IETF Logo Mail Archive

Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05

David Farmer <farmer@umn.edu> Thu, 09 May 2019 16:48 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 047E8120136 for <ipv6@ietfa.amsl.com>; Thu, 9 May 2019 09:48:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AEYERVuUggVe for <ipv6@ietfa.amsl.com>; Thu, 9 May 2019 09:48:10 -0700 (PDT)
Received: from mta-p5.oit.umn.edu (mta-p5.oit.umn.edu [134.84.196.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EB3812006B for <ipv6@ietf.org>; Thu, 9 May 2019 09:48:10 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mta-p5.oit.umn.edu (Postfix) with ESMTP id BF7726E7 for <ipv6@ietf.org>; Thu, 9 May 2019 16:48:09 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p5.oit.umn.edu ([127.0.0.1]) by localhost (mta-p5.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vtf9CaU92QP7 for <ipv6@ietf.org>; Thu, 9 May 2019 11:48:09 -0500 (CDT)
Received: from mail-ua1-f71.google.com (mail-ua1-f71.google.com [209.85.222.71]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p5.oit.umn.edu (Postfix) with ESMTPS id 7C1E2B6E for <ipv6@ietf.org>; Thu, 9 May 2019 11:48:09 -0500 (CDT)
Received: by mail-ua1-f71.google.com with SMTP id r36so264588uar.18 for <ipv6@ietf.org>; Thu, 09 May 2019 09:48:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KanxsVfOiOfPE4CLLY2BcEodyaWTb8YvpWgmsyVgqyo=; b=nDxXi0nUD1GT47TRYiv4KA8imv0rSHeOFJM3qGm6ZiZvY5rqHznygK44S5zElWxnhb aHY5hh00D1TwHzxADs+KD8QQSOV8zQCr5skZ/mQJ9RFnnk759Z+MF8SMIT5ayi+DfGdU 0+b9qiK/2zxNKZactMaoi8D8FtwSwZx1fXeZiIkcUz0srB7/B5pMCLVag8HhK7yUC2Bg cFM1RSdi1g+dtKCEdDQkRamy3edll0t2MUtapR2uTLsvJzZmTsjypqM2rTgC8isSt2kr eTvdRw0VqGHhvJ6tpDtAerKNrf9hl6SQSNxOukQL68sLOtr85Xh5yUBCgNXBKWMgHilW GhYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KanxsVfOiOfPE4CLLY2BcEodyaWTb8YvpWgmsyVgqyo=; b=bkZgFLnLQiNQk6L3N7yC5Ubtgpl1e8FOu4VHcsMqCGx6s16hAOFyn/WsWU+H+9XCQg u8L/WKk0y29J38McDjSfy2Gzh+hhSjV+8mUelgikQk38+f3gPN/I6zj6Pdl/+NUgMKoR 8+eRhKwZ5PLtT8cyOw4L3WWmTdOIB7QPntMLxL0Of0FrvY4AamMAF4BaZenC5cQ/M9vQ mgip0IRQ8vbWTHDSaFo5F9zuxhHrhZOhShuNlx5OUWJu1tSsC1kyGxIU2gp1l+EQkg5Z dEZsO4IsT+FG994BzzRa/4MxwFd6rCM6Hi9rDYSlwp6HCBBWWBeMHZF0r3386Yg8l0kE Oyzw==
X-Gm-Message-State: APjAAAWI3H1E4QvKuN5rMMZTcKXarFM1w1mnVJm1tYIUMzDPYYw9yAB/ Rm+fomFdEbca4jGlyWACGjNeIyPjNHnTc6DMvnsp7qLFB1iWTG5z0uJr22hY0DcnvLWfMbJOM11 CxGNfSB89uB6JDGwdcmBr+YfE
X-Received: by 2002:a9f:3e4e:: with SMTP id c14mr2480542uaj.71.1557420488027; Thu, 09 May 2019 09:48:08 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxzC6BE84frbsTMNBsvS/Q8O6FcxLZNzZkmQ/NO3s2kN5xm5TC1jJeZU7FToSyvuPhzaqXVNDDxJe439vF/vdU=
X-Received: by 2002:a9f:3e4e:: with SMTP id c14mr2480519uaj.71.1557420487611; Thu, 09 May 2019 09:48:07 -0700 (PDT)
MIME-Version: 1.0
References: <F8BFFCAD-E58E-4736-8A1C-56579B6F6032@employees.org> <a2465e81-a17f-ab48-efda-20fe12a70077@foobar.org> <30239E0C-C444-4A7E-8342-AEE47BF8A2BB@employees.org> <8b9fd743-bfcc-525c-98f6-154f3fa713cc@foobar.org> <CAO42Z2zEWvt9NyemMb8H0AEvPvmNSDGa4wcXiS6n5yRxNFCHQg@mail.gmail.com> <c7e18765-be04-6494-8193-984dbccb520b@foobar.org> <CANMZLAYh+V57yrWOzmUyjSMK0g95u1D5_GZmyZBMOMKAZnrnCg@mail.gmail.com> <3F474511-6FE3-4A0A-9B84-7C37F08FBB5D@steffann.nl> <E352C226-C708-4418-BCDE-10525CAB109A@jisc.ac.uk> <652fb10e-b8ce-0151-a9a0-62d2378caed2@gmail.com> <0079c716-d56c-7199-f493-f5e56e1307ae@foobar.org> <b33de303-eaca-f7f6-804e-2c9343eb92a1@gmail.com> <6C4ABEF1-2565-4BA9-9FC5-5B3C45A719AD@gmail.com> <c2222416-6491-1906-a403-d012777a4b38@gmail.com> <CABNhwV0-SdKZqQa4z9jhpc8h1Eq=8UxRhtvHt1==BYEMTVRjug@mail.gmail.com> <96790121-7D50-4C6F-924F-87065B989E44@gmail.com> <ccab3694-54f2-bdd1-f8ac-cb159dbc0a81@gont.com.ar> <CAN-Dau0_w0n9C6grqi1bXAL-k239K7RMiQyhx5=c-Y_wqrV2OQ@mail.gmail.com> <20191d2e-32f3-a8e9-e3be-e67b326e3061@gmail.com>
In-Reply-To: <20191d2e-32f3-a8e9-e3be-e67b326e3061@gmail.com>
From: David Farmer <farmer@umn.edu>
Date: Thu, 09 May 2019 11:47:50 -0500
Message-ID: <CAN-Dau21yEap8P8TcXfTPPyFH6W9bJ7bWh6xZN-Guqba1_im4g@mail.gmail.com>
Subject: Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Fernando Gont <fernando@gont.com.ar>, IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000ee3202058877363b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/6wNX05xyTvQt3CDEArw47EbCzUg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 May 2019 16:48:12 -0000

On Wed, May 8, 2019 at 5:30 PM Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> David,
>
> > A host that receives any RAs with the flag set to 1
>
> No! That must be
>
> A host that receives only RAs with the flag set to 1
>
> It is an absolute requirement that all routers must agree that the flag is
> 1, or else it has no effect.
>
> Otherwise I'm sympathetic to your rewrite, but I see little point in
> updating the draft until the WG Chair gives us a read-out on the rough
> consensus.
>

Because with this flag now only being a secondary signal and the lack of
any DHCPOFFERS is now the primary signal, it is safe to allow any RA set to
1 to trigger no longer auto-configuring an IPv4 Link-Local address, this
only has an effect if the host also doesn't receive any DHCPOFFERS. So, if
the host receives one RA with the flag set and one RA with the flag
cleared, the host should continue sending DHCPDISCOVERS perodically and
configure an IPv4 address if it gets any DHCPOFFER. However, if it never
gets any DHCPOFFERS it should not auto-configure of an IPv4 Link-Local
address, even though there are conflicting settings of this flag in the RAs.

This at least partially mitigates the malicious sending of an RA with the
flag cleared on an IPv6-Only network, again the lack of DHCPOFFERS controls
if the host configures an IPv4 address or not, this flag only says what to
do if you don't receive any DHCPOFFERS and whether or not to continue
sending periodic DHCPDISCOVERS. Further, you should only stop sending
DHCPDISCOVERS if the flags in RAs received all agree.

Thanks.

-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email