IETF Logo Mail Archive

[IPv6]Re: Deb Cooley's Discuss on draft-ietf-6man-icmpv6-reflection-12: (with DISCUSS and COMMENT)

Deb Cooley <debcooley1@gmail.com> Fri, 21 November 2025 11:55 UTC

Return-Path: <debcooley1@gmail.com>
X-Original-To: ipv6@mail2.ietf.org
Delivered-To: ipv6@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 3A7D68DF1C83 for <ipv6@mail2.ietf.org>; Fri, 21 Nov 2025 03:55:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -0.848
X-Spam-Level:
X-Spam-Status: No, score=-0.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DtNX44v2VNRN for <ipv6@mail2.ietf.org>; Fri, 21 Nov 2025 03:55:25 -0800 (PST)
Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 26E958DF1C19 for <ipv6@ietf.org>; Fri, 21 Nov 2025 03:55:16 -0800 (PST)
Received: by mail-pg1-x530.google.com with SMTP id 41be03b00d2f7-b98983baeacso1005239a12.1 for <ipv6@ietf.org>; Fri, 21 Nov 2025 03:55:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763726115; x=1764330915; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=K8bPHeGbTyl2KCEy4T1CcjkrSHIHuVS2JcCQ5wwtRZc=; b=UABb5uo+nHdvyz4qaI0hY2NI15DoSGXpMl4Kw4+ZfF3ghFGv3skKp6L4kSgYgReLC+ 2/x+UgCWbsy0tvAPSLkRVMBoomJ/iFFz0RFR4Ce+L5XznZaKqwck8JpmW2oDkRqJNCC3 xzoXOGD93oh7qLKImswcwJe0DxrEXLSXD4rzdKavktxy85/ulXF55luGgTNX8hiOW+QT Ko18l8uo6AI+z6XsZKrPfOTgxmT0I5+yNlVQ/dCfZJzJ2uwPTGsVMj/1uZ9f+RIXqpco DTfKFg2SZKiAr6Ne4/RzKg6nBb8cy+oqu2xKobvqIq9BtIUeSPZgDSmYyPbS1SrLYeOV pNuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763726115; x=1764330915; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=K8bPHeGbTyl2KCEy4T1CcjkrSHIHuVS2JcCQ5wwtRZc=; b=l3+4PthRVM6eRx1YWLxx2rtxV2umMaMjLiUDDQ0yBctamXTlVdMMmpeOEQPgWATtKL +EJQAkry702RpyhzpU/dA0Az3QJSHE/dZykWn9kqtylKUb0iXh+4AqpoPBhP51Nwz/3w HHGs6MPWtIsIP/vMcFH5smdQkyW8AMJ1FkCpSn+VoFbcCqxE9Aozj4VkodSrIljD7e+u uRC6Y0IJBzl/7r0VZ573nN/Rkh4hn2RTfvi6nDDLx7o2wE3Vgub8ovXChUtcR8qiDC76 TOLLrbwL5F48jFts9yKfTOtDSZX894Tnkgaw2yaxdDJe1gDSU9Z5ZkOuPCMy4GgM6HFC OlhQ==
X-Forwarded-Encrypted: i=1; AJvYcCV0dWMJWLqxXNx1ql94162462Aa07mlYDH6RxCskWXJG9AVG7c1+igHUx2QHu26a+OlB65K@ietf.org
X-Gm-Message-State: AOJu0Yxy+lQGfT9m/Zq9bwP4UrD1Ebaxj7awaXzICRcxBRtyitg3ET4I qE2sKb1alSPy4ZdamSZLnYFHwymOdPRDu4fys4KflzR1dflqjHO2uAMuSkX5Y0/RWFwsCQZ9JZc CT6ILhDyU5ddjLre+PXusJNbXT8PCMA==
X-Gm-Gg: ASbGncuapg9fLxc8TN+PLggUluEz8WRS6jdrVauNjWffmp1OpTVhsPum8oRx9kSQnp+ vzg3XGOQagZoLYzQDWmDZWUnE9vngowQjBnFpySknBF6jpuKiocxXNR/QLOZ5oA4HZGx7Fe+/qF TS2tPgCYeq+rOYYRECcd1oMHuGl0YPP1eWqB3arbyOmO0xHvIKHSX1QQ/ik8sLZBD2UItvxlRMK AYYIBbCnYd1MJStpY2PC8Lv3s6YkWD7legiNP6FwPotYvbUntAXns4CGHEO1gYSz09pJGkOJkW+ yr6rhuS+478zbrD1CEvabs1YItYad9pnIHn6TQI=
X-Google-Smtp-Source: AGHT+IH/1G67iFdFqIRfqix5UkrvZMeRPntLEXucp1rnpUfcCmCB5M/vTjy7sjUn22aBe/opuayr9MvpIxS4NMqbBu8=
X-Received: by 2002:a05:7301:da16:b0:2a4:3593:ddf3 with SMTP id 5a478bee46e88-2a719ffb247mr649452eec.32.1763726114974; Fri, 21 Nov 2025 03:55:14 -0800 (PST)
MIME-Version: 1.0
References: <176329456182.537904.482025678357762045@dt-datatracker-5bd94c585b-wk4l4> <DM4PR84MB2310EEE6F2BCA90F47C31872F4C9A@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM>
In-Reply-To: <DM4PR84MB2310EEE6F2BCA90F47C31872F4C9A@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM>
From: Deb Cooley <debcooley1@gmail.com>
Date: Fri, 21 Nov 2025 06:55:05 -0500
X-Gm-Features: AWmQ_bnYBsP-2iLEXu-gk2x-pmDlGuZMK9gH7ObKcW7zbHzuJYAgebmCk8KMEFg
Message-ID: <CAGgd1OeYHG7RJW7rM16A2R8mdpvTk-xE=BAEgLawfujR6hmRbA@mail.gmail.com>
To: "Bonica, Ron" <ronald.bonica@hpe.com>
Content-Type: multipart/alternative; boundary="00000000000090703d0644197c73"
Message-ID-Hash: CKUNRF2KV3MTFE5RTGZ5QBQLT3FQ55P3
X-Message-ID-Hash: CKUNRF2KV3MTFE5RTGZ5QBQLT3FQ55P3
X-MailFrom: debcooley1@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipv6.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, "6man-chairs@ietf.org" <6man-chairs@ietf.org>, "draft-ietf-6man-icmpv6-reflection@ietf.org" <draft-ietf-6man-icmpv6-reflection@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [IPv6]Re: Deb Cooley's Discuss on draft-ietf-6man-icmpv6-reflection-12: (with DISCUSS and COMMENT)
List-Id: "IPv6 Maintenance Working Group (6man)" <ipv6.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/33Z4Uo-viy5FSo6BZE2ntKVgurY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Owner: <mailto:ipv6-owner@ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Subscribe: <mailto:ipv6-join@ietf.org>
List-Unsubscribe: <mailto:ipv6-leave@ietf.org>

If that is true, then what is the value add provided by this
specification.  Specifically if ICMPv6 responses provide a copy of the
request in the reply, isn't that a 'reflection' already? no extension
required.

As has been said in other ballots, limiting the size of the response, and
possibly set patterns might reduce the ease of exploitation.

In my mind, the existence of a linked bidirectional channel, and the
opportunity of malicious injection and/or modification into that channel
are the issues I would like to see addressed in a comprehensive fashion in
Sec Con.

I like the rewording of the Intro para and the removal of the last part of
Section 4.  [middleboxes, i.e. firewalls and guards, will not be
adhering to your specification if there is a perceived security risk.]

I also have little expectation that this mechanism will be allowed to
traverse the network unhindered.  It is much easier to block it than to
actually filter to reduce the possibility of exfil.

Deb


On Mon, Nov 17, 2025 at 10:30 AM Bonica, Ron <ronald.bonica@hpe.com> wrote:

> Deb,
>
> Can all the same arguments be made regarding the data field in the ICMP
> Echo/Echo Reply messages?
>
>                                                                    Ron
>
> ------------------------------
> *From:* Deb Cooley via Datatracker <noreply@ietf.org>
> *Sent:* Sunday, November 16, 2025 7:02 AM
> *To:* The IESG <iesg@ietf.org>
> *Cc:* 6man-chairs@ietf.org <6man-chairs@ietf.org>;
> draft-ietf-6man-icmpv6-reflection@ietf.org <
> draft-ietf-6man-icmpv6-reflection@ietf.org>; furry13@gmail.com <
> furry13@gmail.com>; ipv6@ietf.org <ipv6@ietf.org>
> *Subject:* Deb Cooley's Discuss on draft-ietf-6man-icmpv6-reflection-12:
> (with DISCUSS and COMMENT)
>
> Deb Cooley has entered the following ballot position for
> draft-ietf-6man-icmpv6-reflection-12: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://urldefense.com/v3/__https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/__;!!NEt6yMaO-gk!A-y21fPp3fM-70EXPkJ6PnRmPa9l_sIiN2oXRJq7Asbqqy-wNj1TeRYqTxpHYXQjqUA58w17X_HHgz4$
>
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
>
> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-6man-icmpv6-reflection/__;!!NEt6yMaO-gk!A-y21fPp3fM-70EXPkJ6PnRmPa9l_sIiN2oXRJq7Asbqqy-wNj1TeRYqTxpHYXQjqUA58w17Mw2Pn1A$
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> In my opinion, this is a dangerous extension that can be used for harm
> without
> detection.
>
> Prevention of modification:  I don't see any way to determine if either the
> request or the response has been modified.  Any of the sender, recipient,
> or
> entities in-between can modify the contents to contain the information that
> they want to convey. The recipient can lie about what has been received.
> Middleboxes can modify any of the packets in either direction.
>
> Creating an unauthorized information channel:  In addition, either
> endpoint can
> include 'arbitrary' data (as specified in Section 5, second to last
> paragraph)
> creating a channel to exfil (policy) prohibited information.  The only
> limit to
> the size of the packet is a 'SHOULD NOT' to avoid fragmentation (Section 4,
> para 1).  Only a soft 'must not' in Section 4 alludes to a middlebox
> capability
> to block attempted exfil.
>
> Possible ways forward:  There has to be an allowance for a middlebox
> (boundary
> device) to protect the network by blocking exfil of policy prohibited
> data.
> There could be hard limits for packet size.  And the allowance for the
> inclusion of 'arbitrary data' in the request could be removed.  There also
> could to be strong wording in Security Considerations about how this
> mechanism
> can be abused.  I'd be happy to help craft the Sec Consid part.
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thanks to Robert Starks for their secdir review.
>
>
>
>

v2.40.4 | Report a Bug | By Email | System Status