Re: [Int-area] Warren Kumari's Discuss on draft-ietf-intarea-broadcast-consider-08: (with DISCUSS and COMMENT)
Warren Kumari <warren@kumari.net> Thu, 25 January 2018 14:09 UTC
Return-Path: <warren@kumari.net>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5599F12DA18 for <int-area@ietfa.amsl.com>; Thu, 25 Jan 2018 06:09:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQrVaSTJpmtw for <int-area@ietfa.amsl.com>; Thu, 25 Jan 2018 06:09:34 -0800 (PST)
Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4EF112D964 for <int-area@ietf.org>; Thu, 25 Jan 2018 06:09:33 -0800 (PST)
Received: by mail-wm0-f44.google.com with SMTP id f3so15187360wmc.1 for <int-area@ietf.org>; Thu, 25 Jan 2018 06:09:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2zPb1uVvlq3u52UcaXQkP4TI+qEiLvvZ+/p+0h6PYEg=; b=CdDm8jXJT8h0XSDAuk6Vo3NsMJlY9RGzRh+DOzvSrOnk/N9W5cdRK4BrdiODmpztNh T+lpV+7MK5Czbc3/w/z9J/EZApifo79qDeA79OMW0cQfqXUDuM47tL7eYQLuRSF5FNCo t9nmV2bspH6xAM66fwvaJKFq2pxGEWMqFQGA9AQQRb5nyl3yqNXIpRWSr8S51OQWwXxi c5Y/55ytkNktHRH1cTspqhqKOlK5QFJIS6E6GXSnYsPIZKofeN/4G6Ahom+QrALWFcBD 5POkVjGw/CbTz767Fz70/QBkbwYXm91tS7nPP8CXenKHxlpMUDkB4dKQ6clAWypot8Gz lCGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2zPb1uVvlq3u52UcaXQkP4TI+qEiLvvZ+/p+0h6PYEg=; b=Kob/fsCla4ZJGKxcMLg+hAuibiO8MjBhObT1Suh3Dk1bSd/DpTNGCODOwbCkvJMT1L 2jRP8od1+nGv+R4l4x3w0lcQE7hG/Kj9/d95WOf1r2bPnTfGzki4qZQBhVbG7GbVaoSM mTGFt0SMcJUS+c/4TUJmG/bqejEjNmkU+mSJ+/LZYObnjopHqTkFER0sBBenpbXC7RfL 1SdpIZX/7TkBOjKOKiP1q9dSqOPp8CQybNRpE4kymYsp1FinoGNWYLxbIoKibfHJle6v MP+55tkCZv5b0gRoJn5EwraxWSDnRy7x+O27alCjcfyPheON6K7J0VbU3Q6kEoMAQwk3 WuLg==
X-Gm-Message-State: AKwxytc6RF4bUj/0t+85JesJ+4In8kx9w1BAuAB7NaaSnNaX0ssPnQAb QyYEWToVp+wBrIUUZstBFPy3FTkvK3oj3xD3AaUhUw==
X-Google-Smtp-Source: AH8x226tfdr6csfGEj2fkN2tHrWhSseEN7rTqVof09jjHVmWMzckRA6DNo7NQXUils2gM8MxUBd3kMdrNtJlPs2WfmE=
X-Received: by 10.28.245.3 with SMTP id t3mr7405212wmh.134.1516889311676; Thu, 25 Jan 2018 06:08:31 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.152.181 with HTTP; Thu, 25 Jan 2018 06:07:51 -0800 (PST)
In-Reply-To: <ac3e169b-30ce-0b97-a6a2-b4397c467631@hs-augsburg.de>
References: <151683830485.15937.3354694058245169389.idtracker@ietfa.amsl.com> <ac3e169b-30ce-0b97-a6a2-b4397c467631@hs-augsburg.de>
From: Warren Kumari <warren@kumari.net>
Date: Thu, 25 Jan 2018 09:07:51 -0500
Message-ID: <CAHw9_iJcBtZ6HFaYatq+tY2cESTOrYVB9maj7rG32f5KmwyL=Q@mail.gmail.com>
To: Rolf Winter <rolf.winter@hs-augsburg.de>
Cc: The IESG <iesg@ietf.org>, Internet Area <int-area@ietf.org>, draft-ietf-intarea-broadcast-consider@ietf.org, intarea-chairs <intarea-chairs@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/On4cYOPq_Ak6p630kAI_rwWhBYI>
Subject: Re: [Int-area] Warren Kumari's Discuss on draft-ietf-intarea-broadcast-consider-08: (with DISCUSS and COMMENT)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2018 14:09:36 -0000
On Thu, Jan 25, 2018 at 8:35 AM, Rolf Winter <rolf.winter@hs-augsburg.de> wrote: > Warren, > > I think I understand the issue you have with that bit of text. > draft-perkins-intarea-multicast-ieee802 discusses a bunch of bcast/mcast > management features that certain classes of APs provide. We have one example > of this in the draft (and should point to > draft-perkins-intarea-multicast-ieee802 for more examples). The problem is, > that these features target specific protocols, i.e. ones that are > standardized and worth paying attention to. The rest can only be dealt with > by not rebroadcasting frames over the wireless medium. That is the best you > can do. And it is done for performance reasons on networks such as the IETF > meeting network, but I guess not for privacy reasons. All we really wanted > to say was, that as a network administrator you can protect your users from > the privacy risks described in the document, but you might affect certain > applications, potentially rendering them useless. And we wanted it to be > value-free because this in not a black and white thing in my personal > opinion. > > As a suggestion, we would add > draft-mcbride-mboned-wifi-mcast-problem-statement and respective text. Since > we already have the other draft in the document, we would point to the > already implemented things in draft-perkins-intarea-multicast-ieee802, which > really makes a good point for reusing IETF-specified protocols and not > invent something new. Would that clear your discuss? Sure -- as I said, I was likely to be willing to clear during / after the telechat. WiFi networks are (in my opinion) one of the obvious/easiest places where attackers can see other people's broadcast and multicast traffic -- I'd like a bit more text discussing the fact that access points already do some "magic" (e.g things like proxy arp, RA suppression, etc) -- this will give a large hint to operators to want to minimize leakage through multicast / broadcast that they should go and read their vendors docs on this sort of thing. Your current text gets close, but fleshing it out a bit would be helpful -- something like "Operators wishing to minimize the privacy implications of broadcast and multicast traffic on wireless networks are strongly encouraged to investigate the broadcast and multicast suppression options provided by their wireless equipment" (or something, this might be too much of a value judgement, or whatever). Oh, as far as I know, the authors of draft-perkins-intarea-multicast-ieee802 (I'm one of them) are not planning on continuing work on this document, and so I'd suggest against referencing it specifically / normatively :-) Actually, my primary concern was that the text I quoted felt (to me) like an afterthought; I wanted to make sure that y'all had known about and considered the (in my opinion, powerful) privacy implications of network / AP fiddling while writing this. It sounds like you have, so I'll clear my discuss shortly. Thank you, W > > Best, > > Rolf > > Am 25.01.18 um 00:58 schrieb Warren Kumari: > >> Warren Kumari has entered the following ballot position for >> draft-ietf-intarea-broadcast-consider-08: Discuss >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-intarea-broadcast-consider/ >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> Sorry for the late DISCUSS. I'm likely to clear after discussions on the >> call >> tomorrow. >> >> I'm somewhat surprised at how much this document glosses over the >> (sometimes >> extensive) broadcast/multicast twiddling that Access Points and similar do >> (a >> fair bit of discussion of which can be found in >> draft-perkins-intarea-multicast-ieee802 (which I think will be expiring) >> or >> draft-mcbride-mboned-wifi-mcast-problem-statement). Simply saying: "A >> feature >> not uncommonly found on access points e.g. is to filter broadcast and >> multicast >> traffic. This will potentially break certain applications or some of >> their >> functionality but will also protect the users from potentially leaking >> sensitive information." seems to be shrugging off all of the privacy >> benefits >> (or possibly harms) that this might create. >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> I found this sentence very confusing: >> " For one, non-standard protocols will likely not receive operational >> attention and support in making them more secure such as e.g. DHCP >> snooping >> does for DHCP because they typically are not documented. " -- I know >> what it >> is trying to say, but I don't think it accomplishes what it intends to. >> >> >> _______________________________________________ >> Int-area mailing list >> Int-area@ietf.org >> https://www.ietf.org/mailman/listinfo/int-area >> > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- [Int-area] Warren Kumari's Discuss on draft-ietf-… Warren Kumari
- Re: [Int-area] Warren Kumari's Discuss on draft-i… Rolf Winter
- Re: [Int-area] Warren Kumari's Discuss on draft-i… Warren Kumari