Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privacy-considerations-00
Kerry Lynn <kerlyn@ieee.org> Thu, 07 July 2016 17:35 UTC
Return-Path: <kerlyn2001@gmail.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F23B412B042 for <6lo@ietfa.amsl.com>; Thu, 7 Jul 2016 10:35:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.15
X-Spam-Level:
X-Spam-Status: No, score=-2.15 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FORGED_FROMDOMAIN=0.198, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K9EYq2v7zZJz for <6lo@ietfa.amsl.com>; Thu, 7 Jul 2016 10:35:21 -0700 (PDT)
Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 753B512D590 for <6lo@ietf.org>; Thu, 7 Jul 2016 10:35:21 -0700 (PDT)
Received: by mail-it0-x232.google.com with SMTP id f6so25008357ith.0 for <6lo@ietf.org>; Thu, 07 Jul 2016 10:35:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=eWk6rGjSq2LcUnNg818jf02+ocHpeBGFght9znp98Pg=; b=jJ80f4/E36AjNnZE6BDok5MH0V23TN7k99K2bXzZSixP3aUPZHTI1xdwNVqnBgUX8c Q7jDEfb8n09sCAeKVFAw4QrydBJ/T8nkotFNnK6olcenIXHkovTXAxxnae9ikjMyNYcF QjjpfVHsw6bEyjZ7n4/ze/9ZLLaSrTQiVIfCWvM6RtBnsSZAEWTD5v6pDvv7PBG2Rnrz G9Ka8WFMKq3QRxrIKPdv6ALgUxGuqi4fnIo7dLgnOjDLWc/XkqBVtSvJXTFyyZrQy+o8 7W/FVIkRiZCLOpv6qwB+1Ki60YfdtVZMe61BlkO6w1kTwGCSDjwCxva0IUsja5jnpae3 Z/EA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=eWk6rGjSq2LcUnNg818jf02+ocHpeBGFght9znp98Pg=; b=CibEHcRz2YbufNrS9/ryse8dQf2oZ0wiOWVPCXdWyE4Oz0VVkMIcQKIQwuY28xmKag 4roKwsuN7TBb4MdSRWRiH2f9Tocn0X7f/1HxFJ/qVoorbUOGCNQHo2acesSfEJj85fbA mCYBYyIx5oAJCGJikR31rkP0PVT7E95iM7GtWbs/+UYhjZ+Il5ZpF2ugfGSgxHVk7r07 DCqSIif1rMZGVX1f8KBiN3qXn7BFIiDAeusSkdcPBRdwZ6OzixxlY4EsUulcOIj9Bzb3 +Fix5dh6foLFQyEgo0pdHpOT4gcUuYNEQX7hiW0STQmnI8mHTsPlHcBIFkShS4VVb81M I5bA==
X-Gm-Message-State: ALyK8tJXmOsmggUFf5WFeBvbZ9lzk6IcrEaHWqy3eJcbP9TBUIkmLI+wG7kQa/zxKZdcM/SumhKwAvu4YSj6Ew==
X-Received: by 10.36.16.197 with SMTP id 188mr4314365ity.88.1467912920556; Thu, 07 Jul 2016 10:35:20 -0700 (PDT)
MIME-Version: 1.0
Sender: kerlyn2001@gmail.com
Received: by 10.79.41.3 with HTTP; Thu, 7 Jul 2016 10:35:20 -0700 (PDT)
In-Reply-To: <DM2PR0301MB071714F2740B62FE43A7C50FA33B0@DM2PR0301MB0717.namprd03.prod.outlook.com>
References: <DM2PR0301MB0717E12C81B148B725353679A33A0@DM2PR0301MB0717.namprd03.prod.outlook.com> <DM2PR0301MB0717D9FC94C84FD357C572D0A33B0@DM2PR0301MB0717.namprd03.prod.outlook.com> <DM2PR0301MB071714F2740B62FE43A7C50FA33B0@DM2PR0301MB0717.namprd03.prod.outlook.com>
From: Kerry Lynn <kerlyn@ieee.org>
Date: Thu, 07 Jul 2016 13:35:20 -0400
X-Google-Sender-Auth: f8TlQn8kDMV7FUIvggpR3HxzaBY
Message-ID: <CABOxzu3TnAD2AH_-yKco-6pnKTSqrcS-R1mNk9jwgMdYxQ4sqw@mail.gmail.com>
To: Dave Thaler <dthaler@microsoft.com>
Content-Type: multipart/alternative; boundary="001a1144405a30ebb805370f1c8f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/e2L1DGX5xYvZ5bwBxn-E90D-zv4>
Cc: "6lo@ietf.org" <6lo@ietf.org>
Subject: Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privacy-considerations-00
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2016 17:35:25 -0000
Hi Dave, Thanks for your edits. I'm currently on holiday with only a mobile phone (which works only when the wind blows right) so I'll give comments when i get back to civilization on Tues. Hopefully we can have some group discussion in 6lo if time permits. Regards, Kerry On Wed, Jul 6, 2016 at 9:22 PM, Dave Thaler <dthaler@microsoft.com> wrote: > Ok, I just posted an update in which I tried to take Kerry's feedback into > account. > > Some notes below about what I did, but see the diffs for details. > > > From: Dave Thaler > > Sent: Tuesday, July 5, 2016 6:22 PM > > To: 6lo@ietf.org; Kerry Lynn <kerlyn@ieee.org> > > Subject: RE: [6lo] RESEND: Reveiw of > draft-ietf-6lo-privacy-considerations-00 > > > > I'm working on updating this now. > > > > Kerry Lynn wrote: > > > To begin finalizing the Security Considerations section of > > > draft-ietf-6lo- 6lobac, i thought it would be useful to re-read and > > > offer my review of draft-ietf-6lo-privacy-considerations-00. > > > > Thanks for the feedback! > > > > > First, some general comments: > > > > > > - I find the document clear and understandable, as per Dave's usual. > > > > > > - As this document pertains to constrained devices, I think some of > > > the concerns expressed in other fora (e.g. leaking link-local address > > > in email headers) don't apply here. > > > > Yes they do. Just because a device is resource constrained doesn't mean > it > > can't leak link-local addresses. In fact we have plenty of evidence > that > > leaking link-local addresses can easily happen by accident (or programmer > > neglect), in any number of Internet protocols (DNS, SIP, SMTP, etc.) > > I did make changes in a number of places, especially any discussion around > address scans, to make the discussion specific to routable addresses. > I put in some text to state my points as well, but the primary focus of > address scan text (and thus the larger number of entropy bits) is for > routable addresses, which I hope is clear in the text now. > > > > - I think it would be helpful to clearly divide the document according > > > to threats posed by off-link vs on-link adversaries. In the off-link > > > case, we are dealing only with routable addresses and information that > > > is at L3 or higher. This class of threats applies to all hosts, > including 6lo. > > > Using a random 60+ bit IID (per prefix?) will mitigate all threats > > > discussed in draft-ietf-6man-ipv6-address-generation-privacy except > > > correlation of activity over time. > > > > Ok, will see what I can do. > > I made textual changes, but not organizational changes (table of contents > remains the same) since some points do not clearly delineate that way. > So hopefully it's clear enough in each paragraph now. > > > > > > In the on-link case, are we only concerned with threats that apply to > > > (wireless) data links that are susceptible to eavesdropping, or must > > > we also be concerned with intruders in the wiring closet? > > > > If the link is a multi-access link, and one of the devices can be > compromised, > > then it can potentially be used to eavesdrop on communication between two > > other entities on the link. So it's not wired vs wireless so much as > point-to- > > point vs multi-access. > > I added a minor point about NBMA but the main focus in the text is, I hope, > consistent with I think what your main point is. > > > > In any event, this > > > class of threats would seem to exclude address scanning (which is > > > trivial if an attacker has access to the local link traffic). > > > > Depends on the link-layer protocol. Some link layers (e.g., ones that > don't > > support multicast/broadcast) don't use ND and so address scanning may > still > > be an issue. > > > > > - If address scanning is eliminated as a concern (as in cases where it > > > cannot be prevented), then arguments about "enough entropy" do not > > > apply and locally assigned short addresses have their rightful place > > > in forming link-local IIDs. The side effect of this is to enable > > > maximally efficient RFC 6282 compression for link-local traffic. > > > > I think you're still assuming that link-local addresses can never leak > via higher > > layer protocols, whereas we know they can. So link-local addresses are > still > > an issue for the off-link case. Even though an attacker can't use them > to > > communicate with the constrained device, they can still result in privacy > > vulnerabilities. > > As noted earlier, I updated the text so that address scans and the larger > amount of entropy being mainly for routable addresses. > > > > > > - Concerns about correlation over time may not apply to certain > > > classes of devices (fixed servers) or applications (e.g. building > > > automation, where associating link-layer address with location is a > > > feature, not a bug). In some cases, it may simply be impractical to > > > change link-layer address on a frequent basis (e.g. it is common in > > > the case of MS/TP nodes to set the L2 address via DIP switches). > > > > Right, in cases like fixed services that might even be resolvable via > DNS or > > some other mechanism, public addresses are used and privacy of such > > addresses is not an issue. However, the point is that that IETF should > not > > design protocols that can ONLY support such cases. (The draft is a bit > softer > > than saying that though, it just says that your Privacy Considerations > section > > needs to have a discussion of the issues, and then the IETF community and > > the IESG can decide whether there is IETF consensus on it.) > > > > > - It has been suggested that ND might be eliminated in some cases to > > > further increase bandwidth efficiency. (For example, in cases where a > > > locally-assigned short identifier has been assigned at L2 and is then > > > used to form an IID, ND is redundant.) > > > > Well there's multiple parts of "ND". The NUD part is still relevant in > all > > cases. The Address Resolution part can be eliminated in some cases (and > > indeed it's up to each link-layer protocol to say how Address Resolution > is > > done, which defaults to normal ND if you say nothing). > > > > > AFAIK, there hasn't been any > > > discussion about how to tell the difference between L2-derived and > > > "random" IIDs. We might identify L2-derived IIDs as those containing > > > the 0xFFFE pattern in the middle, or not having the 0xFFFE pattern but > > > having the U/L bit = 0 in the IID. This would exclude these patterns > > > from valid privacy IIDs and result in a maximum entropy of ~63 bits. > > > > One cannot positively tell the difference simply by looking at an > address. > > One needs additional information to say for sure, because ultimately > it's up > > to each link (or maybe even finer granularity). But for things like > address-to- > > string conversion ("pretty-printing") purposes, some implementations > (like > > Windows) do have a random generation algorithm that avoids colliding with > > the patterns you mention, and do result in a max entropy of ~63 bits. > > So far I don't see any reason the draft needs to discuss this point > though. > > > > > Now on to specifics: > > > > > > - In section 2, I think the analysis pertains to the lifetime of a > > > given link so the wording "average lifetime of a device" should > > > instead be "average lifetime of a link". > > > > Right, will fix (it's correct in the equation at top of page 4 but then > the text > > below it wasn't consistent with it). > > Done. > > > > > > It is worth noting that CoAP servers do not have a "stealth mode". > > > According to [RFC7252] a CoAP server MUST respond to an empty > > > Confirmable message with a Reset message. > > > > It's not worth noting because the same could be said for TCP or HTTP or > > ICMP. The "stealth mode" is a property of a host firewall in front of > it but on > > the same device. Section 5 of RFC 7288 (which the draft > > references) already contains a discussion of this point, and just uses > TCP and > > ICMP as examples, and that text equally applies to COAP. > > Updated text to discuss firewalls and reword to make it clearer that it's > about dropping unsolicited inbound traffic before it ever reaches > the TCP/ICMP/COAP/whatever layer, and also mentioned network firewalls > in front of the subnet, that have the same effect. > > > > > > - In section 3, MS/TP has 7 or 64 bits (since L2 addresses must be in > > > the range 0 - 127). > > > > Thanks, will fix. > > Fixed. > > > > > > - Section 3.1 seems to alternately switch between discussing > > > link-layer addresses and IIDs formed from those addresses. Perhaps > > > consistent use of "link identifier" and "interface identifier" would > > > help disambiguate the meaning. > > > > Ok, will see what I can do. > > Changed. > > > > > > EUI-64 and EUI-48 are well-defined terms (trademarked in fact, and > > > this should be noted in the document). > > > > Why should it be noted? Can you point me to a 6man RFC (since many 6man > > RFCs mention EUI-64 and EUI-48) that notes that the term is > trademarked? Is > > there an RFC style guide directive on such matters? > > > > > An EUI-64 may have 40, 36, or > > > 28 bits of entropy, while an EUI-48 may have 24, 20, or 12 bits, none > > > of which meet the standard of "at least 46 bits". > > > > When the OUI is unknown, the lack of such knowledge provides a few more > > bits of entropy since the attacker has to at least try any well-known > OUI's and > > do a search within each one. For example, if there's 64+ possible OUI's > in > > use, that's around 6 more bits of entropy. An off-link attacker cannot, > > without additional information, know what the link type is and so has to > try > > OUIs without being able to narrow it down to OUI's for that link type. > > I also reduced the number of occurrences of the "46 bits" number, since > that's > just an example for links that can last 8 years or more. (Many 6lo links > last > for far less time than that, so we shouldn't over-index on the number 46, > it's just an example. The key point is to derive the number from the max > expected link lifetime.) > > > > > > I'm not sure it's > > > accurate to use "randomized IEEE identifiers", unless this refers to > > > locally-assigned MAC addresses with the U/L bit = 1, in which case we > > > might want to reference an appropriate IEEE 802 or ISO standard. > > > > Random MAC addresses was the intent, but "MAC" as a term only applies to > > specific link types. Maybe "randomized link-layer addresses" is a better > > term, so I'll use that. > > Done > > > > > > - In Section 4, first bullet, it should be enough to indicate that > > > privacy IIDs are RECOMMENDED for routable addresses. (Is there a case > > > where a privacy IID is less than ~63 bits of entropy?) > > > > Such a recommendation may be too strong for some cases (it would indeed > > be sufficient, but not necessary). For example, if the link lifetime is > usually > > <1 second, then privacy IIDs might be overkill. The point of the first > bullet is > > to say that an IP-over-Foo doc should contain such a discussion. > However, > > perhaps your point is that it could say that using privacy addresses is > one easy > > way to meet the requirement. > > > > That is, I don't believe there is 6lo WG consensus for stating that > privacy IIDs > > are RECOMMENDED for routable addresses. > > > > > This section > > > should also discuss options for providing privacy IIDs via DHCPv6 > > > (M=1 in RA). > > > > I have no problem adding such a reference. The point is to say what > privacy > > considerations need to be addressed in a doc, rather than details of > *how* > > to address them, in order to leave maximum freedom. > > But providing examples as informative references as you suggest is a good > > thing. > > I checked and there is no reference (RFC or draft) as far as anyone I > asked knows. > So I didn't mention DHCPv6 in this document, I left it for 6man documents > to discuss since it's not specific to 6lo. > > > > > > Second bullet - as I've indicated above, there's no such thing as a > > > "random" EUI-64 or EUI-48. We can probably use "randomized MAC > > > addresses". I need to go back and re-read [RFC7136] to see if it > > > makes sense to specify U/L bit in this context. > > > > Agreed, will use "randomized link-layer addresses". > > Done > > > > > > Third bullet - this advice should not apply to link-local IIDs. Any > > > attacker wishing to find "hits" just needs to fire up a sniffer. > > > > Disagree as noted above. It applies due to off-link leakage. > > (And the IP-over-Foo layer should not make assumptions about what upper- > > layer protocols do.) The risk might be smaller, and hence it might apply > > "less", but it still applies. > > > > > Fourth bullet - this advice should not apply to link-local IIDs for > > > devices or applications where correlation of activities over time is > not a > > concern. > > > > Same answer. The risk might be smaller and hence it might apply > "less", but > > it still applies. > > Also the whole section is under the heading of "recommendations" not > "requirements", so they're already implied SHOULD's rather than MUST's > in that sense. But either way, the security/privacy text in a draft > should address > the issue, whatever the answer is. > > > > > Again the main point of this draft is not to say what one MUST or MUST > NOT > > do (or rather *how* one MUST or MUST NOT solve some privacy issue), but > > rather what issues need to be addressed in a doc, and some > > recommendations > > ("shoulds") on good ways to address them. So the fact that there's > still a risk > > means there's still a need for text to address them or convincingly (to > the > > IETF community and to the IESG) explain why some issue doesn't apply to a > > particular IP-over-foo mechanism. > > > > Thanks again for the review, > > Dave >
- Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privac… Kerry Lynn
- Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privac… Dave Thaler
- Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privac… Dave Thaler
- [6lo] RESEND: Reveiw of draft-ietf-6lo-privacy-co… Kerry Lynn
- Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privac… AbdurRashidSangi
- Re: [6lo] RESEND: Reveiw of draft-ietf-6lo-privac… Dave Thaler