IETF Logo Mail Archive

Re: [BEHAVE] address-format secure configuration

"David Harrington" <ietfdbh@comcast.net> Thu, 01 April 2010 13:21 UTC

Return-Path: <ietfdbh@comcast.net>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 96B3D3A67FA for <behave@core3.amsl.com>; Thu, 1 Apr 2010 06:21:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.147
X-Spam-Level:
X-Spam-Status: No, score=0.147 tagged_above=-999 required=5 tests=[AWL=1.016, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KXD4arWDlv4S for <behave@core3.amsl.com>; Thu, 1 Apr 2010 06:21:35 -0700 (PDT)
Received: from qmta09.westchester.pa.mail.comcast.net (qmta09.westchester.pa.mail.comcast.net [76.96.62.96]) by core3.amsl.com (Postfix) with ESMTP id 192503A6808 for <behave@ietf.org>; Thu, 1 Apr 2010 06:21:25 -0700 (PDT)
Received: from omta19.westchester.pa.mail.comcast.net ([76.96.62.98]) by qmta09.westchester.pa.mail.comcast.net with comcast id 0Aej1e00927AodY59DMtL5; Thu, 01 Apr 2010 13:21:53 +0000
Received: from Harrington73653 ([67.189.235.106]) by omta19.westchester.pa.mail.comcast.net with comcast id 0DRY1e00D2JQnJT3fDRYr6; Thu, 01 Apr 2010 13:25:32 +0000
From: David Harrington <ietfdbh@comcast.net>
To: 'Christian Huitema' <huitema@microsoft.com>, 'Dave Thaler' <dthaler@microsoft.com>
References: <02d001cad0f5$41ef7ee0$0600a8c0@china.huawei.com> <6B55F0F93C3E9D45AF283313B8D342BA6863C744@TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com> <9B57C850BB53634CACEC56EF4853FF65139210A3@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <034501cad120$f96c8d80$0600a8c0@china.huawei.com> <6B55F0F93C3E9D45AF283313B8D342BA6863CDC6@TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com>
Date: Thu, 01 Apr 2010 09:21:51 -0400
Message-ID: <03e401cad19e$4adaed60$0600a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcrQ9K6JpQsxSoblR0isFoLny4+YRQAH3U6QAAC7V+AAAgV/IAAESfKAABsoiaA=
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
In-Reply-To: <6B55F0F93C3E9D45AF283313B8D342BA6863CDC6@TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com>
Cc: behave@ietf.org
Subject: Re: [BEHAVE] address-format secure configuration
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2010 13:21:38 -0000

 > We can certainly do that, but I would rather make sure that 
> the concerns that we raise get documented somewhere.

I would like two things:
1) the statement that default prefixes solve this problem needs to be
reworded, since it seems obvious that default prefixes alone do not
provide secure or synchronized configuration, especially for prefix
changes. I think the current section doesn't adequately identify the
issues that should be considered, so the rewording should mention the
synchronization and security issues in a **bit** more detail.
2) the secure configuration section of the current document should
point to documents where the concerns raised by address translation
get discussed in more detail, and preferably operational guidance is
provided in those documents. The documents might be other behave
documents or v6ops documents or other documents.

I think those changes should be fairly simple.

dbh

> -----Original Message-----
> From: Christian Huitema [mailto:huitema@microsoft.com] 
> Sent: Wednesday, March 31, 2010 8:24 PM
> To: David Harrington; Dave Thaler
> Cc: behave@ietf.org
> Subject: RE: [BEHAVE] address-format secure configuration
> 
> Do you want to replace the security section by a simple 
> statement that "This document only defines address formats 
> and does not create any new security concerns?"
> 
> We can certainly do that, but I would rather make sure that 
> the concerns that we raise get documented somewhere. Clearly, 
> address translation opens interesting opportunities for 
> address spoofing and "interesting" configurations. 
> 
> Spoofing is mostly an issue with stateless address 
> translation, which allows nodes to specify in an IPv6 address 
> the IPv4 translation. We may want to move that text to the 
> "stateless translation" draft. Prefix configuration is an 
> issue with any time of translation, and should probably be 
> addressed in the framework document.
> 
> -----Original Message-----
> From: David Harrington [mailto:ietfdbh@comcast.net] 
> Sent: Wednesday, March 31, 2010 3:25 PM
> To: Dave Thaler
> Cc: Christian Huitema; behave@ietf.org
> Subject: RE: [BEHAVE] address-format secure configuration
> 
> Hi,
> 
> I raised the issue of secure configuration because the document
does.
> 
> I probably wouldn't really have noticed this section much except
that
> the section asserts that using a default prefix addresses security
> concerns, and I disagree with that.
> 
> I would be fine with pointers to other documents, such as
> draft-carpenter-renum-needs-work, and maybe v6 autoconfig documents
> and/or DHCP security.
> I would be fine with a pointer to one of the behave documents that
> addresses the concern, or
> to a v6ops document that addresses the concern. 
> (I think but might change my mind) I would even be fine with a
> statement that this document only defines address formats and does
not
> create any new security concerns.
> 
> But to observe in the security considerations that multiple devices
> and applications need to be configured consistently and securely,
and
> then not provide any guidance or pointers to guidance seems wrong to
> me.
> 
> dbh
> 
> > -----Original Message-----
> > From: Dave Thaler [mailto:dthaler@microsoft.com] 
> > Sent: Wednesday, March 31, 2010 5:16 PM
> > To: David Harrington
> > Cc: Christian Huitema; behave@ietf.org
> > Subject: RE: [BEHAVE] address-format secure configuration
> > 
> > To second what Christian said, if you look at RFC 4291 it contains
> > no discussion of secure configuration, it defines address formats.
> > This draft is no different.
> > 
> > Configuration mechanisms are outside the scope of this document.
> > I don't believe the things you raise belong in this document.
> > They could be in a separate document for which we could add a
> > milestone as part of the rechartering.
> > 
> > -Dave
> > 
> > > -----Original Message-----
> > > From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org]
On
> > > Behalf Of Christian Huitema
> > > Sent: Wednesday, March 31, 2010 1:57 PM
> > > To: David Harrington; behave@ietf.org
> > > Subject: Re: [BEHAVE] address-format secure configuration
> > > 
> > > David,
> > > 
> > > We do not describe configuration in this document, we 
> > merely describe
> > > address format. Configuration is indeed important, but do you
> really
> > > believe that it should be part of this document? What about 
> > the other
> > > documents in the working set, e.g. the description of stateful
and
> > > stateless address translation? Or the framework document? 
> > The note in
> > > the security section is meant to flag the issue, not to resolve
> it.
> > > 
> > > -- Christian Huitema
> > > 
> > > 
> > > -----Original Message-----
> > > From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org]
On
> > > Behalf Of David Harrington
> > > Sent: Wednesday, March 31, 2010 10:12 AM
> > > To: behave@ietf.org
> > > Subject: [BEHAVE] address-format secure configuration
> > > 
> > > Hi,
> > > 
> > > I think section 4.2 Secure Configuration is inadequate. The 
> > discussion
> > > of configuration is inadequate, and the discussion of security
is
> > > inadequate.
> > > 
> > > Configuration will require some synchronization if the values
> should
> > > change. Specifying a default prefix might provide an initial
> > > synchronization, but does not address the difficult 
> > operational issue
> > > of synchronization of changes to the deployed prefixes and
> formats.
> > > The document does not discuss the operational and security
> > > vulnerabilties exposed during the process of changing a prefix.
> > > 
> > > Secure configuration of prefixes and formats across multiple
> devices
> > > and applications in a network will require some type of 
> > authentication
> > > and authorization, and protection from various possible 
> > attacks, such
> > > as man in the middle attacks. A default prefix does not address
> the
> > > security issues involved in secure configuration, as far as 
> > I can see.
> > > 
> > > 
> > > I think work needs to be done on this section. I recommend 
> > addressing
> > > the operational considerations of deploying a change of 
> > prefix across
> > > a network, and separately identifying and addressing the threats
> > > involved in prefix configuration.
> > > 
> > > 
> > > David Harrington
> > > dbharrington@comcast.net
> > > ietfdbh@comcast.net
> > > dharrington@huawei.com
> > > 
> > > _______________________________________________
> > > Behave mailing list
> > > Behave@ietf.org
> > > https://www.ietf.org/mailman/listinfo/behave
> > > 
> > > _______________________________________________
> > > Behave mailing list
> > > Behave@ietf.org
> > > https://www.ietf.org/mailman/listinfo/behave
> > 
> > 
> 
> 
>

v2.23.0 | Report a Bug | By Email