[6lo] RESEND: Reveiw of draft-ietf-6lo-privacy-considerations-00
Kerry Lynn <kerlyn@ieee.org> Tue, 23 February 2016 12:28 UTC
Return-Path: <kerlyn2001@gmail.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8E6A1A1ADC for <6lo@ietfa.amsl.com>; Tue, 23 Feb 2016 04:28:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.027
X-Spam-Level:
X-Spam-Status: No, score=-1.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B1-eb4otLR1e for <6lo@ietfa.amsl.com>; Tue, 23 Feb 2016 04:28:56 -0800 (PST)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DEEE1A1AE6 for <6lo@ietf.org>; Tue, 23 Feb 2016 04:28:56 -0800 (PST)
Received: by mail-io0-x234.google.com with SMTP id z135so211026520iof.0 for <6lo@ietf.org>; Tue, 23 Feb 2016 04:28:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=9jO7fUydEmxrk14JzopeqMzSTehU7xkKbEl6C/E+msY=; b=e3RplhwrxLMr+i6JGcBHerjqui7F6faKP8aaIMxqSMGyODyZELcviBmFy95G0O/vPz bWbjYIX4Hi4zZM7Rx32hrCVQLjvAs4I5W8JsmbGU+mfxSR5CsaWI9J8olnRIK9NIlyXp bUvt688ce/+1NrjlXMUkoyzMOwAWkIMvugTtGyFg2AeYTWlb4q8+RmLiZiVNdUn17VnQ 7Dntwpyo+LGIfcaBzER1+F+m+cdXXl5IbxKnegXmZuDv28jgMrFbMB9qXxrJgDlTQ4pa jeP8I1alrg9UnImdn4FStjr071rV+mVGxnip6AFMvsAJOjdfPz3IFQhgVU/imi6Kzbhn OxsA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee-org.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=9jO7fUydEmxrk14JzopeqMzSTehU7xkKbEl6C/E+msY=; b=do4jCP4bbk14LRUhfNDERjDT4RZe/EC1KeUox6zWzsT4OzL9g6txBupVyS8m0u+nxC j/T2J5+gNbGMShIgK/znuVRRZ6BbcM0Q79IPudpba2PJztxHVb9GQbHH52bC3fArzD7G w9CvSvuBekZawZbpyuRYd/TTxy4iARV2SYdmW+fLAS9xf90qmWYWWiyczR/EQkrdZoh5 ge4RbqEx2xfqO87U3IJCy8c8N+ojcQwVftnShHG1wxq3jCBRnGLSvcdkabyMIetoK9Sv H5xyoIXx3EbPnA4XcZM7qboaJsoQ80k5hGdJ1to4SptWv+n22fWmeZ17PWDmv3KUAyFa sB7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:date:message-id:subject:from :to:content-type; bh=9jO7fUydEmxrk14JzopeqMzSTehU7xkKbEl6C/E+msY=; b=bHl84lfAoU4F0TJJ1T++BlzI2vTl2kJibKFS6WE5+BUR6CwcfiiT0t5SOBWytP+imd xn+Cw7l71orVcoGIXzwugQZJtM6Ca+NqYiL1taSc5H9sel0lvj0X+tm19U0+ZyEfBzkY PLT1TotBuDhYZLyeVTY5JfhoLBV63JWJYEyyWkRF9eEXzKtZl7oXYBaTmlTejeZRRhfN 1bqI/2ofkCW5vVudKnz05gsZkSoo02HQv7QxbAPSX84pNCDblscqWnJccuzHMiMBegik 2louphWyIzbFqeM5ZncZVEI1PIs+tM4pnafYZuHaV155qSFz3PtxhwvsNqRA0KIp3iOI VB7w==
X-Gm-Message-State: AG10YOTtgV9g7F73O3NiqTIlBihQu2a2+wd2U5Ahq6cUI1W80H7fj8n7/vxbYbTvBI4ldh9w9mX1LV5Ok6QYgg==
MIME-Version: 1.0
X-Received: by 10.107.19.193 with SMTP id 62mr38303726iot.41.1456230535743; Tue, 23 Feb 2016 04:28:55 -0800 (PST)
Sender: kerlyn2001@gmail.com
Received: by 10.79.67.197 with HTTP; Tue, 23 Feb 2016 04:28:55 -0800 (PST)
Date: Tue, 23 Feb 2016 07:28:55 -0500
X-Google-Sender-Auth: ipHQ6_oc2ELlF5wwD4akuRBTHO4
Message-ID: <CABOxzu1rQT1mhk3mR9KdHKqqQCFeVu6TV00BE0iUFk8VbkrGzQ@mail.gmail.com>
From: Kerry Lynn <kerlyn@ieee.org>
To: "6lo@ietf.org" <6lo@ietf.org>
Content-Type: multipart/alternative; boundary="001a113f91b6cb5490052c6f17cb"
Archived-At: <http://mailarchive.ietf.org/arch/msg/6lo/YaOpIC41J4qe_VbytjrqKyXUiaY>
Subject: [6lo] RESEND: Reveiw of draft-ietf-6lo-privacy-considerations-00
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2016 12:28:58 -0000
Greetings, To begin finalizing the Security Considerations section of draft-ietf-6lo- 6lobac, i thought it would be useful to re-read and offer my review of draft-ietf-6lo-privacy-considerations-00. First, some general comments: - I find the document clear and understandable, as per Dave's usual. - As this document pertains to constrained devices, I think some of the concerns expressed in other fora (e.g. leaking link-local address in email headers) don't apply here. - I think it would be helpful to clearly divide the document according to threats posed by off-link vs on-link adversaries. In the off-link case, we are dealing only with routable addresses and information that is at L3 or higher. This class of threats applies to all hosts, including 6lo. Using a random 60+ bit IID (per prefix?) will mitigate all threats discussed in draft-ietf-6man-ipv6-address-generation-privacy except correlation of activity over time. In the on-link case, are we only concerned with threats that apply to (wireless) data links that are susceptible to eavesdropping, or must we also be concerned with intruders in the wiring closet? In any event, this class of threats would seem to exclude address scanning (which is trivial if an attacker has access to the local link traffic). - If address scanning is eliminated as a concern (as in cases where it cannot be prevented), then arguments about "enough entropy" do not apply and locally assigned short addresses have their rightful place in forming link-local IIDs. The side effect of this is to enable maximally efficient RFC 6282 compression for link-local traffic. - Concerns about correlation over time may not apply to certain classes of devices (fixed servers) or applications (e.g. building automation, where associating link-layer address with location is a feature, not a bug). In some cases, it may simply be impractical to change link-layer address on a frequent basis (e.g. it is common in the case of MS/TP nodes to set the L2 address via DIP switches). - It has been suggested that ND might be eliminated in some cases to further increase bandwidth efficiency. (For example, in cases where a locally-assigned short identifier has been assigned at L2 and is then used to form an IID, ND is redundant.) AFAIK, there hasn't been any discussion about how to tell the difference between L2-derived and "random" IIDs. We might identify L2-derived IIDs as those containing the 0xFFFE pattern in the middle, or not having the 0xFFFE pattern but having the U/L bit = 0 in the IID. This would exclude these patterns from valid privacy IIDs and result in a maximum entropy of ~63 bits. Now on to specifics: - In section 2, I think the analysis pertains to the lifetime of a given link so the wording "average lifetime of a device" should instead be "average lifetime of a link". It is worth noting that CoAP servers do not have a "stealth mode". According to [RFC7252] a CoAP server MUST respond to an empty Confirmable message with a Reset message. - In section 3, MS/TP has 7 or 64 bits (since L2 addresses must be in the range 0 - 127). - Section 3.1 seems to alternately switch between discussing link-layer addresses and IIDs formed from those addresses. Perhaps consistent use of "link identifier" and "interface identifier" would help disambiguate the meaning. EUI-64 and EUI-48 are well-defined terms (trademarked in fact, and this should be noted in the document). An EUI-64 may have 40, 36, or 28 bits of entropy, while an EUI-48 may have 24, 20, or 12 bits, none of which meet the standard of "at least 46 bits". I'm not sure it's accurate to use "randomized IEEE identifiers", unless this refers to locally-assigned MAC addresses with the U/L bit = 1, in which case we might want to reference an appropriate IEEE 802 or ISO standard. - In Section 4, first bullet, it should be enough to indicate that privacy IIDs are RECOMMENDED for routable addresses. (Is there a case where a privacy IID is less than ~63 bits of entropy?) This section should also discuss options for providing privacy IIDs via DHCPv6 (M=1 in RA). Second bullet - as I've indicated above, there's no such thing as a "random" EUI-64 or EUI-48. We can probably use "randomized MAC addresses". I need to go back and re-read [RFC7136] to see if it makes sense to specify U/L bit in this context. Third bullet - this advice should not apply to link-local IIDs. Any attacker wishing to find "hits" just needs to fire up a sniffer. Fourth bullet - this advice should not apply to link-local IIDs for devices or applications where correlation of activities over time is not a concern. HTH, Kerry
- Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privac… Kerry Lynn
- Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privac… Dave Thaler
- Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privac… Dave Thaler
- [6lo] RESEND: Reveiw of draft-ietf-6lo-privacy-co… Kerry Lynn
- Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privac… AbdurRashidSangi
- Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privac… Dave Thaler