Re: WG Last Call for for draft-ietf-6man-rfc6874bis
Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 17 June 2022 22:59 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C4EBC157B48 for <ipv6@ietfa.amsl.com>; Fri, 17 Jun 2022 15:59:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.984
X-Spam-Level:
X-Spam-Status: No, score=-3.984 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-1.876, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oytrYJQ5vZnj for <ipv6@ietfa.amsl.com>; Fri, 17 Jun 2022 15:58:59 -0700 (PDT)
Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DED8BC14CF0C for <ipv6@ietf.org>; Fri, 17 Jun 2022 15:58:59 -0700 (PDT)
Received: by mail-pj1-x102e.google.com with SMTP id k12-20020a17090a404c00b001eaabc1fe5dso5780283pjg.1 for <ipv6@ietf.org>; Fri, 17 Jun 2022 15:58:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=q0Uea58t/+ukUL7mr+LOOJwH31+17z3vXcZYWlfxx/s=; b=Mp+TRGe3DZJmbMhUULCic3FNIteB5CclQIV2pViL74MvZ/dii68idres0KpBeYMaU9 c1XRXWUNEUM752v0nrRtcKyqMgKSoPbwCDEiFbaqI4FHMA6acc9V8ytBa8nDn/Su3GjJ n3UvfejM7RKME38emjBQ9ekEUFT3p8JN5s81U/dMzxIyWkpyGrJyh1KormgdXp5gruzB HX81R7r23YBfjd2hDOmzPOpv5TXTeBACacjnjBoPkFvXIm4dqf/6EIdbIzPiK0WtRq2Z HWl3l/1QgbCQ5n4PPJcrmh4XkxijPpllD3zAoQK7GlqiWsBg/c8P/pTmX2UoKWsit9gy odPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=q0Uea58t/+ukUL7mr+LOOJwH31+17z3vXcZYWlfxx/s=; b=dwSd4+XnuwVm8ifriYmmMDWixX1kZq45WfC4q+fGdPAjpyDawg5adtkL5f92Qms37Q WalKckeWivh+jHcjflmPPxA4bYVz2ywqteqKJ1lG0ymdDQXQnPhKweYQ+ijjYfoLI5pJ 98Zs1B6ZHUET/HV6JMogdIjmFszAPY0ZKU/xLcTk7eFzlBx5rJyyTD4Qoj3NQ8OkOgt5 E7tRkqPcZtLS5K8t9rFsf84DpEom1IptkheKc0N9nIsiGqR8DvgQzOb44eNj5bLT5AD0 ux4RuqYAz7Xa+5cy2cvQSW+uCB92BoNK2JJGQYsYXd001QR7aM63NavpLif1gInO8B0r dLQQ==
X-Gm-Message-State: AJIora/VahbiUZxmhWoGfrxwG85JgpipNWZFWY9YCKh5pxDIzmp7IMLz +2G3RzT2kXtEcbcJK9dyspdNX/ZvnDnWZXDH
X-Google-Smtp-Source: AGRyM1uyM4IWsNaQx/d2fuMk84MKwCRiK4R2wlbPu7ruzjx0QFOxD74Mf+Aw6XuizfO6WfLsmOvBPQ==
X-Received: by 2002:a17:90a:4408:b0:1ea:ec1e:277d with SMTP id s8-20020a17090a440800b001eaec1e277dmr11738214pjg.170.1655506739083; Fri, 17 Jun 2022 15:58:59 -0700 (PDT)
Received: from ?IPV6:2406:e003:1124:9301:80b2:5c79:2266:e431? ([2406:e003:1124:9301:80b2:5c79:2266:e431]) by smtp.gmail.com with ESMTPSA id e5-20020a17090301c500b00163f64a6155sm4100401plh.20.2022.06.17.15.58.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 17 Jun 2022 15:58:58 -0700 (PDT)
Message-ID: <44253692-baca-eebb-afc9-d793f13ca933@gmail.com>
Date: Sat, 18 Jun 2022 10:58:53 +1200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Subject: Re: WG Last Call for for draft-ietf-6man-rfc6874bis
Content-Language: en-US
To: Ted Lemon <mellon@fugue.com>
Cc: 6man <ipv6@ietf.org>
References: <CAFU7BAQVr_UMK_v7O7DGTV363j7q25X9GwrgraTEypzq_Lz3gQ@mail.gmail.com> <CAPt1N1m+g8Yu9rPyvfvrxG_bST_9_z3siByOCsMmeTpWAfAiZA@mail.gmail.com> <223eeed3-40f0-1958-5df4-a6b310a29706@gmail.com> <CAPt1N1koPy-5V_JARhzmVFEopVty63YNstYcT892QV9Y0iPCJQ@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <CAPt1N1koPy-5V_JARhzmVFEopVty63YNstYcT892QV9Y0iPCJQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/3ZCGE7T6QzKIYpRC4tgxgZ1psnE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2022 22:59:03 -0000
Thanks Ted. We definitely need to clarify the text, after the WG last call expires.
Regards
Brian
On 18-Jun-22 02:27, Ted Lemon wrote:
> On Thu, Jun 16, 2022 at 10:55 PM Brian E Carpenter <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote:
>
> On 17-Jun-22 01:36, Ted Lemon wrote:
> >> It is desirable for all URI parsers to recognise a zone identifier according to the syntax defined inSection 3 <https://www.ietf.org/archive/id/draft-ietf-6man-rfc6874bis-01.html#spec <https://www.ietf.org/archive/id/draft-ietf-6man-rfc6874bis-01.html#spec>>. Any code handling percent-encoding or percent-decoding must be aware that the "%" character preceding the zone identifier is never itself percent-encoded, as specified by ABNF above. In terms of Section 2.4 of[RFC3986 <https://www.ietf.org/archive/id/draft-ietf-6man-rfc6874bis-01.html#RFC3986 <https://www.ietf.org/archive/id/draft-ietf-6man-rfc6874bis-01.html#RFC3986>>], this "%" character is acting as a delimiter, not as data.
> >
> >
> > Would it be correct to say that the text within an IPv6 address literal never contains percent-encodings? If so, then it might be less complicated to just say that. I think a parser that follows this rule would be more regular than one that doesn't make this restriction and does allow percent encoding within the literal except in the case of the stated exception.
>
> That's what the proposed ABNF is supposed to say. We should clarify the text a bit more.
>
>
> I think the reason I didn't see this when reviewing is that the ABNF for the address literals is not present in the update. So yeah, a note saying that this is the case might be helpful, although I agree that the ABNF does actually address this problem, if you combine the two documents as intended.
>
> > In the security considerations section, I think if the syntax were only allowed in the case of input into the browser's dialog box, then most of the possible attacks would go away. If there is no anticipated use case other than manual input (perhaps a scripted input would also count) then unless the script would be allowed to open the URI but not otherwise probe IPv6 address literals, it's hard to see what additional vulnerability this would create.
>
> I still have to review Phillip Tiesel's comment carefully, but if there is a real exploit, I'm pretty sure it would have to be Javascript, trying to find other devices on the LAN. I'm not sure why that would be more interesting than trying to find other devices with routeable IPv6 addresses in the same prefix, which is feasible today (and the reason why we recommend pseudo-random interface IDs). And at least on a Windows target, you don't need a Zone ID, so you could do it today. But the search space is still 2^64 in all cases. That's our primary defence against such attacks.
>
>
> Ah, I think you've made the key point here:
>
> I'm not sure why that would be more interesting than trying to find other devices with routeable IPv6 addresses in the same prefix, which is feasible today (and the reason why we recommend pseudo-random interface IDs).
>
>
> I think you should say this explicitly in the security considerations. I suppose there is one small difference between probing for a GUA and probing for a LLA: you know what the prefix of the LLA is going to be. So /that/ is the new "vulnerability" that this document potentially creates, although as you say I think exhausting that number space from a Javascript program would be ... difficult...
- WG Last Call for for draft-ietf-6man-rfc6874bis Jen Linkova
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… Ted Lemon
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… Brian E Carpenter
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… Ted Lemon
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… Michael Sweet
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… Brian E Carpenter
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… David Farmer
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… Ted Lemon
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… David Farmer
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… Ted Lemon
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… Brian E Carpenter
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… David Farmer
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… Brian E Carpenter
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… Jen Linkova
- Re: WG Last Call for for draft-ietf-6man-rfc6874b… Brian Carpenter