Errata for RFC4862
Mark Smith <markzzzsmith@gmail.com> Sun, 08 January 2017 05:30 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F0101294A9 for <ipv6@ietfa.amsl.com>; Sat, 7 Jan 2017 21:30:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kXOfDujvRRfi for <ipv6@ietfa.amsl.com>; Sat, 7 Jan 2017 21:30:35 -0800 (PST)
Received: from mail-ua0-x22b.google.com (mail-ua0-x22b.google.com [IPv6:2607:f8b0:400c:c08::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7022E129415 for <ipv6@ietf.org>; Sat, 7 Jan 2017 21:30:35 -0800 (PST)
Received: by mail-ua0-x22b.google.com with SMTP id y9so108539493uae.2 for <ipv6@ietf.org>; Sat, 07 Jan 2017 21:30:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=+Yh8UHvZ7KriKyHcmjb9R1ZS7dayCozEV7/EBo91U+Y=; b=E4UPvIMEZ6c4c2/kZTdegkp1u1wHShXGH+XZV03ae9fLDcf6quc50c7JsMfPnf8XrQ Km7Vz48NP2T7uvSs2/RtjhVd+QrB94x/RQ4zIYZtmQcdbKBzlHswxypQQue4OsCzeaJr 1yKqDprl5YjiBw2dLFeaSMNDv5c9D9DeIOjdIqm6OKFVeZGQ7eFgtyv22eBoJY/nZIkZ a6zGLzbHXhtSwrfKoVF6V5R8vfrBFyU1eK8nyXc/RgC/Fx1Yovut+oNncJIAHjfK4FCc DN2qqRQBhl7fnnONgR/qT5GxKrKzmu9F+3uogOfYlp3jAJL1cyZSqvGQOKkGPWYCsSxg AXdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=+Yh8UHvZ7KriKyHcmjb9R1ZS7dayCozEV7/EBo91U+Y=; b=QVQRt/X+R6gZ7blG8PjkKwE73N7Qoz9rXi2zg7wJezmDLJCb4L5LSzfq7GcKklR2bu igS6sbM1tiOlI+DU0V4acH8m0Ej9px9Kjke4TKaZK/jDuFK1rKw+sH6n+P8YrQjomg51 kvhAmXDU3CwUpWeM9SucqXvGeNIFzsWuSQO0V9bfVsLY+gXJVB8IT4aJCbARwDkwenQK oZ35EwKucqJQU+zpBH/pVIsbjcgnBtNGccels8dY+evy2WUP3jQiQi47jzcKDfLUYPgL kPXFkRSouFaGHzAFrCpTY0PnfYMK7Q1NgEjt31EoziNN/t3MuTBk8iA1xRD3Y7etF0JR HBGA==
X-Gm-Message-State: AIkVDXL4WOa36aXsoFHiLCvexMVZm60BVXcnYeh+tz3mjtpPsAvzV7+nKYblIHu/BTMrRd/7ulfZjt2NLGkCWg==
X-Received: by 10.159.36.73 with SMTP id 67mr14084522uaq.124.1483853434435; Sat, 07 Jan 2017 21:30:34 -0800 (PST)
MIME-Version: 1.0
Received: by 10.176.8.217 with HTTP; Sat, 7 Jan 2017 21:30:04 -0800 (PST)
From: Mark Smith <markzzzsmith@gmail.com>
Date: Sun, 08 Jan 2017 16:30:04 +1100
Message-ID: <CAO42Z2xH9wqXKFjtAbv6isQ3cG1=FNUmkNFq2DGJdqj9BFDVaQ@mail.gmail.com>
Subject: Errata for RFC4862
To: 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/6skiNI-avZHMnqDR3v5ts63qaJM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jan 2017 05:30:36 -0000
Hi, I've struggled with the Errata tool complaining about not having line breaks at 72 characters for the last 15 or so minutes, and after making number of failed attempts to fix that, that's enough! Section: 5.5.3 RouterAdvertisement Processing Original Text: 1. If the received Valid Lifetime is greater than 2 hours or greater than RemainingLifetime, set the valid lifetime of the corresponding address to the advertised Valid Lifetime. 2. If RemainingLifetime is less than or equal to 2 hours, ignore the Prefix Information option with regards to the valid lifetime, unless the Router Advertisement from which this option was obtained has been authenticated (e.g., via Secure Neighbor Discovery [RFC3971]). If the Router Advertisement was authenticated, the valid lifetime of the corresponding address should be set to the Valid Lifetime in the received option. 3. Otherwise, reset the valid lifetime of the corresponding address to 2 hours. Corrected Text: 1. If the Router Advertisement is not authenticated (e.g., via Secure Neighbor Discovery [RFC3971]), and if the received Valid Lifetime is greater than 2 hours, set the valid lifetime of the corresponding address to the advertised Valid Lifetime. 2. If the Router Advertisement has been authenticated (e.g., via Secure Neighbor Discovery [RFC3971]), the valid lifetime of the corresponding address should be set to the Valid Lifetime in the received option (regardless of whether it is greater than 2 hours or not). 3. Otherwise, reset the valid lifetime of the corresponding address to 2 hours. In other words, unless an RA is authenticated, Valid Lifetimes in RA PIOs MUST be greater than 2 hours. Notes: For unauthenticated RAs, throughout the text there are numerous checks to prevent a possible DoS attack described in the subsequent paragraph: "The above rules address a specific denial-of-service attack in which a bogus advertisement could contain prefixes with very small Valid Lifetimes." Check 1 above would seem to allow a Valid Lifetime in an RA PIO that is much less than 2 hours, as long as the value is greater than the RemainingLifetime. For example, if a host's RemainingLifetime for an address is 60 seconds, an RA PIO ValidLifetime of 61 seconds would be acceptable. This would seem to contradict the DoS protection goal. Check 2 does check to ensure that RemainingLifetime is greater than 2 hours, however Check 1 has already accepted the RA PIO VL <2 hours (if greater than RemainingLifetime) and set the address's Valid Lifetime to a value possibly much less than 2 hours. An attacker could take advantage of this by doing the following: 1. Send an initial RA with a ValidLifetime of 2 hours, which would pass Check 1. 2. Wait until around 1 hour and 59.5 minutes, and then send an RA with a ValidLifetime of 61 seconds. 3. Send RAs every 30 or so seconds with a ValidLifetime of 61 seconds, holding all of the victim hosts' ValidLifetimes at a low value. These RAs would also pass Check 1 as long as the VL in the RA was greater than the hosts' current VL for the addresses. 4. When it could cause the most significant denial of service, stop sending the RAs, causing the hosts' address VLs and therefore the addresses to expire within 60 seconds or so. Regards, Mark.
- Errata for RFC4862 Mark Smith
- Re: Errata for RFC4862 otroan
- Re: Errata for RFC4862 Fernando Gont
- Re: Errata for RFC4862 otroan
- Re: Errata for RFC4862 神明達哉
- Re: Errata for RFC4862 Mark Smith
- Re: Errata for RFC4862 Tim Chown
- Re: Errata for RFC4862 神明達哉
- Re: Errata for RFC4862 Mark Smith
- Re: Errata for RFC4862 Tim Chown