
exhaustive.
So
this
is
not
complete.
You
can
have
something
that
doesn't
fit
in
these
categories.
So
that's
what
I'm
I'm
kind
of
challenging
now
like
do.
You
guys
know
any
thread
that
doesn't
fit
here,
because
I,
don't
think
so,
honestly,
like
stride
is
a
fairly
generic
way
of
categorizing
threads
and
it
should
be
able
to
do
so
with
every
thread.
K
Right,
that's!
Okay,
and,
of
course,
that's
it.
That's
a
different
discussion
point.
That's
that's.
Definitely
yeah
yeah
like
of
course
well,
a
nice
p
would
legitimately
like
analyze
traffic
traces
yeah.
That's
lots
may
be
normal,
but
I'm
saying
that's
not
that
that
doesn't
mean
it's
not
a
threat.
It
thread
right
exactly.
J
B
So
one
topic
of
discussion
is
whether
we
want
this
document,
which
I
personally
find
useful,
become
a
working
group
document.
Now,
to
be
honest
on
my
side,
it's
in
a
security
document,
but
it's
not
an
operational
security
document,
so
it
does
not
really
belong
so
this
week,
a
nobody
must
be.
It
should
be
somewhere
in
the
IETF
secretary
after.
K
Like
we're
trying
to
find
out
which
which
working
group
it
would
fit
best,
the
recommendation
came
from
from
Stephen,
Farrell
and
also
fred
baker
like
we
were
talking
about
having
it
may
be
in
v6
ops,
but
it
doesn't
really
fit
because
it's
mostly
security.
So
then
we
said:
okay,
let's
try
OPSEC,
it
might
apply.
L
Couple
other
things
did
this:
the
the
threat
database
I
am
I,
am
I
getting
this,
that
you're,
suggesting
that
somebody,
it
I,
ETF
or
somewhere,
maintain
this
threat
database
or
are
we
gonna
get
it
from
searcher
or
I
mean
yes,.
K
L
The
reason
I
have
a
little
bit
of
a
problem
with
that,
because
I
mean
there's
companies
that
you
know
do
like
virus
checking
and
stuff.
They
make
a
living
out
of
doing
that
and
it's
modified
daily
I
mean
that
just
seems,
like
I,
mean
I.
Think
at
a
higher
level.
There's
some
real
good
ideas
here,
but
maintaining
a
threat
database
when
there
could
be
something
coming
out.
Every
other
minute,
I
know.
K
It's
a
threat
is
not
a
vulnerability
database,
that's
a
completely
different
thing.
This
is
a
thread
database,
so
these
are
more
generic
than
than
like
you.
You
just
think
about
what
the
threat
could
be
right
to
do
an
analysis,
and
then
you
validate
it
and
that's
about
it.
You
know
about
it.
You
know
you
don't
have
to
look
at
versions,
you
don't
have
to
do.
Horner
ability,
analysis,
which
is
a
completely
I,
think
they
different
thing.
Okay,.
K
K
L
K
K
K
G
That
would
be
doable,
but
prolly.
Joel
has
a
better
idea
about
that.
We
were
talking
about.
You
know
possible
venues,
I
think
that
it
all
depends,
for
example,
if
you
are
just
going
to
focus
on
something
specific
or
whether
you
want
to
do
like
to
produce
a
generic
document
if
it
was
just
a
generic
document
like
a
model
without.
G
K
G
G
G
G
To
the
molded
that
you're
using
and
I
don't
know
if
I
haven't
checked
like
the
latest
revision
of
the
document,
it
could
be
totally
different
at
the
time.
I
took
a
look
at
the
document
I
couldn't
myself,
I
mean
could
be
my
fault,
but
I
couldn't
figure
out
how
I
could
map
something
that
I
read,
for
example,
from
an
aspect
into
the
model
that
you
have
here
and
then
the
part
that,
for
me
is
critical.
I
mean
I
need
to
be
able
to
like
no
I
automatically
understand.
Okay,.
G
And
I
think
that
for
me
this
is
the
part
that
is
key,
like
you
know,
being
able
to
apply
the
model,
given
a
some
technology
being
able
to
apply
it
like
it
should
be
like
sprite
forward
yeah
I,
don't
I
haven't
read
the
latest
version,
so
maybe
that
now
it's
okay,
but
no.
K
It's
exactly
like
I
put
in
written
in
green.
If
I
don't
know,
if
it
can,
it's
fitz
noticeable,
but
ya
like
like
if
I
wouldn't
green,
the
the
things
that
I
changed
and
I'm
still
not
satisfied,
I
think
it
can
be
a
lot
better
than
this
and
I
don't
exactly
know
how
so
your
feedback
would
be
good.
Other
people
that
want
to
put
you
they're
welcome
as
well,
so
yeah
yeah.
That's
thank
you.
E
Yeah
so
Julian
I
wanted
to
just
respond
to
I.
Think
a
point
nalini
was
trying
to
dig
into
and
I
will
preface
this
by
saying
aye,
despite
having
been
the
chair
of
this
working
group
at
one
time
and
being
its
responsible
ad,
I'm
not
an
upset
person.
They
just
lob
requirements
at
me
from
the
other
side
of
the
company,
but
I
mean
my
understanding
of
why
why
you
would
start
with
stride
or
say
some
alternative
models
such
as
dread?
E
E
The
variation
between
the
two
that
I'm,
mostly
familiar
with
which
our
stride
and
dread
is
sort
of
you
know
a
way
of
analyzing,
starting
from
where
the
problem
areas
might
be
versus
what
the
consequences
are
sort
of
where
dread
starts
and
then
works
backwards,
which
is
like
looking
in
the
wrong
end
of
the
horse.
As
far.
E
But
but
I
think
that
I
think
that
speaks
to
what
it,
what
a
database
is
which
is
sort
of.
Since
you
have
this
category
of
boxes,
you
essentially
identify
where
the
potential
problem
areas
in
the
protocol
are,
and
then,
when
you
get
to
the
question
of
vulnerabilities,
those
actually
fit
backwards
into
the
boxes
that
you've
created,
because
this
vulnerability
is
associated
with
this
problem
area
right.
E
But
it's
really
sort
of
starting
out
with
a
taxonomy
of
the
protocol
so
that
you
can
identify
where
the
problem
areas
are,
and
so
the
early
portion
of
this
and
then
the
explanation
of
stride
goes
into
okay.
So
this
is
the
this
is
our
methodology
and
then
what
we
actually
care
about
here
is
must
see
the
meat
of
it,
which
is
where
the
problem
areas
and
I
hope
that's
a
little
clarifying
in
terms
of
how
this
stuff
works.
Like
I
said,
I'm
not
an
expert
in
it,
but.
K
E
So
yeah
Joey
I
can
comment
on
that.
A
little
bit,
yeah
I
asked
for
the
informative
reference,
so
it's
my
understanding
that
they
have
not
made
any
claims
on
the
methodology.
I
think
one
of
the
authors
of
that
paper
now
works
for
my
company.
So
if
I
find
out
that
there's
something
else
to
that,
I
will
have
to
file
a
third
party
to
close
disclosure
but
or
maybe
a
first-party
I,
don't
know
anyway.
E
K
J
H
J
So
I
think
we
would
love
to
have
this
I'm
struggling
with,
where
I'd
like
to
see
that,
since
the
question
was
where
should
the
work
be.
J
I
really
think
that
stride
or
or
another
thread
so
another
threat
assessment
model
ought
to
be
published
as
and
alone
RFC,
probably
by
sag,
would
be
the
place.
I
would
think
to
do
it.
So
we
have
here's
a
way
to
do
threat
modeling
then,
unfortunately,
where
I
really
think
this
work
is
going
right
now
you
said
here's
a
way
to
do:
threat,
modeling
of
trial,
ipv6
transition
mechanisms,
but
know
what
you
have
is
a
way
to
do.
Threat
modeling
of
everything,
yeah
I
will
see
that
I
would
see
this
as
a
collateral
into
like.
J
K
J
H
J
The
threaded,
from
the
actual
analysis,
have
that
have
the
model
be
one
document
via
now.
The
results
of
the
model
applied
to
transition
mechanisms
be
another
document
and
then
in
the
report
of
the
reason
I'm
suggesting.
That
is
that
we
can
then
suggest
to
you
know:
I
can
go
to
other
working
groups
and
say:
hey.
Have
you
looked
at
the
stride
RFC
and
have
you
done
a
threat
assessment
based
on
that?
Okay.
L
Make
you
know
that
thing?
What
is
that
m?
You
know
that
we
all
everybody
refers
to.
Of
course
it
was
like
yeah,
but
you
know
I
mean
it's
like
cause
like
that's
just
so
boilerplate.
Everybody
just
always
sticks
that
in
I
kind
of
feel.
Like
you
know
what
you're
talking
about
is
at
that
level
with
you
know
it.
K
Yeah
I
think
the
last
one
would
be
like
if
writing
a
new
draft
protocol
and
I'm
pretty
sure
many
people
here
trying
to
do
that.
Would
you
follow
something
similar
I?
Think
like
I,
don't
know,
can
you
guys
do
a
show
hands
like
how
many
people
would
well
30
yeah?
That's
it
and
I.
Don't
know
like
the
question,
probably
the
most
important
one.
Is
it
wouldn't
fit
here
like
which
part
of
it
would
it
fit
here?
Would
it
feel
more
inside
which
should
I
go
back
to
Stephen
because
he
sent
me
here
so
yeah
you're.
B
G
Good
afternoon
my
name
is
Fernanda,
want
I'll,
be
presenting
the
document
on
recommendations
on
the
filtering
of
ipv6
packets
containing
ipv6
extension
headers.
This
is
a
working
group
that
I
don't
remember
what
it
was
about
a
couple
of
years
ago,
I
think
one
or
a
couple
of
years
ago.
This
is
a
brief
overview
of
the
document.
This
document
is
essentially
an
ipv6
version
of
RFC
7126.
G
What
we
had
done
in
that
document
was
providing
advice
regarding
the
filtering
of
packets
that
the
filtering
of
ipv4
packets
with
options,
so
this
document
tries
to
do
exactly
the
think,
the
same
thing
but
for
ipv6
packets.
Obviously,
in
this
case
talking
about
ipv6
extension
headers
and
the
corresponding
options
in
the
ID.
Essentially,
you
find
that
we
go
through
every
single
extension
header
every
single
option
and
we
try
to
analyze
what
are
the
security
and
operational
implications
of
these
extension
headers
and
options?
G
What
can
go
wrong
if
you
actually
drop
them
and
try
to
provide
advice
on
that?
The
idea
is
that,
based
on
work
that
was
done
in
other
working
groups
like
busy
so
basic
shops,
we
measure
some
extent
of
dropping
of
packets,
with
extension,
headers,
and
essentially
the
goal
of
this
document
is
to
try
to
improve
that
state
of
affairs.
That
is
assuming
that
some
notes
are
filtering
traffic
or
packets,
with
extension
headers
as
a
result
of
lack
of
advice,
we
would
like
to
improve
that
situation
by
providing
the
correct
advice.
G
G
We
ended
up
fixing
meaner,
you
know,
dieter
your
problems,
filling
up,
some
sections
that
were
missing
content
and
I.
Think
I
particular
particularly
think
that,
well
this
with
a
car
instructor,
the
document
is
kind
of
like
gun,
so
some
things
that
we
know
we
need
to
make
progress
in
this
based
on
other
feedback
or
audit
ideas
that
you
might
come
up
with.
First,
one
is
volunteers
for
reviewing.
G
B
G
B
B
G
Say
that
I
mean
besides
me,
thinking
that
what
you're
saying
is
a
good
idea.
These
document
tries
to
be
lets,
say
us
hi,
Sheila,
say
it
US
open
as
possible.
So
probably,
if
it
was
me,
I
will
be
dropping
much
more
stuff
that
what
he
was
talking
any
sane.
So
this
document
is
mostly
like
just
blacklist
and
like
saying
you
know,
is
pocket.
You
shouldn't
let
through
like,
let's
say
routing
header
type
0,
for
example,
but
to
the
extender
is
possible.
These
document
advices.
G
G
That
begs
the
question
whether
we
for
the
advice
we
should
like
split
it
in
two,
for
example,
there
are
cases
here
where
we
say
well,
if
dropping
packets
with
this
extension
together
might
break
something,
no
matter
what
that
is,
we
allowed
to
let
the
packet
through
now
there's
the
question
of
what
you
mentioned.
Well,
where
are
you
doing
the
filtering?
So
if
you
are
in
transit,
probably
this
advice
is
ok,
but
if
you
are
more
on
the
edge
of
a
network,
probably
quite
a
few
things
might
change
here.
G
L
One
thing
I
mean
definitely
I
mean
I
can
speak
from
experience,
I
know
operationally
enterprises
or
domains
allow
certain
some
things
that
you
know
inside
that
they
don't
allow
outside.
That's
definitely
definitely
true.
So
that's
that's
something
to
consider,
but
the
other
point
you're
kind
of
saying,
like
I,
mean
if
an
option
is
going
out
and
it's
gonna
break
something
I
mean
that's
a
real
loose
determination.
I
mean.
Why
are
you
sending
the
stupid
thing
if
it's
not
for
a
purpose?
L
G
I'm
gonna
make
it
what
I
was
meaning,
what
I'm
not
sure
if
you're,
referring
to
what
end,
when
I
said,
would
break
something
yeah
we're
saying
is
like
if
dropping
a
packet.
Well,
let's
take
the
example
of
let's
say
segment
worried
right:
they
are
using
a
routing
header.
If
a
device
were
to
blow
those
packets,
well
segment
wrote
in
a
break.
So
if
there
is
something
that
my
break
as
a
result
of
dropping,
we
say
not
let
this
packet
through.
We
don't
at
least
when
it
comes
to
this
particular
document.
G
L
No
I
understand
I
understand
what
you're
saying
my
point
is:
if
you
send
an
option,
it's
for
a
purpose
and
if
it
doesn't
do
anything,
I
mean,
and
so,
if
you
don't,
if
you
drop
it,
you're
gonna
break
or
not
provide
some
kind
of
functionality.
Otherwise,
why
are
you
even
sending
it
I
mean
we
don't
send
options
just
because
we
want
to
send
options.
I
mean
I
mine,
not
yeah.
G
But
then
you
so
I
mean,
depending
on
where
you
are
doing
the
filtering,
so
let's
say
more
in
the
transit.
You
have
more
of
the
idea
to
let
everything
through
now
when
you
are
more
on
the
edge
of
an
l
word
you
say:
ok,
you
know
my
traffic
is
not
using
any
options.
So
why
should
I
let
this
packet
through?
So
that's
the
kind
of
like
what
you
know.
G
Eric
was
saying
so
when
you
get
more
to
the
edge
of
the
network,
it
becomes
more
of
a
white
listing
thing
that
you
know
what
specific
traffic
you
need.
So
you
just
allowed
that
traffic.
We're
asked
when
you
go
when
you
get
more
to
the
transit
network
or
you
don't
really
know
what
that
traffic
is
meant
for.
So
you
are
more
permissive.
You
could
say
like
since
jen
is
in
the
queue.
As
far
as
I
know,
google
filters
all
pockets
with
extension
headers,
which
packets
you.
G
H
I
think
we
should
be
very
careful
and,
first
of
all,
actually
my
I
was
coming
here
to
say
completely
I'm
general,
heaven
kind
of
problem
with
documents
which
start
released
in
all
existing
possible
option
because
it
might
be
sendin
six
months.
We're
gonna
get
another
document
which
introduced
another
option.
So
this
document
I
became,
needs
to
be
updated
and
so
on,
yeah,
so
I
actually
do
not
think
we
need
to
keep
producing
more
and
more
like
document.
H
G
H
Think
that
my
opinion
is,
we
should
clearly
indicate
what
particular
option
is
needed
for
and
then
let
people
decide
do
you
need
that
particular
feature
or
not,
instead
of
giving
them
advice,
blog
or
filter,
I
goguen.
So,
okay,
let's
say
I,
don't
I
know
that
I'm.
My
network
for
some
reason
do
not
use
DNS
right.
So
I
don't
care
if
I'm
breaking
dns
okay,
so
I
can
feel
I
can
filter
fragments.
If
I
know
that
I
have
dns
and
my
network,
I
might
especially
d
in
a
sec
right.
I
might
I
want
to
appear
me.
A
H
G
H
G
I'm,
saying
is
that
if
you
have
a
registry
that
list-
let's
say
the
extension
headers
and
the
options,
the
guy
that
this,
that
you
know
it's
making
the
decision
on
whether
to
drop
that
or
not
at
times,
cannot
really
say:
okay.
Well,
this
is
actually
using
for
providing
this
and
that
other
service.
That's
what
I'm
saying.
So,
if
you
just
provide
the
registry
like
saying
option,
blah
blah
blah
the
guy
that
has
to
do
the
filtering
says:
I,
don't
even
know
it's.
H
G
G
No
I'm
what
I'm
saying
is
that
the
registry
doesn't
say
it
because
it
shouldn't
say
it.
It
just
says
this
is
the
option:
that's
it
so
option
blah
blah.
This
is
the
name.
This
is
where
it
is
specified,
but
we
stuff
like
root
roller.
For
example,
it
can
be
used
for
many
things.
So
at
times,
if
you
just
look
at
the
registry,
it's
not
strive
forward.
You
what
you
might
break
if
you
drop
packets
containing
that
option,
and
that's
one
of
the
purposes
of
this
document,
yeah.
H
It
will
take
it
offline,
I.
Think
I
cannot
make
myself
clear
and
I
in
the
comment.
I
actually
think
that
introduction
is
kind
of
confusion
because
it
sends
it.
In
extension,
headers
could
be
used
for
d
doors
and
other
stuff,
runnin
processing
software
and
slower
pass
I.
Don't
think
it's
always
the
case.
It
might
be
case
for
hope,
I
hope
and
it's
not
actually
necessary
case
for
hope.
I
hope
it
implementation
depended
so
I
think
we
should
kind
of
rephrase
it
to
make
it
less
negative.
Okay,.
H
J
H
Filter
everything
because
it's
very
confusing
okay,
so
basically
I
did
a
kind
of
okay
put
this
registry
in
your
document.
They
say
here
is
the
option
whew,
it's
used
for
this.
If
you
block
it,
it
will
break
this
and
let
administrator
decide
if
I
mean
we
should
probably
explicitly
say
if
your
transit
provider
try
not
to
block
stuff
right
there
and
the
system
to
decide
what
to
do
is
a
traffic
so.
G
H
Because
I
said,
if
I'm
using
particular
service
which
go
into
a
broken
okay,
unless
unless
we
know
that
this
particular
option
is,
is
not
used
for
anything
useful
known
to
be
harmful
and
should
be
broke,
bro
blocked,
then
probably
yes
in
general,
how
can
we
tell
people?
Shall
we
block
or
I
permit
fragments?
If
we
don't
know
it
would.
H
G
H
But
I'm
really
sure
that,
for
most
of
the
other
options
are,
it
might
be
again
decision
based
on
the
security
policy,
few
security
policies,
pyramid
only
things,
I
need
and
guac
every
channels
they
can
look
and
find
out
what
they
need.
It
might
be
that
security
policy
is
actually
I'm
only
a
broken
arm
of
harmful
stuff
and
I'm
permit
everything
else,
and
then
we
should
not
recommend
them
to
volcanism
what.
G
Does
kind
of
relates
world
war,
Eric
was
saying
so
essentially
what
we
have
in
the
document
right
now
is
mostly
just
blacklisting
stuff
that
is
known
to
be
harmful.
We
recommend
to
block
the
other
stuff
to
let
true,
but
at
the
end
of
the
day,
I
think
that
somehow
you
are
agreeing
with
Eric,
which
is
it
depends
on.
You
know
where
you
are
in
the
net,
were
you
might
take
one
stance
or
the
other.
B
Yeah
living
just
to
see
the
history,
which
is
ayanna,
I,
mean
I,
don't
think
this
I
on
our
role
is
to
say
or
even
register
a
security
use
case,
so
this
could
be
useful
for
you
to
go
there
and
east.
Oh
no
use
for
short-term,
pretty
sure,
that's
what
you
did
but
to
put
her
history
and
iono.
That
says
this
protocol
should
blocked.
0
permitted
mean
this
kind
of
very,
very
strange
idea.
Mm-Hmm.
A
B
To
come
back
on
the
point,
we
want
to
say
something
recommendation
in
your
draft
in
your
document,
because
we
want
to
say
to
isp
that
are
blocking
sanction
errors.
Please
do
not
do
because
the
ATF
has
agreed
on
this
document
right,
so
I
think
it's
important
to
keep
it
kind
of
open
there
and
to
say
and
write
recommendation
so.
G
M
So
a
couple
of
thoughts,
okay,
bill
Cerveny
one
is:
it
would
be
useful
to
have
this
information,
the
machine-readable,
so
let's
say
a
firewall
at
some
point
in
future,
could
actually,
instead
of
having
someone
manually
input,
all
this
information
be
able
to
access
it,
which
would
lean
towards
having
a
recommendation
whether
or
not
also
in
a
registry,
you
could
deprecated
some
options
and
I'll
think
that
the
eye
and
a
registry
would
say
yeah.
This
is
deprecated,
and
perhaps
some
something
machine-readable
could
read
that
I.
M
G
G
Actually,
I
think
I
think
that
for
some
of
this
we
have
like
you
know
what
we
were
working
on
the
options
we
had
a
document
as
actually
I,
think
we
never
published,
and
it
was
like
done
in
it's
been
my
computer
for
like
two
years,
because
we
were
finding
options
or
that
had
no
information
at
all.
So
at
the
time
they
were
given,
the
option
number
was
given
to
someone.
There
was
no
specification,
so
we
were
doing
the
work
of
trying
to.
You
know
find
the
people
that
were
reference.
G
It
there,
because
obviously
the
email
addresses
were
not
working.
Some
of
these
people
you
couldn't
find,
and
for
some
of
them
we
actually
get
to
talk
to
the
authors
at
the
time
and
they
say
yeah
yeah.
This
was
never
used,
so
we
started
to
work
on
a
document
which,
not
you
you
know
it
kind
of
like
rises,
so
I
might
try
to
rebuy
that
or
post
it
whatever
I
have
in
on
my
computer,
trying
to
actually
those
are
have
never
been
used,
Chuck
to
try
to
formally
deprecated
them
now
getting
in
contact
with
the
authors.
G
I
mean
these
was
in
some
cases.
This
was
a
long
long
time
ago,
but
there
are
people
that
now
work
even
in
different
fields.
This
is
like
the
experience
that
we
had
and
but
even
then,
when
you
get
you
know
to
to
do
the
theory
that
is
required
to
deprecate
this
at
times
it
requires
a
lot
of
energy
to
you
know
for
that
to
be
published
and
the
options
to
be
deprecated
is.
M
G
Thing
is
that
were
when
we
were,
you
know
walking
on
the
on
the
car
like
the
same
document,
but
for
ipv4
years
ago
the
sentiment
was
like
well.
If
you
don't
know,
you
cannot
provide
advice
yeah,
so
it
was
like
well
before
you
actually
say
do
this
or
that
you
have
to
be
able
to
tell
what's
that
and
if
it's
used
for
anything.
So
that's
why
we
were
doing.
G
We
did
that
for
the
ipv4
document
to
like
you
know,
trying
to
find,
like
you
know,
using
like
linkedin
google,
to
try
to
find
where
these
people
were
still
alive,
and
you
know
where
they
were
still
ritual
for
many
cases.
We
were
able
to
to
do
that
and
I
will
try
to
look
at
them,
because
I
remember
that
we
were
for
those
options
that
you
didn't
have
the
clear
references
we
were.
You
know
try
to
get
ahold
of
the
authors
and
trying
to
ask
them.
G
M
Yeah
I
I
mean
the
scenario
I
think
of
is
let's
say
someone
develops
something
new
that
uses
I
newport
or
a
new
extension
header
option
or
whatever,
if
you
publish
just
let's
say
tomorrow,
is
this
thing
in
six
months
probably
going
to
see
like
you
know,
a
number
of
years
before
the
firewall
header
will
or
firewall
people
will
actually
update
their
information.
If
there
is
something
in
place,
that's
machine,
readable
and
or
some
way
of
updating
this
information.
M
G
The
document
that
we
have
right
now
what
we
have
right
now
it
is
very
permissive.
It
even
says
that
you
know
you
don't
have
to
it
follows
the
I
kind
of
like
follows
the
advice
in
RSC
7045,
which
is
you
shouldn't
like,
say:
I
blow
a
block,
unknown
options
unknown
eh,
but
that's
again
because
it
this
is
mostly
targeted
more
in
the
middle
of
the
network.
G
So
probably
you
know
the
best
way
to
possibly
answer
that
is
go
with
area
that
eric
said,
because,
depending
on
where
you
are
doing
the
filtering,
you
might
want
to
do
one
thing
or
the
other.
If
you
are
more
in
the
middle
of
the
network,
be
more
permissive,
but
if
you
are
on
the
edge
is
probably
more
of
a
white
violet,
whitelist
approach.
L
I'm
kind
of
following
up
on
some
stuff
that
I
think
that
we've
kind
of
been
skirting
around
I,
think
billing
and
and
Jen
we're
kind
of
talking
about
to,
and
it
this
whole
thing
in
some
ways
has
a
lot
of
similarities
to
the
thing
of
maria's,
there's
a
class
of
of
problems
and
information
which
actually
belongs
in
some
type
of
table
that
and
it
has
to
be
a
kind
of
a
mandate.
You
know
what
I
mean
like
like,
like
my
destination:
option,
which
is
about
to
be
past,
is
not
in
there.
L
So
it's
like
it
has
to
be
part
of
the
procedure
that
if
you
do
this,
like
yeah,
there's
an
you
go
to
I
Anna,
and
then
you
update
the
though
you
know
whatever
you,
you
call
the
the
recommendations
table,
and
so
then
it's
like
it's
always
going
to
be
there
and
like
in
the
IP
p.m.
registry.
I
mean
we've
been
going
through.
All
this
endless
chaos
about
machine
readable
and
you
know
what
are
all
the
fields
in
there.
L
I
mean
it's
been
a
little
bit
endless,
but
but
it
is
and
it's
going
to
be,
I
Anna
maintained
and
there's
a
whole
registry
for
what
the
metrics
are,
what
they
mean,
blah
blah,
blah
and
I.
Think
it's
a
good
thing
to
do.
It's
just
that
unless
you
develop
some
subsidiary
procedures,
both
in
terms
of
readability
and
maintainability,
it's
it
and
and
those
are
both
really
good
things
for
both
you
guys.
That's
it's
great
information,
I'd
love
to
see
something
like
that.
L
L
What
I'm
suggesting
I
think,
is
three
things:
one.
You
have
a
set
of
recommendations
that
are
more
generic
like
if
you
understand
it
pass
it.
You
know
talking
about
different
domains,
topology
all
that
ends
up
yeah
great,
then
there's
something
there's
absolute
information
about
there's
this
kind
of
header
and
then
these
options
underneath
there
it's
this
this
this
and
this
you
should
pass
this.
Don't
do
that
etc.
I
mean
right.
So
that's
there's
two
different
kinds
of
information
in
that
draft.
So.
G
Maybe
not
on
the
sin,
so
what
we
do
I
mean
even
when
it
comes
today,
whether
you
understand
the
option
on
the
hair
it,
so
we
replicate
essentially
what
what's
in
RFC
7045.
So
if
it's
unknown,
you
should
pass
it,
you
shouldn't
block
options
that
are
unknown,
etc,
etc.
What
we
say,
if,
for
those
that
are
specified,
we
try
to
say
okay,
try
to
summarize
what
that
optional
effect
or
extension.
Header
is
useful
so
that
ok,
you
phone
in
the
registry,
this
option.
G
Ok,
it
is
being
employee
at
the
end
of
the
day,
for
this
protocol
that
particle
and
blah
blah
blah.
So
now
you
have
more
information
that
what
you
have
in
the
registry
in
the
registry,
you
just
point
to
the
specification
by
the
times
it
doesn't
tell
you
what
is
actually
using
that
now
here
we
say:
ok,
this
option
or
this
extension
together
is
being
employed
at
the
end
of
the
day.
By
all
this,
then
we
say
if
you
were
to
drop
this
well.
This
is
what
would
break
ok
when.
L
I
get
it
I,
get
it
I
get
I,
think
I
get
it.
What
I'm
saying
is
that
the
format
of
the
document
and
the
structure
around
the
maintainability
of
the
document
might
want
to
be
a
little
bit
different.
It
might
want
to
not
be
an
RFC
and
I
mean
I,
don't
know
what
it
is,
but
some
maintainable
document
similar
to
Marius
is
threat
table
because
it's
going
to
be
modified
much
more
regularly
than
one
expects
a
draft
to
be.
L
It
also
requires
that
anybody
I
think
it
should
require
that
anybody
who
puts
in
a
new
option
there
is
a
procedure
or
you
know
it's
like
you
have
to
put
in
there
like
what
are
the
security
sections
like
what
what
are
ionic
considerations?
They
should
either
have
to
notify
you
or
the
Secretariat
or
whoever
so
that
you
can
add
this
new
destination
options,
its
implications,
etc
into
that
does
that
does
that
make
you.
G
Know
one
thing
that
I
believe
it's
important,
which
is
you
know
at
the
end
of
the
day.
The
goal
of
this
document
is
to
try
to
improve
the
state
of
affairs
to
what
is
going
on
nowadays,
with
extension
headers.
So,
besides
these
specific
details,
what
we
try,
what
we
are
trying
here
is
that,
for
those
cases
where
you
know,
networks
are
dropping
packets,
which
we
wouldn't
want
them
to
be
dropping
to
try
to
provide
advice
to
that.
G
It's
not
that
the
document
is
meant
to
you
know
like
at
the
you
know
the
minute
level
whenever
something
new
and
goes
on.
Ok
now
you
to
that,
take
your
policies,
but
at
least
to
what
we
have
right
now,
which
the
level
of
pocket
drops
that
we
have
try
to
improve.
That
I
mean
even
with
I
personally
think
that
if
with
the
stuff
that
is
specified
so
far,
we
were
able
to
reduce
the
level
of
dropping
with
this
document.
For
me,
that's
a
big
goal
and
I
you'd
be
done
with
it.
I
think.
L
G
Me,
the
worst
part
I
mean
it's
not
that
I
think
that's
something
that
is
nice,
but
what
I'm
saying
is
that
we
have
nowadays
a
bigger
problem,
which
is
that
stuff
that
has
been
specified
a
long
time
ago,
still
being
dropped
and
thus
I
think
the
main
part
that
we
want
to
change.
Many
of
us,
it's
like
when
we
measure
stuff
that
it's
not
that
it
has
been
polished
like
six
months
from
now
but
ages
ago.
G
That's
still
wrong
if
we
can't
reduce
the
level
of
those
pockets
rod,
particularly
the
ones
that
are
happening
in
transit,
which
are
I,
guess
the
ones
that
we
are
mostly
concerned.
I
think
that
if
we
can
get
that
to
be
reduced,
that's
I
think
that,
as
far
as
I'm
concerned
that
the
goal
has
been
achieved,
yeah.
B
H
B
Rotting
in
95
the
routing
at
at
time,
zero
was
not
thinking
about
the
attack,
so
those
meaning
it's
no
point
of
putting
in
a
virgin.
When
you
design
a
protocol
to
say
it's,
not
dangerous,
because
of
course
you
don't
design
a
protocol,
that's
dangerous!
So
what
you
say?
Maybe
you
should
at
least
yeah
so.
G
E
E
O
Think
you're
right
so
yes,
limbering.
P
House-
and
you
just
suggested
to
get
the
edge
part
out
of
this
document,
but
just
the
firewall
administrators
at
the
edge
are
the
ones
who
need
guidance.
The
service
providers
will
eventually
let
all
the
stuff
through,
because
this
stuff
belongs
to
the
customers,
so
they
will
open
their
firewalls
eventually,
but
the
customers
at
the
edge,
the
enterprises
who
now
try
to
deploy
ipv6,
they
fear
ipv6,
because
they
have
no
idea
how
to
implement
it.
What
they
can
do,
what
all
these
headers
do
to
them.
So
the
section
with
the
use
case.
P
This
is
very,
very
helpful
to
show
them
what
they
can
use
this
stuff
for.
But
if
you
take
em
the
enterprise
section,
the
edge
attention
out
and
then
the
people
who
need
guidance
most
get
nothing
out
of
this
document
and
we
ipv6
is
deployed
at
the
edge
today.
The
service
providers
all
have
it
or
short.
Have
it
so.
G
I
see
your
point,
so
I
guess
that
question
here
I
mean
I
see
your
point
and
I
think
that
you
know
that
information
would
be
valuable.
What
I'm
personally
wondering
myself
is
if
we
make
the
document
focus
on
transit,
I
think
we
are
like
essentially
almost
done
right,
and
these
document,
as
it
is
without
the
edge
stuff,
would
help
hopefully
to
you
know,
improve
the
situation
of
the
level
of
drop
in
that
we
have
in
transit.
So
I
guess
that
two
options
are
one
of
them.
We
split
the
recommendations
in
this
one
I
see.
G
In
that
case
people
come
in
and
saying
oh,
but
you
know,
if
you
are
on
the
whitelist
approach,
then
if
something
gets
publisher
there
will
be
like
a
delta
there,
during
which
the
time
will
that
stuff
will
be
dropped.
So
one
option
is,
to
you
know,
split
the
recommendations,
as
we
were
talking
before,
and
we
have
for
transient
at
the
edge.
G
The
other
one
is
doing
like
in
two
separate
documents
having
this
one
publish
a
city's
targeting
or
having
the
gold
specifically
that
we
reduce
the
level
of
packet
drops
in
transit
and
having
a
separate
one
that
just
targets
you
know
at
the
edge
and
to
some
extent,
that
might
make
sense,
since
that
sense,
that
probably
the
guy
that
is,
configuring,
the
firewall
at
the
edge,
doesn't
care
about
what
the
guy
at
doing
in
transit
is
doing.
Unbiased
versa.
So
I'm
open
to
you
know,
I
mean
any
of
the
two
options.
Who
would
work
for
me?
G
F
Am
just
dumb,
so
I
was
just
listening
to
like
old
feet
back
and
what
you
are
saying
repeating
over
and
over
again,
and
it's
actually
the
only
question
that
didn't
get
us
theaters,
who
you
actually
expect
to
read
this
document.
So
if
we
go
back
like
Williams,
no
comments
is
what
you
actually
want.
Is
you
want
to
publish
the
template
and
say:
hey
here
is
a
cisco
template?
G
Be
kind
of
like
quite
suspicious
about
someone
that
will
just
copy
and
paste
wherever
I
put
in
a
template.
So
let's
say
I,
don't
know
what
my
specific
target
is,
but
certainly
my
target.
It's
someone
that
will
read
understand
what
I
wrote
and
then
act
accordingly,
if
there's
a
guy
that
will
just
copy
and
paste
whatever.
I
don't
want
that
guy
to
read
my
document.
F
A
G
So
I
guess
my
question
is
so
one
of
many
questions
here
is
whether
we
stick
with
what
do
we
have
essentially
target
this
document
that
transit
and
publish
assess
and
when
it
comes
to
the
edge
stuff
we
do
eventually
we
see
what
we
do.
The
other
is
whether
we
split
the
recommendations
into
I've,
given
the
discussion.
I
probably
stick
today
what
the
last
start
I
said
like
target
the
transit,
a
MIDI,
not
reducing
the
level
of
drops.
That's
my
take
yeah.