Re: [BEHAVE] address-format secure configuration
Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 01 April 2010 12:27 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 774523A78D8 for <behave@core3.amsl.com>; Thu, 1 Apr 2010 05:27:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.136
X-Spam-Level:
X-Spam-Status: No, score=-1.136 tagged_above=-999 required=5 tests=[AWL=-0.267, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jMuoAC-5PDnZ for <behave@core3.amsl.com>; Thu, 1 Apr 2010 05:27:42 -0700 (PDT)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.24]) by core3.amsl.com (Postfix) with ESMTP id 8A3463A6BFF for <behave@ietf.org>; Thu, 1 Apr 2010 05:16:34 -0700 (PDT)
Received: by qw-out-2122.google.com with SMTP id 9so332413qwb.31 for <behave@ietf.org>; Thu, 01 Apr 2010 05:16:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=578KbijOMXW9rzncMuigVu4Eup3w520WVOZgog0CWvM=; b=TKVRB37zfNcijs6sznnK7BBBnEEsa2iZykpF4ONu20i5JTk+QNxNKS5gdE3Kq3m2Hr y7IaOCqeBXIXViUvFXY/MwiXVf7GDdr4SzLRun0907v2L2j5eogNjGHbIjWEmHtD2GNT 8Ix/m5mieBowJbygTal7t5BG5TDBpY+nRYLj8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=csG7cRwQ/k5pGOLseggN3V7+jl5l73KfWeWGQzEyDQGkZNvvDgJPwBPizuPgyfNNlp PEb7s7YNbhtaLoHXsPb6rP/tyRaoKlJILKAXmjvT2tuCqjGtz8g3gMNLUCfE9/9Bn5qy NaeqS3o0OgIDUssxrIo0grAGLOgTmgtQHlSXo=
Received: by 10.229.213.140 with SMTP id gw12mr1180722qcb.96.1270124185882; Thu, 01 Apr 2010 05:16:25 -0700 (PDT)
Received: from [172.16.1.8] (12-50-201-66.att-inc.com [12.50.201.66]) by mx.google.com with ESMTPS id 2sm3173549qwi.29.2010.04.01.05.16.23 (version=SSLv3 cipher=RC4-MD5); Thu, 01 Apr 2010 05:16:25 -0700 (PDT)
Message-ID: <4BB48E90.5030209@gmail.com>
Date: Fri, 02 Apr 2010 01:16:16 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Xing Li <xing@cernet.edu.cn>
References: <02d001cad0f5$41ef7ee0$0600a8c0@china.huawei.com> <6B55F0F93C3E9D45AF283313B8D342BA6863C744@TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com> <9B57C850BB53634CACEC56EF4853FF65139210A3@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <034501cad120$f96c8d80$0600a8c0@china.huawei.com> <6B55F0F93C3E9D45AF283313B8D342BA6863CDC6@TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com> <4BB46056.9000903@cernet.edu.cn>
In-Reply-To: <4BB46056.9000903@cernet.edu.cn>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: David Harrington <ietfdbh@comcast.net>, "behave@ietf.org" <behave@ietf.org>, Dave Thaler <dthaler@microsoft.com>
Subject: Re: [BEHAVE] address-format secure configuration
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2010 12:27:43 -0000
I understood Dave to be commenting on a dangling reference in the specific text in the address format draft. That is a reasonable comment, since dangling references are always bad. My personal view (already expressed) is that the particular point is more of a v6ops question, but I didn't see Dave raising a general point about the whole set of documents. Regards Brian Carpenter On 2010-04-01 21:59, Xing Li wrote: > Christian Huitema 写道: >> Do you want to replace the security section by a simple statement that >> "This document only defines address formats and does not create any >> new security concerns?" >> >> We can certainly do that, but I would rather make sure that the >> concerns that we raise get documented somewhere. Clearly, address >> translation opens interesting opportunities for address spoofing and >> "interesting" configurations. >> Spoofing is mostly an issue with stateless address translation, which >> allows nodes to specify in an IPv6 address the IPv4 translation. We >> may want to move that text to the "stateless translation" draft. >> Prefix configuration is an issue with any time of translation, and >> should probably be addressed in the framework document. >> > > The current framework document reads > > 7. Security Considerations > > "This document is the framework of IPv4/IPv6 translation. The > security issues are addressed in individual IPv4/IPv6 translation > documents, i.e. [I-D.ietf-behave-address-format], > [I-D.ietf-behave-v6v4-xlate], [I-D.ietf-behave-v6v4-xlate-stateful], > [I-D.ietf-behave-dns64], and [I-D.ietf-behave-ftp64]." > > > The current xlate document reads > > 6. Security Considerations > > "There are potential issues that might arise by deriving an IPv4 > address from an IPv6 address - particularly addresses like broadcast > or loopback addresses and the non IPv4-translatable IPv6 addresses, > etc. The [I-D.ietf-behave-address-format] addresses these issues." > > Should we change this format? > > regards, > > xing, congxiao > >> -----Original Message----- >> From: David Harrington [mailto:ietfdbh@comcast.net] Sent: Wednesday, >> March 31, 2010 3:25 PM >> To: Dave Thaler >> Cc: Christian Huitema; behave@ietf.org >> Subject: RE: [BEHAVE] address-format secure configuration >> >> Hi, >> >> I raised the issue of secure configuration because the document does. >> >> I probably wouldn't really have noticed this section much except that >> the section asserts that using a default prefix addresses security >> concerns, and I disagree with that. >> >> I would be fine with pointers to other documents, such as >> draft-carpenter-renum-needs-work, and maybe v6 autoconfig documents >> and/or DHCP security. >> I would be fine with a pointer to one of the behave documents that >> addresses the concern, or >> to a v6ops document that addresses the concern. (I think but might >> change my mind) I would even be fine with a >> statement that this document only defines address formats and does not >> create any new security concerns. >> >> But to observe in the security considerations that multiple devices >> and applications need to be configured consistently and securely, and >> then not provide any guidance or pointers to guidance seems wrong to >> me. >> >> dbh >> >> >>> -----Original Message----- >>> From: Dave Thaler [mailto:dthaler@microsoft.com] Sent: Wednesday, >>> March 31, 2010 5:16 PM >>> To: David Harrington >>> Cc: Christian Huitema; behave@ietf.org >>> Subject: RE: [BEHAVE] address-format secure configuration >>> >>> To second what Christian said, if you look at RFC 4291 it contains >>> no discussion of secure configuration, it defines address formats. >>> This draft is no different. >>> >>> Configuration mechanisms are outside the scope of this document. >>> I don't believe the things you raise belong in this document. >>> They could be in a separate document for which we could add a >>> milestone as part of the rechartering. >>> >>> -Dave >>> >>> >>>> -----Original Message----- >>>> From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On >>>> Behalf Of Christian Huitema >>>> Sent: Wednesday, March 31, 2010 1:57 PM >>>> To: David Harrington; behave@ietf.org >>>> Subject: Re: [BEHAVE] address-format secure configuration >>>> >>>> David, >>>> >>>> We do not describe configuration in this document, we >>> merely describe >>> >>>> address format. Configuration is indeed important, but do you >>>> >> really >> >>>> believe that it should be part of this document? What about >>> the other >>> >>>> documents in the working set, e.g. the description of stateful and >>>> stateless address translation? Or the framework document? >>> The note in >>> >>>> the security section is meant to flag the issue, not to resolve >>>> >> it. >> >>>> -- Christian Huitema >>>> >>>> >>>> -----Original Message----- >>>> From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On >>>> Behalf Of David Harrington >>>> Sent: Wednesday, March 31, 2010 10:12 AM >>>> To: behave@ietf.org >>>> Subject: [BEHAVE] address-format secure configuration >>>> >>>> Hi, >>>> >>>> I think section 4.2 Secure Configuration is inadequate. The >>> discussion >>> >>>> of configuration is inadequate, and the discussion of security is >>>> inadequate. >>>> >>>> Configuration will require some synchronization if the values >>>> >> should >> >>>> change. Specifying a default prefix might provide an initial >>>> synchronization, but does not address the difficult >>> operational issue >>> >>>> of synchronization of changes to the deployed prefixes and >>>> >> formats. >> >>>> The document does not discuss the operational and security >>>> vulnerabilties exposed during the process of changing a prefix. >>>> >>>> Secure configuration of prefixes and formats across multiple >>>> >> devices >> >>>> and applications in a network will require some type of >>> authentication >>> >>>> and authorization, and protection from various possible >>> attacks, such >>> >>>> as man in the middle attacks. A default prefix does not address >>>> >> the >> >>>> security issues involved in secure configuration, as far as >>> I can see. >>> >>>> I think work needs to be done on this section. I recommend >>> addressing >>> >>>> the operational considerations of deploying a change of >>> prefix across >>> >>>> a network, and separately identifying and addressing the threats >>>> involved in prefix configuration. >>>> >>>> >>>> David Harrington >>>> dbharrington@comcast.net >>>> ietfdbh@comcast.net >>>> dharrington@huawei.com >>>> >>>> _______________________________________________ >>>> Behave mailing list >>>> Behave@ietf.org >>>> https://www.ietf.org/mailman/listinfo/behave >>>> >>>> _______________________________________________ >>>> Behave mailing list >>>> Behave@ietf.org >>>> https://www.ietf.org/mailman/listinfo/behave >>>> >>> >> >> >> _______________________________________________ >> Behave mailing list >> Behave@ietf.org >> https://www.ietf.org/mailman/listinfo/behave >> >> >> > > _______________________________________________ > Behave mailing list > Behave@ietf.org > https://www.ietf.org/mailman/listinfo/behave
- [BEHAVE] address-format secure configuration David Harrington
- Re: [BEHAVE] address-format secure configuration Dan Wing
- Re: [BEHAVE] address-format secure configuration Christian Huitema
- Re: [BEHAVE] address-format secure configuration Dave Thaler
- Re: [BEHAVE] address-format secure configuration Brian E Carpenter
- Re: [BEHAVE] address-format secure configuration David Harrington
- Re: [BEHAVE] address-format secure configuration Christian Huitema
- Re: [BEHAVE] address-format secure configuration Xing Li
- Re: [BEHAVE] address-format secure configuration Brian E Carpenter
- Re: [BEHAVE] address-format secure configuration David Harrington