IETF Logo Mail Archive

Re: TSVDIR review of draft-ietf-intarea-shared-addressing-issues-02

Fernando Gont <fernando@gont.com.ar> Thu, 03 February 2011 01:02 UTC

Return-Path: <fernando.gont.netbook.win@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 69EFF3A65A6; Wed, 2 Feb 2011 17:02:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.521
X-Spam-Level:
X-Spam-Status: No, score=-3.521 tagged_above=-999 required=5 tests=[AWL=0.078, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cYtjwnZxzog8; Wed, 2 Feb 2011 17:01:59 -0800 (PST)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id 295693A65A5; Wed, 2 Feb 2011 17:01:59 -0800 (PST)
Received: by gyd12 with SMTP id 12so287103gyd.31 for <multiple recipients>; Wed, 02 Feb 2011 17:05:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:message-id:date:from:user-agent :mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=+VwlH6WJB8cVo20qMv9TQ8jz1ENB3e8Ley1WbLBBRgc=; b=e48AjFCb2gWpHe4GYcQSGXEf/Y13fonUutF6qIvhZnqmP6dP2diYOBoaGIcziQ/Btp owta8zzFe5YnAPZANPLqIBCL7ZCp5ixizbx6Vnb4Da+dgt5UxYSgcKlTii+ds53/pdWe jYv0uEwpsNhs84TAL7rS7S0qV3z7kXaVt3Ngk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=rNBltDIYh0zZRgDN55ZzfJ8Kq1UOq9x13XRY1nPLkufryeAKoJMWLwlk23W6dUn5PL PpiW9igrF1xY5raePbXdmU1Y0R2J9nuN+BI8GHP2qHz85g9mwEM7fiEi6MR4MszLsDL3 csGPrz3kjPvc1gCf3N57mQntzj7tpDmYyyI8U=
Received: by 10.236.95.17 with SMTP id o17mr20544236yhf.10.1296695119842; Wed, 02 Feb 2011 17:05:19 -0800 (PST)
Received: from [192.168.0.123] (61-128-17-190.fibertel.com.ar [190.17.128.61]) by mx.google.com with ESMTPS id 50sm145353yhl.29.2011.02.02.17.05.05 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 02 Feb 2011 17:05:18 -0800 (PST)
Sender: Fernando Gont <fernando.gont.netbook.win@gmail.com>
Message-ID: <4D49FF33.7030107@gont.com.ar>
Date: Wed, 02 Feb 2011 22:04:51 -0300
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: Joe Touch <touch@isi.edu>
Subject: Re: TSVDIR review of draft-ietf-intarea-shared-addressing-issues-02
References: <4D48B4EA.20503@isi.edu> <4D490FED.6060303@gont.com.ar> <4D4996AE.8060302@isi.edu>
In-Reply-To: <4D4996AE.8060302@isi.edu>
X-Enigmail-Version: 1.1.1
OpenPGP: id=D076FFF1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "tsv-ads@tools.ietf.org" <tsv-ads@tools.ietf.org>, draft-ietf-intarea-shared-addressing-issues@tools.ietf.org, IETF discussion list <ietf@ietf.org>, TSV Dir <tsv-dir@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Feb 2011 01:02:02 -0000

On 02/02/2011 02:38 p.m., Joe Touch wrote:

>>> ?INT? This section is, IMO, odd; IP address never meant physical
>>> location anyway, and tunnels obviate that meaning regardless of the
>>> impact of NATs or other sharing techniques.
>>
>> Agreed. But geo-location is nevertheless widely used for marketing
>> purposes.
> 
> Agreed, but whether it works now is arbitrary; it's not a design
> consideration of the protocols.

Well, the protocols were not designed for production networks, either.
FWIW, geo-location is currently used, and it would be affected by
increased used of NATs.


> At the least, it's worth noting that geolocation is already broken by
> tunnels, and that IP addressing does not ensure geographic proximity
> before attributing breakage on NATs or other sharing.

Tunnels need not break geo-location. -- They do not masquerade the
source address. Or am I missing something?

And, FWIW, I agree that usually lots of breakage is attributed to NATs,
where the brokeness is really somewhere else (e.g., app protocols
passing IP addresses).


>>>> 13.4.  Port Randomisation
>>> ...
>>>>     It should be noted that guessing the port information may not be
>>>>     sufficient to carry out a successful blind attack.   The exact TCP
>>>>     Sequence Number (SN) should also be known.
>>>
>>> There are data injection attacks that are possible even without knowing
>>> the exact SN.
>>
>> draft-ietf-tcpm-tcp-security may be of use here.
> 
> rfc5961 is already published and describes the issue in specific, and
> may be more useful as a reference for this.

I disagree. It discusses only TCP-based attacks (there are many other
vectors). If you want an alternative "published" reference, here it is:
http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf

However, it's up to the authors to include this or other references -- I
just noted the tcp assessment doc for completeness sake.

Thanks,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

v2.30.2 | Report a Bug | By Email | System Status