--- 1/draft-ietf-opsec-filter-caps-05.txt	2007-04-03 22:12:21.000000000 +0200
+++ 2/draft-ietf-opsec-filter-caps-06.txt	2007-04-03 22:12:21.000000000 +0200
@@ -1,21 +1,21 @@
 
 None.                                                          C. Morrow
 Internet-Draft                                        UUNET Technologies
 Intended status: Informational                                  G. Jones
-Expires: September 2, 2007
+Expires: September 22, 2007
                                                                V. Manral
                                                              IP Infusion
-                                                           March 1, 2007
+                                                          March 21, 2007
 
  Filtering and Rate Limiting Capabilities for IP Network Infrastructure
-                    draft-ietf-opsec-filter-caps-05
+                    draft-ietf-opsec-filter-caps-06
 
 Status of this Memo
 
    By submitting this Internet-Draft, each author represents that any
    applicable patent or other IPR claims of which he or she is aware
    have been or will be disclosed, and any of which he or she becomes
    aware will be disclosed, in accordance with Section 6 of BCP 79.
 
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF), its areas, and its working groups.  Note that
@@ -26,21 +26,21 @@
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
    The list of current Internet-Drafts can be accessed at
    http://www.ietf.org/ietf/1id-abstracts.txt.
 
    The list of Internet-Draft Shadow Directories can be accessed at
    http://www.ietf.org/shadow.html.
 
-   This Internet-Draft will expire on September 2, 2007.
+   This Internet-Draft will expire on September 22, 2007.
 
 Copyright Notice
 
    Copyright (C) The IETF Trust (2007).
 
 Abstract
 
    [RFC4778] lists operator practices related to securing networks.
    This document lists filtering and rate limiting capabilities needed
    to support those practices.  Capabilities are limited to filtering
@@ -82,24 +82,25 @@
      5.3.  Filter Hits are Counted  . . . . . . . . . . . . . . . . . 18
      5.4.  Filter Counters are Accurate . . . . . . . . . . . . . . . 19
    6.  Minimal Performance Degradation  . . . . . . . . . . . . . . . 20
    7.  Additional Operational Practices . . . . . . . . . . . . . . . 22
      7.1.  Profile Current Traffic  . . . . . . . . . . . . . . . . . 22
      7.2.  Block Malicious Packets  . . . . . . . . . . . . . . . . . 22
      7.3.  Limit Sources of Management  . . . . . . . . . . . . . . . 22
      7.4.  Respond to Incidents Based on Accurate Data  . . . . . . . 22
      7.5.  Implement Filters Where Necessary  . . . . . . . . . . . . 23
    8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 24
-   9.  Non-normative References . . . . . . . . . . . . . . . . . . . 25
-   Appendix A.  Acknowledgments . . . . . . . . . . . . . . . . . . . 26
-   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27
-   Intellectual Property and Copyright Statements . . . . . . . . . . 28
+   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 25
+   10. Non-normative References . . . . . . . . . . . . . . . . . . . 26
+   Appendix A.  Acknowledgments . . . . . . . . . . . . . . . . . . . 27
+   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28
+   Intellectual Property and Copyright Statements . . . . . . . . . . 29
 
 1.  Introduction
 
    This document is defined in the context of [RFC4778].  [RFC4778]
    defines the goals, motivation, scope, definitions, intended audience,
    threat model, potential attacks and give justifications for each of
    the practices.  Many of the capabilities listed here refine or add to
    capabilities listed in [RFC3871].
 
    Also see [I-D.lewis-infrastructure-security] for a useful description
@@ -202,26 +203,24 @@
    Capability.
 
       The device provides a means to filter IP packets on any interface
       implementing IP.
 
    Supported Practices.
 
       *  Security Practices for Device Management ([RFC4778], Section
          2.2.2)
 
-      *  Security Practices for Data Path ([I-D.ietf-opsec-current-
-         practices], Section 2.3.2)
+      *  Security Practices for Data Path ([RFC4778], Section 2.3.2)
 
       *  Security Practices for Software Upgrades and Configuration
-         Integrity/Validation ([I-D.ietf-opsec-current-practices],
-         Section 2.5.2)
+         Integrity/Validation ([RFC4778], Section 2.5.2)
 
       *  Data Plane Filtering ([RFC4778], Section 2.7.1)
 
       *  Management Plane Filtering ([RFC4778], Section 2.7.2)
 
       *  Profile Current Traffic (Section 7.1)
 
       *  Block Malicious Packets (Section 7.2)
 
    Current Implementations.
@@ -849,21 +850,25 @@
    policies.
 
 8.  Security Considerations
 
    General
       Security is the subject matter of this entire memo.  The
       capabilities listed cite practices in [RFC4778] that they are
       intended to support.  [RFC4778] defines the threat model,
       practices and lists justifications for each practice.
 
-9.  Non-normative References
+9.  IANA Considerations
+
+   This document has no actions for IANA.
+
+10.  Non-normative References
 
    [I-D.lewis-infrastructure-security]
               Lewis, D., "Service Provider Infrastructure Security",
               draft-lewis-infrastructure-security-00 (work in progress),
               June 2006.
 
    [I-D.savola-rtgwg-backbone-attacks]
               Savola, P., "Backbone Infrastructure Attacks and
               Protections", draft-savola-rtgwg-backbone-attacks-03 (work
               in progress), January 2007.