Re: [BEHAVE] address-format secure configuration
Christian Huitema <huitema@microsoft.com> Thu, 01 April 2010 00:23 UTC
Return-Path: <huitema@microsoft.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8F33B3A6A79 for <behave@core3.amsl.com>; Wed, 31 Mar 2010 17:23:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.913
X-Spam-Level:
X-Spam-Status: No, score=-8.913 tagged_above=-999 required=5 tests=[AWL=-0.044, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vbwm-1sH2n7y for <behave@core3.amsl.com>; Wed, 31 Mar 2010 17:23:43 -0700 (PDT)
Received: from smtp.microsoft.com (mail1.microsoft.com [131.107.115.212]) by core3.amsl.com (Postfix) with ESMTP id 701883A6A2B for <behave@ietf.org>; Wed, 31 Mar 2010 17:23:40 -0700 (PDT)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E801.partners.extranet.microsoft.com (10.251.56.50) with Microsoft SMTP Server (TLS) id 8.2.176.0; Wed, 31 Mar 2010 17:24:11 -0700
Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) with Microsoft SMTP Server (TLS) id 14.0.639.21; Wed, 31 Mar 2010 17:24:11 -0700
Received: from TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com ([169.254.3.99]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi; Wed, 31 Mar 2010 17:24:11 -0700
From: Christian Huitema <huitema@microsoft.com>
To: David Harrington <ietfdbh@comcast.net>, Dave Thaler <dthaler@microsoft.com>
Thread-Topic: [BEHAVE] address-format secure configuration
Thread-Index: AcrQ9K6JpQsxSoblR0isFoLny4+YRQAH3U6QAAC7V+AAAgV/IAAESfKA
Date: Thu, 01 Apr 2010 00:24:09 +0000
Message-ID: <6B55F0F93C3E9D45AF283313B8D342BA6863CDC6@TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com>
References: <02d001cad0f5$41ef7ee0$0600a8c0@china.huawei.com> <6B55F0F93C3E9D45AF283313B8D342BA6863C744@TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com> <9B57C850BB53634CACEC56EF4853FF65139210A3@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <034501cad120$f96c8d80$0600a8c0@china.huawei.com>
In-Reply-To: <034501cad120$f96c8d80$0600a8c0@china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "behave@ietf.org" <behave@ietf.org>
Subject: Re: [BEHAVE] address-format secure configuration
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2010 00:23:45 -0000
Do you want to replace the security section by a simple statement that "This document only defines address formats and does not create any new security concerns?" We can certainly do that, but I would rather make sure that the concerns that we raise get documented somewhere. Clearly, address translation opens interesting opportunities for address spoofing and "interesting" configurations. Spoofing is mostly an issue with stateless address translation, which allows nodes to specify in an IPv6 address the IPv4 translation. We may want to move that text to the "stateless translation" draft. Prefix configuration is an issue with any time of translation, and should probably be addressed in the framework document. -----Original Message----- From: David Harrington [mailto:ietfdbh@comcast.net] Sent: Wednesday, March 31, 2010 3:25 PM To: Dave Thaler Cc: Christian Huitema; behave@ietf.org Subject: RE: [BEHAVE] address-format secure configuration Hi, I raised the issue of secure configuration because the document does. I probably wouldn't really have noticed this section much except that the section asserts that using a default prefix addresses security concerns, and I disagree with that. I would be fine with pointers to other documents, such as draft-carpenter-renum-needs-work, and maybe v6 autoconfig documents and/or DHCP security. I would be fine with a pointer to one of the behave documents that addresses the concern, or to a v6ops document that addresses the concern. (I think but might change my mind) I would even be fine with a statement that this document only defines address formats and does not create any new security concerns. But to observe in the security considerations that multiple devices and applications need to be configured consistently and securely, and then not provide any guidance or pointers to guidance seems wrong to me. dbh > -----Original Message----- > From: Dave Thaler [mailto:dthaler@microsoft.com] > Sent: Wednesday, March 31, 2010 5:16 PM > To: David Harrington > Cc: Christian Huitema; behave@ietf.org > Subject: RE: [BEHAVE] address-format secure configuration > > To second what Christian said, if you look at RFC 4291 it contains > no discussion of secure configuration, it defines address formats. > This draft is no different. > > Configuration mechanisms are outside the scope of this document. > I don't believe the things you raise belong in this document. > They could be in a separate document for which we could add a > milestone as part of the rechartering. > > -Dave > > > -----Original Message----- > > From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On > > Behalf Of Christian Huitema > > Sent: Wednesday, March 31, 2010 1:57 PM > > To: David Harrington; behave@ietf.org > > Subject: Re: [BEHAVE] address-format secure configuration > > > > David, > > > > We do not describe configuration in this document, we > merely describe > > address format. Configuration is indeed important, but do you really > > believe that it should be part of this document? What about > the other > > documents in the working set, e.g. the description of stateful and > > stateless address translation? Or the framework document? > The note in > > the security section is meant to flag the issue, not to resolve it. > > > > -- Christian Huitema > > > > > > -----Original Message----- > > From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On > > Behalf Of David Harrington > > Sent: Wednesday, March 31, 2010 10:12 AM > > To: behave@ietf.org > > Subject: [BEHAVE] address-format secure configuration > > > > Hi, > > > > I think section 4.2 Secure Configuration is inadequate. The > discussion > > of configuration is inadequate, and the discussion of security is > > inadequate. > > > > Configuration will require some synchronization if the values should > > change. Specifying a default prefix might provide an initial > > synchronization, but does not address the difficult > operational issue > > of synchronization of changes to the deployed prefixes and formats. > > The document does not discuss the operational and security > > vulnerabilties exposed during the process of changing a prefix. > > > > Secure configuration of prefixes and formats across multiple devices > > and applications in a network will require some type of > authentication > > and authorization, and protection from various possible > attacks, such > > as man in the middle attacks. A default prefix does not address the > > security issues involved in secure configuration, as far as > I can see. > > > > > > I think work needs to be done on this section. I recommend > addressing > > the operational considerations of deploying a change of > prefix across > > a network, and separately identifying and addressing the threats > > involved in prefix configuration. > > > > > > David Harrington > > dbharrington@comcast.net > > ietfdbh@comcast.net > > dharrington@huawei.com > > > > _______________________________________________ > > Behave mailing list > > Behave@ietf.org > > https://www.ietf.org/mailman/listinfo/behave > > > > _______________________________________________ > > Behave mailing list > > Behave@ietf.org > > https://www.ietf.org/mailman/listinfo/behave > >
- [BEHAVE] address-format secure configuration David Harrington
- Re: [BEHAVE] address-format secure configuration Dan Wing
- Re: [BEHAVE] address-format secure configuration Christian Huitema
- Re: [BEHAVE] address-format secure configuration Dave Thaler
- Re: [BEHAVE] address-format secure configuration Brian E Carpenter
- Re: [BEHAVE] address-format secure configuration David Harrington
- Re: [BEHAVE] address-format secure configuration Christian Huitema
- Re: [BEHAVE] address-format secure configuration Xing Li
- Re: [BEHAVE] address-format secure configuration Brian E Carpenter
- Re: [BEHAVE] address-format secure configuration David Harrington