Re: [pkix] Last Call: (X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP) to Proposed Standard

2013-04-10 Thread Stefan Santesson
Nothing has changed in this regard. The good response is pretty clear that it by default provides information that the cert is not on a black-list (is not know to be revoked). However, it is also made clear that extensions may be used to expand this default information about the status. This is h

Re: [IAB] Call for Comment: 'Privacy Considerations for Internet Protocols'

2013-04-10 Thread Alissa Cooper
Hi Dave, Thanks for your review. Some comments are inline. A pre-publication -08 version is available at . The diff from the -07 is available at . On Mar 14, 2013, at 10:04 AM, Dave Crocker wr

Re: Sufficient email authentication requirements for IPv6

2013-04-10 Thread Keith Moore
On 04/09/2013 08:07 PM, John Levine wrote: Quoting Nathaniel Borenstein [1]: "One man's blacklist is another's denial-of-service attack." Email reputation services have a bad reputation. They have a good enough reputation that every non-trivial mail system in the world uses them. They're

RE: Gen-ART review of draft-ietf-intarea-nat-reveal-analysis-06

2013-04-10 Thread mohamed.boucadair
Dear Peter, The two OLD nits are already fixed in my local copy. As for the new one, I'm generating the references automatically. The RFC Editor can fix this if needed. Thanks. Cheers, Med >-Message d'origine- >De : Peter Yee [mailto:pe...@akayla.com] >Envoyé : samedi 6 avril 2013 01:

RE: Gen-ART review of draft-ietf-pcp-upnp-igd-interworking-07

2013-04-10 Thread mohamed.boucadair
Dear Peter, I changed the text as follows: OLD: If the requested external port is not available, the PCP server will send a CANNOT_PROVIDE_EXTERNAL error response. If a short lifetime error is returned, the IGD-PCP IWF MAY re-send the same request to the PCP Server after 30 seconds.

Re: [OPSEC] Last Call: (Security Implications of IPv6 on IPv4 Networks) to Informational RFC

2013-04-10 Thread Brian E Carpenter
Hi Fernando, On 10/04/2013 06:17, Fernando Gont wrote: > Hi, Brian, > > My apologies for the delay in my response. Please find my comments > in-line... > > > On 04/02/2013 06:45 AM, Brian E Carpenter wrote: >> Fernando, >> >> Rather than repeating myself, I'll suggest a change to the Introducti

Re: question about draft-touch-tcp-ao-nat

2013-04-10 Thread Joe Touch
Hi, Nevil (and the IETF list, now). This is my third attempt at requesting clarification about the status of this document. I have been trying to reach you since November. Since you have not responded to any of my previous posts, I'm cc'ing the IETF list, which I sincerely hope you track. F

RE: Gen-ART review of draft-ietf-pcp-upnp-igd-interworking-07

2013-04-10 Thread Peter Yee
Med, That looks great. Thanks for accommodating my concern. Kind regards, -Peter -Original Message- From: mohamed.boucad...@orange.com [mailto:mohamed.boucad...@orange.com] Sent: Wednesday, April 10, 2013 12:49 AM To: Peter Yee; d

Re: Sufficient email authentication requirements for IPv6

2013-04-10 Thread Douglas Otis
On Apr 10, 2013, at 6:26 AM, Keith Moore wrote: > On 04/09/2013 08:07 PM, John Levine wrote: >>> Quoting Nathaniel Borenstein [1]: >>> >>> "One man's blacklist is another's denial-of-service attack." >>> >>> Email reputation services have a bad reputation. >> They have a good enough reputat

RE: question about draft-touch-tcp-ao-nat

2013-04-10 Thread Adrian Farrel
Joe, In my address book I also have i...@ref-editor.org and n.brown...@auckland.ac.nz both cc'ed here. Looking at http://datatracker.ietf.org/doc/draft-touch-tcp-ao-nat/ the I-D state is "Response to Review Needed" as you noted. I don't have an key to the ISE states, but this one would seem to

Re: Sufficient email authentication requirements for IPv6

2013-04-10 Thread John Levine
>> There seems to be a faction that feel that 15 years ago someone once >> blacklisted them and caused them some inconvenience, therefore all >> DNSBLs suck forever. I could say similar things about buggy PC >> implementations of TCP/IP, but I think a few things have changed since >> then, in both

Re: Sufficient email authentication requirements for IPv6

2013-04-10 Thread Keith Moore
On 04/10/2013 06:55 PM, John Levine wrote: There seems to be a faction that feel that 15 years ago someone once blacklisted them and caused them some inconvenience, therefore all DNSBLs suck forever. I could say similar things about buggy PC implementations of TCP/IP, but I think a few things ha

Re: Sufficient email authentication requirements for IPv6

2013-04-10 Thread John R Levine
Like I said, things have changed since 1996. Indeed they have. Email is much less reliable now than it was then. Agreed. But it's not the DNSBLs, it's all the other stuff, notably heuristic content filters, that we have to do to deal with the 95% of mail that is spam these days. I track

Re: Sufficient email authentication requirements for IPv6

2013-04-10 Thread Keith Moore
On 04/10/2013 07:14 PM, John R Levine wrote: Like I said, things have changed since 1996. Indeed they have. Email is much less reliable now than it was then. Agreed. But it's not the DNSBLs, it's all the other stuff, notably heuristic content filters, that we have to do to deal with the 9