[IPv6]Deb Cooley's Discuss on draft-ietf-6man-icmpv6-reflection-12: (with DISCUSS and COMMENT)

Deb Cooley via Datatracker <noreply@ietf.org> Sun, 16 November 2025 12:02 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Deb Cooley via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <176329456182.537904.482025678357762045@dt-datatracker-5bd94c585b-wk4l4>
Date: Sun, 16 Nov 2025 04:02:41 -0800
Message-ID-Hash: O32LC5UP7VEYC2ZHO5M2T3YXQHOQO3ON
CC: 6man-chairs@ietf.org, draft-ietf-6man-icmpv6-reflection@ietf.org, ipv6@ietf.org
Reply-To: Deb Cooley <debcooley1@gmail.com>
Subject: [IPv6]Deb Cooley's Discuss on draft-ietf-6man-icmpv6-reflection-12: (with DISCUSS and COMMENT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/8OUCdbk4JhYTrTTMv5A10Bq8oM8>

Deb Cooley has entered the following ballot position for
draft-ietf-6man-icmpv6-reflection-12: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-6man-icmpv6-reflection/

----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

In my opinion, this is a dangerous extension that can be used for harm without
detection.

Prevention of modification: I don't see any way to determine if either the
request or the response has been modified. Any of the sender, recipient, or
entities in-between can modify the contents to contain the information that
they want to convey. The recipient can lie about what has been received.
Middleboxes can modify any of the packets in either direction.

Creating an unauthorized information channel: In addition, either endpoint can
include 'arbitrary' data (as specified in Section 5, second to last paragraph)
creating a channel to exfil (policy) prohibited information. The only limit to
the size of the packet is a 'SHOULD NOT' to avoid fragmentation (Section 4,
para 1). Only a soft 'must not' in Section 4 alludes to a middlebox capability
to block attempted exfil.

Possible ways forward: There has to be an allowance for a middlebox (boundary
device) to protect the network by blocking exfil of policy prohibited data.
There could be hard limits for packet size. And the allowance for the
inclusion of 'arbitrary data' in the request could be removed. There also
could to be strong wording in Security Considerations about how this mechanism
can be abused. I'd be happy to help craft the Sec Consid part.

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks to Robert Starks for their secdir review.

[IPv6]Deb Cooley's Discuss on draft-ietf-6man-icm… Deb Cooley via Datatracker
[IPv6]Re: Deb Cooley's Discuss on draft-ietf-6man… Bonica, Ron
[IPv6]Re: Deb Cooley's Discuss on draft-ietf-6man… Deb Cooley
[IPv6]Re: Deb Cooley's Discuss on draft-ietf-6man… Bonica, Ron
[IPv6]Re: Deb Cooley's Discuss on draft-ietf-6man… Deb Cooley