IETF Logo Mail Archive

Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by December 11, 2023

Jen Linkova <furry13@gmail.com> Fri, 29 December 2023 10:37 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2959C14CF0D for <dhcwg@ietfa.amsl.com>; Fri, 29 Dec 2023 02:37:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.856
X-Spam-Level:
X-Spam-Status: No, score=-6.856 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZwAnRyveKkTI for <dhcwg@ietfa.amsl.com>; Fri, 29 Dec 2023 02:37:06 -0800 (PST)
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 720B1C14F706 for <dhcwg@ietf.org>; Fri, 29 Dec 2023 02:37:01 -0800 (PST)
Received: by mail-lj1-x22b.google.com with SMTP id 38308e7fff4ca-2ccbf8cbf3aso49213321fa.3 for <dhcwg@ietf.org>; Fri, 29 Dec 2023 02:37:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703846219; x=1704451019; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=OK0smbqW5NnP3u5neTpYvjTUV05wt2955GaCzj4wXD4=; b=N3g1T9hUAfb8Vsp91nsB6NCCROutDyaBOkbXi6EqZVi2zUrhkJ0PdYje8w565cnAFi XlqVYBQFgnPO9+ot0jp5AScDXVB1iF1CNw5gOCj4uKr3pK6/vwPI35U85uvLKMkFHyUt vFwh04CNL6AbyvBKvCrY6YHQCmCzI+bKSwxeblZ43Do+C5IVJJ2x5GgEuqri7CT28tmU 2CF5CPhGjHQ62nY0UT1P8fbwVkfMpmtqoj1UnLfKCxPXoyyDNkGvNOII+IvRRzYlSaDz MlrDoEBAzojduu7w4z/dnKGi1YZ8iLuHtv2apmg0K43Wt2oIQLCx6XXGvfsLRlnMYz6m cULw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703846219; x=1704451019; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OK0smbqW5NnP3u5neTpYvjTUV05wt2955GaCzj4wXD4=; b=nNyl7X23knTtMsAivf+FwNyxQOkJXNrpdHj5PRwZwwdCGgijWMjS6ib4Hf73iPfB9J wnaGx2we6Q2Ntv9zd2rzoTqXUSsmbFLUWFfKoi0qoHoA+wBsJWMgJiXXU5bqbvtSYKIC Env6ZycnZgXWl4jHiXKDdYmGXzywVZx/rXFIzDNsovAOH5jRDeiN0aKX2aeetAHZi+9W 3eSnfWDiiXHdtHpZPdVspoKc1inUN+/obDz1OxnRmYO2QnULH+TcobuLI05nV6OMhkHt mfA6fRVSPIc5j05j7gmlLglWCWzRkjCZCFWXFPb6wGMX4timdGy9cXFusMkhYBMNe7Bu lQoQ==
X-Gm-Message-State: AOJu0Yy50HuOl2DOWQmx4EvDzDeOAnoLPLdUY7AdcyZnByLNVQaEhDLp WKxqwDqqtUEh+z77XAlU3MtF0uNIfhn7YZwjVDg4qK7e69M=
X-Google-Smtp-Source: AGHT+IEieKaaupIipXljwx3cdOy6AKy2XhJiuxi2nsN1Xv8AKE+pM6u3kLJXqvlAM91YL0hYW+K0ir0Oj8X56oTSt2k=
X-Received: by 2002:a05:651c:11d3:b0:2cc:eae4:b3f6 with SMTP id z19-20020a05651c11d300b002cceae4b3f6mr726382ljo.44.1703846218589; Fri, 29 Dec 2023 02:36:58 -0800 (PST)
MIME-Version: 1.0
References: <CAJgLMKuUkm1bxhT379QxrdOLzbA0zuGPQY4UbvzOYJD-ykWBwg@mail.gmail.com> <CAFU7BAQzwW4yFXH6vF2stZT5G7OmyZj248zGxeZbJ06JDJ_ieg@mail.gmail.com> <7598.1701799723@localhost> <CAFU7BAQ1Ge3yKjdSXEX80ukbw-OYMReC8+Tvh6UNAB2UKEOz5w@mail.gmail.com> <9253.1703255775@localhost>
In-Reply-To: <9253.1703255775@localhost>
From: Jen Linkova <furry13@gmail.com>
Date: Fri, 29 Dec 2023 11:36:47 +0100
Message-ID: <CAFU7BAQ6fJjhjtvmwJd8otwPG3A0=4x87oFnMRPyyn9uWoCB6Q@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: dhcwg <dhcwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/UXll1r_43QRXqekjZAwXZ3UWjvU>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by December 11, 2023
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Dec 2023 10:37:11 -0000

On Fri, Dec 22, 2023 at 3:36 PM Michael Richardson
<mcr+ietf@sandelman.ca> wrote:
> EXEC SUM: I think it's really complex for a client to know when "all" of the
>      servers have turned on this option. While clients are supposed to listen
>      for all the servers, I think in practice, they listen for the first
>      server that is "Good Enough" for them.  I suspect that there are
>      probably bugs here when the servers are not equally capable.

So are we OK with the client oscillating between starting and and
stopping the registration process if some servers on the network do
not support it?
Because it's impossible to predict in which order the replies would arrive.

> I am primarily concerned with desired behaviour in the absence of
> RAguard/DHCPguard.   While many enterprise APs have those kinds of filters
> since a long time, they are less common on commodity wired switches, and it's
> less common to see them enabled.

It's a shared fate. If RAGuard/DHCPguard are not enabled on the
network, the whole IPv6 connectivity is in danger and unreliable.
No new risk here.

> While I think that the incidence of DHCPv6 being turned on randomly by
> desktop operating systems is far lower than for DHCPv4, the occurance of
> people plugging in "home routers" at their desk thinking they are ethernet
> switches is just going to rise.  (using the "LAN" ports exclusively)

The threat exists even w/o the proposed mechanism, right?
Or am I missing anything and you do see a new thread being introduced?

>     > So the problematic part is about stopping those messages.  I see the
>     > following options: 1. The client does not stop at all as long as it's
>     > connected to the given link (Lorenzo's suggestion).  2. The client
>     > sends an Information-request periodically, wait for....how long?...(the
>     > shorter of RT and MAX_WAIT_TIME as per section 7.6 of RFC8415?) and
>     > continue retransmission as long as at least one reply allows that. my
>     > understanding that this is a grey area in RFC8415 anyway, so might not
>     > be the best option.  3. (introduced in -07 and it looks like the group
>     > doesn't like it): described above Any other suggestions?
>
> So this is only relevant if the client gets no answer, right?
> If it gets an answer then it stops.
>
> I think that (1) is simplest, but it seems that all of the server option
> announcements can timeout, and then there would be no announcements and maybe
> the client should stop.

I might be wrong but I do not think it's what Bernie and Lorenzo are
suggesting. I read it as 'the client starts the registration process
as soon as it gets the very first support signal, and then it doesn't
stop even if subsequent Replies do not have the option". Because if it
does take subsequent Replies into account, then it either has to
a)track which server sends it (-07 text, which we all agree is
complicated) or b) treat the first reply w/o the option as a signal to
stop (the original text, which would lead to the oscillation).

>     > Maybe the client shall stop transmitting if it doesn't receive an
>     > explicit signal of registration support for 3 X
>     > information-refresh-time?
>
> I don't object to this, but I'm not routing for it.

To be honest I'm still confused about what behaviour we shall prescribe.

1. The client MUST NOT send the registration messages until it gets an
explicit signal.
2. The client SHOULD start sending the registration message when it
receives the signal.
What shall the client do after that?
What shall the client do if it sends an information request and gets a
reply w/o an option?

>     >> > The only message for which RFC8415 acknowledges that there can be
>     > I believe all traffic sent by the client is multicast (RFC8415 allowed
>     > the unicast option but it's being deprecated in the -bis;
>     > https://www.ietf.org/archive/id/draft-ietf-dhc-rfc8415bis-03.html#name-reception-of-unicast-messag
>
> Oh, maybe I did not understand this debate correctly.
> (I admit that I was mostly, "meh", because my implementation lives on a PPP link)
> {I thought it was about the server multicasting message 4.}
>
> Are we introducing a privacy concern by using multicast?
> If any server can effective turn on this reporting, and get all the hosts to
> multicast this info, have we just created a new passive discovery attack?

First of all, the vast majority of switches out there do not have MLD
snooping enabled. So your passive discovery attack is possible already
because of DAD (we discussed exactly that in the Security
Consideration section of RFC9131).
If the network has MLD snooping enabled - then an attacker can join
'all routers' group and still see GRAND (RFC9131) packets as well. If
the attacker joins 'all DHCP servers' group and sees all DHCP traffic
from the client, in which case all DHCP addresses are revealed anyway.
IMHO if the network administrator wishes to hide addresses used by
other clients, the network shall provide complete p2p isolation.
Thanks for pointing this out, it's worth adding to the Security
consideration section, will be included in -08.

-- 
Cheers, Jen Linkova

v2.23.0 | Report a Bug | By Email