Re: [homenet] Fwd: I-D Action: draft-ietf-homenet-naming-architecture-dhc-options-01.txt
Ray Hunter <v6ops@globis.net> Fri, 03 April 2015 19:46 UTC
Return-Path: <v6ops@globis.net>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE2F01A037C for <homenet@ietfa.amsl.com>; Fri, 3 Apr 2015 12:46:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.481
X-Spam-Level: ****
X-Spam-Status: No, score=4.481 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_NET=0.611, HOST_EQ_NL=1.545, HOST_EQ_STATIC=1.172, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 675gWLZ6z7py for <homenet@ietfa.amsl.com>; Fri, 3 Apr 2015 12:46:52 -0700 (PDT)
Received: from globis01.globis.net (092-111-140-212.static.chello.nl [92.111.140.212]) by ietfa.amsl.com (Postfix) with ESMTP id 61AC71A0369 for <homenet@ietf.org>; Fri, 3 Apr 2015 12:46:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id 0869640339; Fri, 3 Apr 2015 21:46:51 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at globis01.globis.net
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fF6Tg5vhruDp; Fri, 3 Apr 2015 21:46:49 +0200 (CEST)
Received: from Rays-iMac.local (092-111-140-211.static.chello.nl [92.111.140.211]) (Authenticated sender: v6ops@globis.net) by globis01.globis.net (Postfix) with ESMTPSA id E8B1B40332; Fri, 3 Apr 2015 21:46:48 +0200 (CEST)
Message-ID: <551EEE28.3080809@globis.net>
Date: Fri, 03 Apr 2015 21:46:48 +0200
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Daniel Migault <mglt.ietf@gmail.com>
References: <20150217193324.25368.88002.idtracker@ietfa.amsl.com> <CADZyTknR_5Csm+gD_BbtNtKYxdycuikeyHt+cxMuqWw3fHvdkQ@mail.gmail.com> <54F6F93F.8030602@globis.net> <CADZyTk=57sH=_T1HDF_vv8CKwPyjpQpXqzP5v+FzwPBqOdx9sw@mail.gmail.com> <5504CCDE.709@gmail.com> <CADZyTkmoSQfo8E+WM7U5yrqF9vFo6q9bN1LnS4v5RyCY4FDCdA@mail.gmail.com> <550800B2.1090208@globis.net> <CADZyTkmODEOx=098-uj=YcOAXExqQ0z6BRYDuMLwxvS4SzyUdA@mail.gmail.com>
In-Reply-To: <CADZyTkmODEOx=098-uj=YcOAXExqQ0z6BRYDuMLwxvS4SzyUdA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------040400040801020803090204"
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/BltsPRCu2-EozniCJxpMMdb1Udk>
Cc: "homenet@ietf.org" <homenet@ietf.org>
Subject: Re: [homenet] Fwd: I-D Action: draft-ietf-homenet-naming-architecture-dhc-options-01.txt
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 19:46:54 -0000
Apologies for the very late reply: change weekends. > Daniel Migault <mailto:mglt.ietf@gmail.com> > 20 March 2015 20:55 > Hi Ray, > > Please see my comments in text. > > I think the description of the requirements and overall chain of > events is excellent. Thanks for that. > > However I'm not particularly convinced by the security and > authentication mechanisms, as the proposed text just seems to punt > these to another transport protocol. > > Thank you for raising this point, but this is not the case. I need to > make the text clearer. When a renumbering occurs, the Hidden Master > changes its IP address, and has to provide the new IP address to the > slave. This can be done with DNS extensions or other layers. I will > update the section 9.1.2 to clarify this. Cool. Thanks. > > > I also don't see the recovery mechanism/ how to distinguish > between a break before make event, and a make before break where > the ISP's DNS servers may not be reachable at the moment of > renumbering, or that a Homenet is simply not reachable for some > time, and comes up "unnumbered" with no old IP, or that the > Homenet never comes back at all. It seems to me that you could > also end up hosting lots of cruft in the ISP servers, and there's > a need for some garbage collection. > > I am not sure I correctly get the use case: > a) It seems to me you consider also the case where the slave is > being renumbered. I did not considered this point and assume these > servers will hardly renumbered. To be honest this should be a corner case. But it would be nice if the slave was also discovered via a DNS records rather, than a literal, or cached IPv6 address. > b) It also seems to me you consider a Homenet work that is removed > or not in used, and you wonder what happen to the zone? My > understanding is that it is similar a service you subscribed and you > do not use. Do you mean that we should state that after some time, the > slave may remove its zone? > Correct. It would be cruft removal. > Can you please elaborate on the use cases you think we should comment? > Is sounds to me these considerations may not be related to > renumbering, but instead to general operations. They are indeed more general cases of changes. > > I also expect we need some more limitations on when/why a slave > would poll an unknown hidden master, otherwise it seems to me that > we have a nice DoS vector/ amplification attack. A number of > attack machines could spoof notification messages pointing to > various ISP slave systems, all pointing to a common target victim > "new" hidden master. > > > This is mentioned in the NOTIFY RFC1996 in the security consideration. > A forged NOTIFY results makes the slave trigger a SOA query. These are > small paquets, thus the amplification factor is very small. RFC1996 > qualify it as a begnin DoS attack. But I agree I will comment on that. > Actually I though of writing a specific section on it. That will be > done in the next version anyway. > If we are not specifying the mechanism more precisely, then there should be some warning that the slave should only try once to reach the new hidden master for every incoming notify request. Ant retries should be triggered from the hidden master sending a new NOTIFY request, not the slave retrying independently. Otherwise you really are creating an amplification attack. > > > It feels to me like > 1) we need a more reliable update mechanism between the hidden > master and the slaves (to cover longer-term unreachability events, > or a Homenet hidden master going off air permanently) > 2) we need a more effective authentication mechanism for > triggering updates, that is source IP address agnostic. > > This is the case, as authentication is based only cryptographic keys. > The IP address is only used for reach-ability and is never used > otherwise. > > > -- > Regards, > RayH > > > > > -- > Daniel Migault > Ericsson > > > -- > Daniel Migault > Ericsson
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Brian E Carpenter
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Daniel Migault
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Daniel Migault
- [homenet] Reneumbering [ I-D Action: draft-ietf-h… Brian E Carpenter
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Ray Hunter
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Daniel Migault
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Ray Hunter
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Daniel Migault
- [homenet] I-D Action: draft-ietf-homenet-naming-a… internet-drafts
- [homenet] Fwd: I-D Action: draft-ietf-homenet-nam… Daniel Migault
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Ray Hunter