Re: [BEHAVE] address-format secure configuration
"David Harrington" <ietfdbh@comcast.net> Wed, 31 March 2010 22:24 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9ADA43A69E9 for <behave@core3.amsl.com>; Wed, 31 Mar 2010 15:24:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.408
X-Spam-Level:
X-Spam-Status: No, score=0.408 tagged_above=-999 required=5 tests=[AWL=1.277, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oYSPvNX72dO4 for <behave@core3.amsl.com>; Wed, 31 Mar 2010 15:24:18 -0700 (PDT)
Received: from qmta08.westchester.pa.mail.comcast.net (qmta08.westchester.pa.mail.comcast.net [76.96.62.80]) by core3.amsl.com (Postfix) with ESMTP id 2387C3A6975 for <behave@ietf.org>; Wed, 31 Mar 2010 15:24:17 -0700 (PDT)
Received: from omta23.westchester.pa.mail.comcast.net ([76.96.62.74]) by qmta08.westchester.pa.mail.comcast.net with comcast id zmh81d0041c6gX858yQqJW; Wed, 31 Mar 2010 22:24:50 +0000
Received: from Harrington73653 ([67.189.235.106]) by omta23.westchester.pa.mail.comcast.net with comcast id zyUR1d00J2JQnJT3jyUStK; Wed, 31 Mar 2010 22:28:26 +0000
From: David Harrington <ietfdbh@comcast.net>
To: 'Dave Thaler' <dthaler@microsoft.com>
References: <02d001cad0f5$41ef7ee0$0600a8c0@china.huawei.com> <6B55F0F93C3E9D45AF283313B8D342BA6863C744@TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com> <9B57C850BB53634CACEC56EF4853FF65139210A3@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com>
Date: Wed, 31 Mar 2010 18:24:48 -0400
Message-ID: <034501cad120$f96c8d80$0600a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcrQ9K6JpQsxSoblR0isFoLny4+YRQAH3U6QAAC7V+AAAgV/IA==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
In-Reply-To: <9B57C850BB53634CACEC56EF4853FF65139210A3@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com>
Cc: behave@ietf.org
Subject: Re: [BEHAVE] address-format secure configuration
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2010 22:24:20 -0000
Hi, I raised the issue of secure configuration because the document does. I probably wouldn't really have noticed this section much except that the section asserts that using a default prefix addresses security concerns, and I disagree with that. I would be fine with pointers to other documents, such as draft-carpenter-renum-needs-work, and maybe v6 autoconfig documents and/or DHCP security. I would be fine with a pointer to one of the behave documents that addresses the concern, or to a v6ops document that addresses the concern. (I think but might change my mind) I would even be fine with a statement that this document only defines address formats and does not create any new security concerns. But to observe in the security considerations that multiple devices and applications need to be configured consistently and securely, and then not provide any guidance or pointers to guidance seems wrong to me. dbh > -----Original Message----- > From: Dave Thaler [mailto:dthaler@microsoft.com] > Sent: Wednesday, March 31, 2010 5:16 PM > To: David Harrington > Cc: Christian Huitema; behave@ietf.org > Subject: RE: [BEHAVE] address-format secure configuration > > To second what Christian said, if you look at RFC 4291 it contains > no discussion of secure configuration, it defines address formats. > This draft is no different. > > Configuration mechanisms are outside the scope of this document. > I don't believe the things you raise belong in this document. > They could be in a separate document for which we could add a > milestone as part of the rechartering. > > -Dave > > > -----Original Message----- > > From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On > > Behalf Of Christian Huitema > > Sent: Wednesday, March 31, 2010 1:57 PM > > To: David Harrington; behave@ietf.org > > Subject: Re: [BEHAVE] address-format secure configuration > > > > David, > > > > We do not describe configuration in this document, we > merely describe > > address format. Configuration is indeed important, but do you really > > believe that it should be part of this document? What about > the other > > documents in the working set, e.g. the description of stateful and > > stateless address translation? Or the framework document? > The note in > > the security section is meant to flag the issue, not to resolve it. > > > > -- Christian Huitema > > > > > > -----Original Message----- > > From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On > > Behalf Of David Harrington > > Sent: Wednesday, March 31, 2010 10:12 AM > > To: behave@ietf.org > > Subject: [BEHAVE] address-format secure configuration > > > > Hi, > > > > I think section 4.2 Secure Configuration is inadequate. The > discussion > > of configuration is inadequate, and the discussion of security is > > inadequate. > > > > Configuration will require some synchronization if the values should > > change. Specifying a default prefix might provide an initial > > synchronization, but does not address the difficult > operational issue > > of synchronization of changes to the deployed prefixes and formats. > > The document does not discuss the operational and security > > vulnerabilties exposed during the process of changing a prefix. > > > > Secure configuration of prefixes and formats across multiple devices > > and applications in a network will require some type of > authentication > > and authorization, and protection from various possible > attacks, such > > as man in the middle attacks. A default prefix does not address the > > security issues involved in secure configuration, as far as > I can see. > > > > > > I think work needs to be done on this section. I recommend > addressing > > the operational considerations of deploying a change of > prefix across > > a network, and separately identifying and addressing the threats > > involved in prefix configuration. > > > > > > David Harrington > > dbharrington@comcast.net > > ietfdbh@comcast.net > > dharrington@huawei.com > > > > _______________________________________________ > > Behave mailing list > > Behave@ietf.org > > https://www.ietf.org/mailman/listinfo/behave > > > > _______________________________________________ > > Behave mailing list > > Behave@ietf.org > > https://www.ietf.org/mailman/listinfo/behave > >
- [BEHAVE] address-format secure configuration David Harrington
- Re: [BEHAVE] address-format secure configuration Dan Wing
- Re: [BEHAVE] address-format secure configuration Christian Huitema
- Re: [BEHAVE] address-format secure configuration Dave Thaler
- Re: [BEHAVE] address-format secure configuration Brian E Carpenter
- Re: [BEHAVE] address-format secure configuration David Harrington
- Re: [BEHAVE] address-format secure configuration Christian Huitema
- Re: [BEHAVE] address-format secure configuration Xing Li
- Re: [BEHAVE] address-format secure configuration Brian E Carpenter
- Re: [BEHAVE] address-format secure configuration David Harrington