IETF Logo Mail Archive

Re: [dhcwg] Next step(s) for draft-ietf-dhc-stable-privacy-addresses -> abandon work? / IA_NA applicability

Christian Huitema <huitema@microsoft.com> Wed, 08 April 2015 21:32 UTC

Return-Path: <huitema@microsoft.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF8211B36D8 for <dhcwg@ietfa.amsl.com>; Wed, 8 Apr 2015 14:32:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.602
X-Spam-Level:
X-Spam-Status: No, score=-0.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_ILLEGAL_IP=1.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d3cAkkEUf62Y for <dhcwg@ietfa.amsl.com>; Wed, 8 Apr 2015 14:32:28 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0102.outbound.protection.outlook.com [207.46.100.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 672DD1B36D2 for <dhcwg@ietf.org>; Wed, 8 Apr 2015 14:32:28 -0700 (PDT)
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (0.160.96.17) by DM2PR0301MB0656.namprd03.prod.outlook.com (0.160.96.18) with Microsoft SMTP Server (TLS) id 15.1.130.23; Wed, 8 Apr 2015 21:32:24 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([0.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([0.160.96.17]) with mapi id 15.01.0130.020; Wed, 8 Apr 2015 21:32:24 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Fernando Gont <fgont@si6networks.com>, Lorenzo Colitti <lorenzo@google.com>
Thread-Topic: [dhcwg] Next step(s) for draft-ietf-dhc-stable-privacy-addresses -> abandon work? / IA_NA applicability
Thread-Index: AQHQbKUoMJbTD1bZXk+QhGz7q11ugZ04hNEAgAADQ4CAAAlnAIAF8IkAgACpKACAA401gIAAPCOAgAAHLICAAADYgIAABPgAgAAFfwCAAA7PAIAABL4AgAAhhwCAAGz3QA==
Date: Wed, 08 Apr 2015 21:32:24 +0000
Message-ID: <DM2PR0301MB0655FDB31066DE7E1CA809A4A8FC0@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <489D13FBFA9B3E41812EA89F188F018E1CA32071@xmb-rcd-x04.cisco.com> <8C4E055C-ED1D-4951-8473-6166109ACE69@nominum.com> <489D13FBFA9B3E41812EA89F188F018E1CA321EE@xmb-rcd-x04.cisco.com> <6D7A465E-6EBE-4B69-9B65-BAC7BF2A9873@nominum.com> <489D13FBFA9B3E41812EA89F188F018E1CA3229F@xmb-rcd-x04.cisco.com> <55214802.1070305@si6networks.com> <CAKD1Yr3UYT0yPEqftEXpN8zmk=-dka_NMcu3rbb_GG+YSnk2ZQ@mail.gmail.com> <5524D09B.3090706@si6networks.com> <CAKD1Yr2Ztzoys+xKBzsEHU5hqJmfGpn-GeWPEqNCHRuWOTgsJQ@mail.gmail.com> <55250911.30100@si6networks.com> <CAKD1Yr0ojVmk-ctUO313zvAx01P=B-A2zVuwDm73+dLgVwDLOw@mail.gmail.com> <55250DF2.8050001@si6networks.com> <CAKD1Yr33wFmjjqjYu8YEpqYvnn=kh9oJhe1YAC7UEzacQFBaWg@mail.gmail.com> <55251EFA.4000204@si6networks.com> <CAKD1Yr0XK-DQkcJKwTYmiWzCzZs4pubCme9rAgoZ_ig-P5MgsQ@mail.gmail.com> <55253F14.6000706@si6networks.com>
In-Reply-To: <55253F14.6000706@si6networks.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e0:ee43::4]
authentication-results: si6networks.com; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0656;
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10019020)(6009001)(51704005)(377454003)(479174004)(24454002)(230783001)(99286002)(76176999)(33656002)(50986999)(2656002)(54356999)(87936001)(2900100001)(2950100001)(74316001)(86362001)(106116001)(40100003)(92566002)(46102003)(93886004)(62966003)(76576001)(102836002)(19580395003)(122556002)(77156002)(19580405001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0656; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-microsoft-antispam-prvs: <DM2PR0301MB065650A0F26B8A0024C270A9A8FC0@DM2PR0301MB0656.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5002010)(5005006); SRVR:DM2PR0301MB0656; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0656;
x-forefront-prvs: 0540846A1D
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2015 21:32:24.6552 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0656
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/-nfTg5T2SNyXuTf-Jdg4ePOxE4Y>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, "Bernie Volz (volz)" <volz@cisco.com>, Ted Lemon <Ted.Lemon@nominum.com>
Subject: Re: [dhcwg] Next step(s) for draft-ietf-dhc-stable-privacy-addresses -> abandon work? / IA_NA applicability
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 21:32:29 -0000

To comment further on this discussion between Fernando and Lorenzo

> On 04/08/2015 09:45 AM, Lorenzo Colitti wrote:
> > On Wed, Apr 8, 2015 at 9:28 PM, Fernando Gont <fgont@si6networks.com
> > <mailto:fgont@si6networks.com>> wrote:
> >
> >     ...
> >     The intent is that if you're going to use this scheme, for leasing
> >     addreses, you use this scheme for all prefixes: at the end of the day,
> >     if *one* of your addresses is predictable, that's enough for the
> >     attacker to track you or scan you.
> >
> >
> > No, it's not enough. The attacker can only track or scan you if you
> > use a stupid algorithm to generate the IIDs. Yours is not stupid, but
> > neither are many others such as "random". You can perfectly well use
> > random assignment on some subnets and your algorithm on other subnets.

I think there is value in having some part of the DHCPv6 spec specify the "don't be stupid" logic. My personal preference would be to add the list of privacy attacks in the "security considerations" of DHCPv6bis. Something like:

Some address allocation schemes are known to be harmful, because they facilitate scanning, allow for information leakage, or fail to maintain the address stability required by many applications. In particular:
* Assigning addresses using some kind of sequential algorithm (prefix::1, prefix:2, prefix::3,...) greatly facilitate scanning of the network;
* Deriving the IID part of addresses from the link layer address of the client exposes information about the client hardware and enables tracking the client across multiple subnets;
* Using memory-less random allocation schemes fails to maintain enough stability for many applications;
The algorithm presented in [RFC7217] provides a solution to this problem for nodes using IPv6 Stateless Address Autoconfiguration. Similar algorithms could be used by DHCPv6 servers to avoid the aforementioned issues.

If we added that to the main DHCPv6 spec, there would be no need for a separate RFC presenting a variant of the 7217 algorithm.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email