Re: [dhcwg] recommendation on DHCP6 source port numbers
Robert Nagy <rob@deepdivenetworking.com> Fri, 01 March 2024 02:10 UTC
Return-Path: <rob@deepdivenetworking.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEAB6C14F5F8 for <dhcwg@ietfa.amsl.com>; Thu, 29 Feb 2024 18:10:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 73TzthPrR50v for <dhcwg@ietfa.amsl.com>; Thu, 29 Feb 2024 18:10:00 -0800 (PST)
Received: from sender4-op-o12.zoho.com (sender4-op-o12.zoho.com [136.143.188.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA039C14F5F6 for <dhcwg@ietf.org>; Thu, 29 Feb 2024 18:10:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1709258997; cv=none; d=zohomail.com; s=zohoarc; b=DqUUwFzLiv3H6LfQHJyAanVbAQAzBbe7XePIBBPzOX9eR8e/9+ObVeqFxTq8igXmE2pynZpSeQNbguHE5uxZOBYxkhei1LDWvsLJ7x+c4rWzlYOxyFYAW/qylsdBL4C0GQ3aFs1G4FuEQUKk6HC1FKr6nYM6h+dUIApzhCBGcK4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1709258997; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=Igb6QD5Q+pNkhm8F9IZKCOlLaFnpKtaJzSq8/i18WYU=; b=SPusilc5RwrXJ+CAr1rkAMD6chM5biJ3+lQjtDhE9U+OoV83j/r8bVCCKCriLtmz9QQ6ypmfAeVktd41BW1LH1UWjRVXBG6rVGyoCiQ2GaeoeTa5mrVhdeNMhjtntIKOof2mJzsoTk22JhSWazyr1SMR8ZvosBMhyZqqrFHnT/I=
ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass smtp.mailfrom=rob@deepdivenetworking.com; dmarc=pass header.from=<rob@deepdivenetworking.com>
Received: from mail.zoho.com by mx.zohomail.com with SMTP id 170925899578637.20495502825963; Thu, 29 Feb 2024 18:09:55 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail-C242FED1-973B-464F-B034-FB4119717089"
Content-Transfer-Encoding: 7bit
From: Robert Nagy <rob@deepdivenetworking.com>
Mime-Version: 1.0
Date: Thu, 29 Feb 2024 18:09:45 -0800
Message-Id: <2376FD8E-5781-43FD-9FCF-8D783F266148@deepdivenetworking.com>
References: <D64872D8-E3DF-4D18-A389-D7C55061B022@gmail.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, dhcwg <dhcwg@ietf.org>
In-Reply-To: <D64872D8-E3DF-4D18-A389-D7C55061B022@gmail.com>
To: Bernie Volz <bevolz@gmail.com>
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/R6-wiHqSkZExUI_nXDecXTf3-W4>
Subject: Re: [dhcwg] recommendation on DHCP6 source port numbers
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2024 02:10:05 -0000
Agreed Robert Nagy CEO/ Senior Dive Master DeepDive Networking, Inc C: 408.480.5133 www.deepdivenetworking.com Sent from my iPhone > On Feb 29, 2024, at 6:07 PM, Bernie Volz <bevolz@gmail.com> wrote: > > Perhaps for relay/server interaction see RFC8213? This is controlled communication between known endpoints. > > - Bernie (from iPad) > >>> On Feb 29, 2024, at 8:34 PM, rob@deepdivenetworking.com wrote: >>> >> Michael, >> >> Thats an important distinction that I should have thought about before replying. I was thinking client - server but really its client - relay and relay - server in 99% of cases…. It also negates my comparison to Cache-poisoning issue. I need a nap apparently. So if we are only making recommendations for client source port to be locked down, I have zero argument with that. Once we get into relay->Server then we have to consider those packets could be going anywhere. >> >> Rob >> >> Robert Nagy >> - - - - - - - - - - >> Senior Dive Master | Deep Dive Networking Inc >> p: 408.480.5133 >> e: rob@deepdivenetworking.com >> www.deepdivenetworking.com >> >>> On Feb 29, 2024, at 5:03 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote: >>> >>> >>> rob@deepdivenetworklng.com <rob@deepdivenetworking.com> wrote: >>>> David, I can see that argument. But we also didn't think randomized >>>> source ports were going to be important for DNS... I guess I don't see >>>> why we should be declaring what an implementer does on the source port >>> >>> We expect DNS messages to leave the "enterprise" (site) and get returned to >>> us. We require it for DNS to work. It's the whole point. >>> Yes, there was a point in the past where many DNS requests were *from* port-53. >>> >>> DHCPv6: not so. Just the opposite. >>> OpenWRT actually blocks port 546/547 from being accepted on the wan >>> interface, unless it's LL. (zone_wan_input) >>> If DHCPv6 leaves the local link, it's because there is a DHCP relay configured. >>> >>> So I feel confident that we will NEVER need clients to port randomized >>> source ports. We *might* decide that there is some scenario where we want a >>> DHCPv6 *RELAY* to do something like that, but I'll bet we won't do that >>> without a DTLS or IPsec wrapper. >>> >>> >>> -- >>> Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) >>> Sandelman Software Works Inc, Ottawa and Worldwide >>> >>> >>> >>> >> >> _______________________________________________ >> dhcwg mailing list >> dhcwg@ietf.org >> https://www.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] recommendation on DHCP6 source port numbe… Tomoyuki Sahara
- Re: [dhcwg] recommendation on DHCP6 source port n… Bernie Volz
- Re: [dhcwg] recommendation on DHCP6 source port n… Tomoyuki Sahara
- Re: [dhcwg] recommendation on DHCP6 source port n… Ole Troan
- Re: [dhcwg] recommendation on DHCP6 source port n… Mark Smith
- Re: [dhcwg] recommendation on DHCP6 source port n… Lorenzo Colitti
- Re: [dhcwg] recommendation on DHCP6 source port n… Bernie Volz
- Re: [dhcwg] recommendation on DHCP6 source port n… Tomoyuki Sahara
- Re: [dhcwg] recommendation on DHCP6 source port n… Lorenzo Colitti
- Re: [dhcwg] recommendation on DHCP6 source port n… Tomoyuki Sahara
- Re: [dhcwg] recommendation on DHCP6 source port n… Ole Troan
- Re: [dhcwg] recommendation on DHCP6 source port n… Bernie Volz
- Re: [dhcwg] recommendation on DHCP6 source port n… Ole Trøan
- Re: [dhcwg] recommendation on DHCP6 source port n… Bernie Volz
- Re: [dhcwg] recommendation on DHCP6 source port n… Ole Troan
- Re: [dhcwg] recommendation on DHCP6 source port n… Bernie Volz
- Re: [dhcwg] recommendation on DHCP6 source port n… Ole Troan
- Re: [dhcwg] recommendation on DHCP6 source port n… Bernie Volz
- Re: [dhcwg] recommendation on DHCP6 source port n… Ole Troan
- Re: [dhcwg] recommendation on DHCP6 source port n… David Farmer
- Re: [dhcwg] recommendation on DHCP6 source port n… Robert Nagy
- Re: [dhcwg] recommendation on DHCP6 source port n… Alan DeKok
- Re: [dhcwg] recommendation on DHCP6 source port n… David Farmer
- Re: [dhcwg] recommendation on DHCP6 source port n… Ole Troan
- Re: [dhcwg] recommendation on DHCP6 source port n… David Farmer
- Re: [dhcwg] recommendation on DHCP6 source port n… Ole Trøan
- Re: [dhcwg] recommendation on DHCP6 source port n… David Farmer
- Re: [dhcwg] recommendation on DHCP6 source port n… rob@deepdivenetworklng.com
- Re: [dhcwg] recommendation on DHCP6 source port n… Bernie Volz
- Re: [dhcwg] recommendation on DHCP6 source port n… David Farmer
- Re: [dhcwg] recommendation on DHCP6 source port n… Bernie Volz
- Re: [dhcwg] recommendation on DHCP6 source port n… Ted Lemon
- Re: [dhcwg] recommendation on DHCP6 source port n… rob@deepdivenetworklng.com
- Re: [dhcwg] recommendation on DHCP6 source port n… rob@deepdivenetworklng.com
- Re: [dhcwg] recommendation on DHCP6 source port n… Michael Richardson
- Re: [dhcwg] recommendation on DHCP6 source port n… rob@deepdivenetworklng.com
- Re: [dhcwg] recommendation on DHCP6 source port n… Bernie Volz
- Re: [dhcwg] recommendation on DHCP6 source port n… Robert Nagy
- Re: [dhcwg] recommendation on DHCP6 source port n… Michael Richardson
- Re: [dhcwg] recommendation on DHCP6 source port n… Tomoyuki Sahara
- Re: [dhcwg] recommendation on DHCP6 source port n… Bernie Volz
- Re: [dhcwg] recommendation on DHCP6 source port n… Ole Troan
- Re: [dhcwg] recommendation on DHCP6 source port n… Bernie Volz
- Re: [dhcwg] recommendation on DHCP6 source port n… Ole Troan