Re: [6lo] Review of draft-ietf-6lo-privacy-considerations-00
Kerry Lynn <kerlyn@ieee.org> Thu, 05 November 2015 03:12 UTC
Return-Path: <kerlyn2001@gmail.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5502F1A0203 for <6lo@ietfa.amsl.com>; Wed, 4 Nov 2015 19:12:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.027
X-Spam-Level:
X-Spam-Status: No, score=-1.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VFKfCXvtlZQS for <6lo@ietfa.amsl.com>; Wed, 4 Nov 2015 19:12:33 -0800 (PST)
Received: from mail-ig0-x22b.google.com (mail-ig0-x22b.google.com [IPv6:2607:f8b0:4001:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5CC21A01EA for <6lo@ietf.org>; Wed, 4 Nov 2015 19:12:32 -0800 (PST)
Received: by igdg1 with SMTP id g1so2258949igd.1 for <6lo@ietf.org>; Wed, 04 Nov 2015 19:12:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=FVfsmnmPcDFQgAIJrhsDc/JKVk6hP2cYZ9qO6rEYSvE=; b=bOIplbukFjFz0lY+uDn6mA1kfW5nrWuDXnwdL9aGKf1NfPw59YH48iJ9taoX3ZoxvR 5OUxWFsm7IOE2VcsxD/65K9HnYXkvP+1d1CrtjoB5To1fRjZXeoj6bprG6na2OJL4cZ9 vIgd7buoN/00Pq+p7rlu9M2dq5nXFbqH7KR4yFxOdWynZPnGHyJQ0PDBxcR49Yt+b/F0 6ozWgjvVSnnCSY4dKvYKnAzr58RReEpEY3a6etRekbybLZjfVnOCX983kUH6MdGjjR65 xfF4LxjpGwS7pul9Pajf2Ougu7Ao5v3jh0nK91V3wdD2bR3Z9Mg0Dmm13f/H/4Rq5+7H xk8w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee_org.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=FVfsmnmPcDFQgAIJrhsDc/JKVk6hP2cYZ9qO6rEYSvE=; b=gSd57t/F0aqnk3yvCTXTPnHW3u2PFf3KGOanwVrwJUCBMD0lwHlIRkZqU/3zgUwjD5 WqhqaSF1xd4y3G0kjPrGqcmDzsS1rYnSODWXrybh5lmA1K1f3xPxJQ5QsqyHlpJVZyXg aF5nhuTAcetsxkoluq/HaEnpfB6EHQ3v9gAESlOGbmz6TMh8Op7voNjxkyShBTaQNoLT boziizuwW/K1lI0vJGsDuQG9eAmyrIY6yctSLfi/ts3Rie5JDdWEOuIhU4vxjID8zg+Z IAujLpNpEF0420eUaSH5gGLeFGPpXZWAtuaYXLXHLvAs4tnqvI/nvQj6CyTv9NQRTbGI B+zw==
MIME-Version: 1.0
X-Received: by 10.50.143.8 with SMTP id sa8mr556944igb.69.1446693152293; Wed, 04 Nov 2015 19:12:32 -0800 (PST)
Sender: kerlyn2001@gmail.com
Received: by 10.79.74.67 with HTTP; Wed, 4 Nov 2015 19:12:32 -0800 (PST)
In-Reply-To: <CABOxzu3rCprewfRmBkj1MoE34dF03m9NKs1-=PRiwhnijh+81g@mail.gmail.com>
References: <CABOxzu3rCprewfRmBkj1MoE34dF03m9NKs1-=PRiwhnijh+81g@mail.gmail.com>
Date: Wed, 04 Nov 2015 22:12:32 -0500
X-Google-Sender-Auth: M8NSo9ilsXVvb5_9wHmzg1Zfyeg
Message-ID: <CABOxzu1QCcHgjG5jNKP66=nDvvy7o_15dYDwMsbYtC4F7tPL9g@mail.gmail.com>
From: Kerry Lynn <kerlyn@ieee.org>
To: "6lo@ietf.org" <6lo@ietf.org>
Content-Type: multipart/alternative; boundary="001a1134b40e7109c20523c27f3e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/6lo/B6abqsIhBX4Ep50znt14WOP7V1I>
Subject: Re: [6lo] Review of draft-ietf-6lo-privacy-considerations-00
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2015 03:12:35 -0000
Correction below... On Tue, Nov 3, 2015 at 8:39 PM, Kerry Lynn <kerlyn@ieee.org> wrote: > Greetings, > > To begin finalizing the Security Considerations section of draft-ietf-6lo- > 6lobac, i thought it would be useful to re-read and offer my review of > draft-ietf-6lo-privacy-considerations-00. > > First, some general comments: > > - I find the document clear and understandable, as per Dave's usual. > > - As this document pertains to constrained devices, I think some of the > concerns expressed in other fora (e.g. leaking link-local address in > email headers) don't apply here. > > - I think it would be helpful to clearly divide the document according to > threats posed by off-link vs on-link adversaries. In the off-link case, > we are dealing only with routable addresses and information that is > at L3 or higher. This class of threats applies to all hosts, including > 6lo. > Using a random 60+ bit IID (per prefix?) will mitigate all threats > discussed in draft-ietf-6man-ipv6-address-generation-privacy except > correlation of activity over time. > > In the on-link case, are we only concerned with threats that apply to > (wireless) data links that are susceptible to eavesdropping, or must we > also be concerned with intruders in the wiring closet? In any event, this > class of threats would seem to exclude address scanning (which is trivial > if an attacker has access to the local link traffic). > > - If address scanning is eliminated as a concern (as in cases where it > cannot be prevented), then arguments about "enough entropy" do not > apply and locally assigned short addresses have their rightful place in > forming link-local IIDs. The side effect of this is to enable maximally > efficient RFC 6282 compression for link-local traffic. > > - Concerns about correlation over time may not apply to certain classes > of devices (fixed servers) or applications (e.g. building automation, where > associating link-layer address with location is a feature, not a bug). In > some cases, it may simply be impractical to change link-layer address > on a frequent basis (e.g. it is common in the case of MS/TP nodes to set > the L2 address via DIP switches). > > - It has been suggested that ND might be eliminated in some cases to > further increase bandwidth efficiency. (For example, in cases where a > locally-assigned short identifier has been assigned at L2 and is then > used to form an IID, ND is redundant.) AFAIK, there hasn't been any > discussion about how to tell the difference between L2-derived and > "random" IIDs. We might identify L2-derived IIDs as those containing > the 0xFFFE pattern in the middle, or not having the 0xFFFE pattern but > having the U/L bit = 1 in the IID. This would exclude these patterns from > This ^^^ should read "having the U/L bit = 0 in the IID." > > valid privacy IIDs and result in a maximum entropy of ~63 bits. > > > Now on to specifics: > > - In section 2, I think the analysis pertains to the lifetime of a given > link > so the wording "average lifetime of a device" should instead be "average > lifetime of a link". > > It is worth noting that CoAP servers do not have a "stealth mode". > According to [RFC7252] a CoAP server MUST respond to an empty > Confirmable message with a Reset message. > > - In section 3, MS/TP has 7 or 64 bits (since L2 addresses must be in > the range 0 - 127). > > - Section 3.1 seems to alternately switch between discussing link-layer > addresses and IIDs formed from those addresses. Perhaps consistent > use of "link identifier" and "interface identifier" would help disambiguate > the meaning. > > EUI-64 and EUI-48 are well-defined terms (trademarked in fact, and > this should be noted in the document). An EUI-64 may have 40, 36, or > 28 bits of entropy, while an EUI-48 may have 24, 20, or 12 bits, none > of which meet the standard of "at least 46 bits". I'm not sure it's > accurate to use "randomized IEEE identifiers", unless this refers to > locally-assigned MAC addresses with the U/L bit = 1, in which case we > might want to reference an appropriate IEEE 802 or ISO standard. > > - In Section 4, first bullet, it should be enough to indicate that privacy > IIDs are RECOMMENDED for routable addresses. (Is there a case > where a privacy IID is less than ~63 bits of entropy?) This section > should also discuss options for providing privacy IIDs via DHCPv6 > (M=1 in RA). > > Second bullet - as I've indicated above, there's no such thing as a > "random" EUI-64 or EUI-48. We can probably use "randomized MAC > addresses". I need to go back and re-read [RFC7136] to see if it makes > sense to specify U/L bit in this context. > > Third bullet - this advice should not apply to link-local IIDs. Any > attacker > wishing to find "hits" just needs to fire up a sniffer. > > Fourth bullet - this advice should not apply to link-local IIDs for devices > or applications where correlation of activities over time is not a concern. > > HTH, Kerry >