IETF Logo Mail Archive

Re: [dhcwg] [Last-Call] Secdir last call review of draft-ietf-dhc-dhcpv6-pd-relay-requirements-04

Christian Huitema <huitema@huitema.net> Tue, 08 December 2020 01:06 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C04F63A0D35 for <dhcwg@ietfa.amsl.com>; Mon, 7 Dec 2020 17:06:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eza4AeaIQYyI for <dhcwg@ietfa.amsl.com>; Mon, 7 Dec 2020 17:06:37 -0800 (PST)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92E883A0D2C for <dhcwg@ietf.org>; Mon, 7 Dec 2020 17:06:37 -0800 (PST)
Received: from xse202.mail2web.com ([66.113.196.202] helo=xse.mail2web.com) by mx14.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1kmRSX-00010k-1t for dhcwg@ietf.org; Tue, 08 Dec 2020 02:06:32 +0100
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4Cqhp55369z2Gx2 for <dhcwg@ietf.org>; Mon, 7 Dec 2020 17:06:21 -0800 (PST)
Received: from [10.5.2.12] (helo=xmail02.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1kmRSP-0000nz-JR for dhcwg@ietf.org; Mon, 07 Dec 2020 17:06:21 -0800
Received: (qmail 28473 invoked from network); 8 Dec 2020 01:06:21 -0000
Received: from unknown (HELO [192.168.1.106]) (Authenticated-user:_huitema@huitema.net@[172.58.43.42]) (envelope-sender <huitema@huitema.net>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <dhcwg@ietf.org>; 8 Dec 2020 01:06:21 -0000
To: "Bernie Volz (volz)" <volz@cisco.com>, Naveen Kottapalli <naveen.sarma@gmail.com>
Cc: "secdir@ietf.org" <secdir@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-dhc-dhcpv6-pd-relay-requirements.all@ietf.org" <draft-ietf-dhc-dhcpv6-pd-relay-requirements.all@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>
References: <160711219694.2677.7881042583251252532@ietfa.amsl.com> <CANFmOt=gMjjD0S53+76r2EMH8AzTY29m9jFyupkb_qa0RjK4vQ@mail.gmail.com> <F5FE0A09-351E-4ED5-8880-A7EE943B8EA9@cisco.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <3d382362-9eed-5cb3-07b6-ee3e358d5e51@huitema.net>
Date: Mon, 07 Dec 2020 17:06:21 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <F5FE0A09-351E-4ED5-8880-A7EE943B8EA9@cisco.com>
Content-Type: multipart/alternative; boundary="------------A2C3488A51F4C7A17FFEF305"
Content-Language: en-US
X-Originating-IP: 66.113.196.202
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.202/32
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.202/32@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.13)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9ygU//QQvJkdHYkFcntoCNPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5zQNCpt9/2BbQ3dwpvTsiCXfYzfQXcfqmra3dmoHS4ygg6i LrrwgT0FDThptH+fL/xWuRWrkPihq53YqAd1ENNqNmNzKeSfp5kYbCWONQIbmPoGl6x5IEQu/7SN wo15lcqpCkd2mmmDBSnM8Xo8GKoWRJ8fbN58TPhxm1UPQI4ZnMFTdfS+/h6TkE2MTGPgKMVH3v3Q 7PQeNoNQjwiv3IhNPpDsdaHHqGG7YXgprtn5XLToE7g5LY8o1a6sSJrLl3xdARnv/HGR54G9CHRY hyVqYO/Ae1h1hLGGi4ebv387hThA9A+LrmkGouiRB8qN/5RbHDa6yUUKFnWNneAcuva3BS+iyyNq bT8dUMXMJ4tUCMj6G37ZfAMLceP5aNHPt26RBupu5v1nytoNnc138GfEJRQ2qC7jjynPIHPNqSn4 QTXUjLjYWQt1/5xnQymMoPsgr/U0flMcy2Vi/IcBgY4arPaiJ1W6hAyiRC61jekdwIcXNugoOEbH RyFULpSjm7jZ1h/HfDRQ5Ig8VhPsPE8NumIq0nnHxxLU1uSpj4TYXlcUKqiiJzCu01KpYzlAR3wE IuaWE0ZGQfz7o2iIyJpC2JUne37EdXOqrRyXv4wznsytEGJAFnHN0lKkcmXO6sA11lqdy1V/0aEk MCdb3YpWUo4/+EUytKrR9Md9I2Rs18n92cI9JzrC1pJMAzTAGipPCC/cRgvQKtcrMMueERx3xt3T Pt5fnQ/214yHdW9IRZ5JCLmV6aB77Udwx+YECFSIaIzNoZzswxuMaWjBAlpwZJ9jbg86XS1Q01wc Np8BXPUf9oDBqtClgM5jH/om1Q5UomG0v+rwIiID/kwKc8V5Tj9+FRkaOS/DNjANmb8tO61SbYdY AwdpaVzHW7wHO7YhEWyJzIkwSFAW0Pw8uiKeubcolFl/rX+2ReQklqJDASQX2Id+W5hjJNcdGs0+ iHjXODmj5PX/tZQU3bYnWKpb
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/wcI2m_lijYEcQ_UXC39qA78yJrM>
Subject: Re: [dhcwg] [Last-Call] Secdir last call review of draft-ietf-dhc-dhcpv6-pd-relay-requirements-04
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 01:06:39 -0000

On 12/7/2020 4:31 AM, Bernie Volz (volz) wrote:
> FYI:
>
>>     I understand that solutions like RA
>>     Guard will in practice provide some protection, but the use of
>>     these solutions are
>>     not discussed in RFC 8213. The DHCP WG might want to address that.
>>
>
> RFC8415’s security considerations is rather extensive and includes 
> reference to many techniques to reduce the issues. 8213 was written 
> while 8415 was under development.

In the context of the draft, I am concerned in particular with the 
"resource-exhaustion" DoS attack, through exhaustion of delegatable 
prefixes. The attack is mentioned in the security section of 8415, but I 
have not seen the proposed mitigation.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email