IETF Logo Mail Archive

Re: WG Last Call for for draft-ietf-6man-rfc6874bis

Ted Lemon <mellon@fugue.com> Sat, 18 June 2022 13:26 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A68DC15D874 for <ipv6@ietfa.amsl.com>; Sat, 18 Jun 2022 06:26:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.666
X-Spam-Level:
X-Spam-Status: No, score=-0.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 74u0pg5YAus1 for <ipv6@ietfa.amsl.com>; Sat, 18 Jun 2022 06:26:47 -0700 (PDT)
Received: from mail-oa1-x30.google.com (mail-oa1-x30.google.com [IPv6:2001:4860:4864:20::30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 173CAC15D873 for <ipv6@ietf.org>; Sat, 18 Jun 2022 06:26:46 -0700 (PDT)
Received: by mail-oa1-x30.google.com with SMTP id 586e51a60fabf-101ab23ff3fso5002578fac.1 for <ipv6@ietf.org>; Sat, 18 Jun 2022 06:26:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BeRKPc9rVROUcG80p8ZhiSkqTobxuCKBltTX4MohNO8=; b=OEJJx2uI6HUPc0YGg0t7d3IE5H2mC4ajGCNiZxuXwVVfT7Jvf4pz+WP4iJ1Y1RXdH7 Tsa+4HCBhATcLspXKwlmg1xxWiHWuG8HdEqWdyUqtz4xLvi2MTxzC0qg29gEXln/hf/K j6OfNfFRuWD6eS35oudlPslzZwuuS/jnQyI0BmkWNbHrxCIYaTajo4JEXbsxcT1g84M5 KuXMfj0rb+CplMTR6s7B0bpa6RYPFkjE1U8D8L4ocZjnssQCCe420+rXOJa1nutp1jEc K19z0cVji2Sg20h9Ro+xGsOIOlIxFMO5SAL22Uu/K+/XlwkhGfE5HmVC3KynQR0qMyWX KzHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BeRKPc9rVROUcG80p8ZhiSkqTobxuCKBltTX4MohNO8=; b=4NkG2zFKwUav3dMUSTHh7gB94QaxDZ2JxR0GuNwadF4cNiuAA5LdesiAL4mTGWP6Gu FcoB5+c1xx71UsQ1upkli9q5xQFlTZTjFuugOJKZlOuCb5L9SF1fVhfiNQxV56Y224AM 20q+fB96kjXTiqq8m6rT7GazxV0jGKkalIGTkACgDaPqiqMaVRdo+5MFAAJBqZOEMPzH isHco2DxepvD20hICuwi4A5ltsmtjPt181fePPIwmYv47XdYMWyLVmAx9g0qeKBMa28U dJFu5Kznhf7dW30lJyKD/fn4BIR772DOJsN3+GWPEKQTfPQfE9QiBLI87VKRAKVIUo7x jaiA==
X-Gm-Message-State: AJIora8AGu4yZnV5IaYeW2l7pydHVemf69tHS14BY1jddcrezTbxq0dD 55DZ3APHq82TdT6ngoe95FZBWm/7S8K/wh8TjKe/1ie2KPY=
X-Google-Smtp-Source: AGRyM1sHwe8mA2pNW/cMy8ZjlOeMioSp76TWhkwcqtxkLvGMlrpUlNclPSX/2+n6NClyf2Us/7CIGatJwV1uAOueO6g=
X-Received: by 2002:a05:6870:b40a:b0:101:a393:4cb9 with SMTP id x10-20020a056870b40a00b00101a3934cb9mr5236876oap.12.1655558805970; Sat, 18 Jun 2022 06:26:45 -0700 (PDT)
MIME-Version: 1.0
References: <CAFU7BAQVr_UMK_v7O7DGTV363j7q25X9GwrgraTEypzq_Lz3gQ@mail.gmail.com> <CAPt1N1m+g8Yu9rPyvfvrxG_bST_9_z3siByOCsMmeTpWAfAiZA@mail.gmail.com> <223eeed3-40f0-1958-5df4-a6b310a29706@gmail.com> <CAN-Dau14A+GANWRBwHH=+NTkcdaOTfrNN3wcfzo_iiWwo4LzLQ@mail.gmail.com> <CAPt1N1mt=ykhOcb8bXBw4antBBdprhVMNa2iHMBJ3GsR-VX5tg@mail.gmail.com> <CAN-Dau2LaLAu-phD0daBO=+KizdENLka1FTO2Nr-Yr5FHtOnFA@mail.gmail.com>
In-Reply-To: <CAN-Dau2LaLAu-phD0daBO=+KizdENLka1FTO2Nr-Yr5FHtOnFA@mail.gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Sat, 18 Jun 2022 09:26:10 -0400
Message-ID: <CAPt1N1kRv-mpkFRXBtbcpexDBQ_wXbvi0iTQFb1dd8vQ33LRCg@mail.gmail.com>
Subject: Re: WG Last Call for for draft-ietf-6man-rfc6874bis
To: David Farmer <farmer@umn.edu>
Cc: 6man <ipv6@ietf.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000088f27c05e1b8d2da"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/8TeNgb2_AYG0nklLmATpQYvQUmo>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jun 2022 13:26:48 -0000

Sure, from a packet capture, or if you're trying to reach the router's UI
and DNS-SD isn't working, you might dump the routing table and copy the
address out of the default route. Usually the MAC address is already
printed on the box, so you can take a picture of that with your phone and
cut and paste it into the terminal if you want to grep through the neighbor
table for the corresponding IP address. My point is just that us doing work
to set up circumstances in which there would be a small, typeable IPv6 LLA
is certainly an attractive idea for those of us who are accustomed to
typing http://192.168.1.1 into the address bar, but I don't think we can
replicate that experience for IPv6—there's not enough utility in it to
actually finish writing a document that explains how to do it (e.g., what
if you have /two/ routers?). And if we wrote such a document, it's hard to
see why router vendors would pay any attention to it.


On Sat, Jun 18, 2022 at 7:27 AM David Farmer <farmer@umn.edu> wrote:

> Not mandating anything, suggesting how they will me useful. Your
> suggesting a cut and paste, from what? A PCAP,
>
> On Sat, Jun 18, 2022 at 05:20 Ted Lemon <mellon@fugue.com> wrote:
>
>> It sounds like you’re reinventing dns-sd + mDNS. I think the usual use
>> case for IPv6 address literals is that you cut and paste them from the
>> terminal. I don’t think we need to mandate LLAs printed on the box.
>>
>> On Fri, Jun 17, 2022 at 23:51 David Farmer <farmer@umn.edu> wrote:
>>
>>>
>>>
>>> On Thu, Jun 16, 2022 at 9:55 PM Brian E Carpenter <
>>> brian.e.carpenter@gmail.com> wrote:
>>>
>>>> On 17-Jun-22 01:36, Ted Lemon wrote:
>>>> >
>>>> > In the security considerations section, I think if the syntax were
>>>> only allowed in the case of input into the browser's dialog box, then most
>>>> of the possible attacks would go away. If there is no anticipated use case
>>>> other than manual input (perhaps a scripted input would also count) then
>>>> unless the script would be allowed to open the URI but not otherwise probe
>>>> IPv6 address literals, it's hard to see what additional vulnerability this
>>>> would create.
>>>>
>>>> I still have to review Phillip Tiesel's comment carefully, but if there
>>>> is a real exploit, I'm pretty sure it would have to be Javascript, trying
>>>> to find other devices on the LAN. I'm not sure why that would be more
>>>> interesting than trying to find other devices with routeable IPv6 addresses
>>>> in the same prefix, which is feasible today (and the reason why we
>>>> recommend pseudo-random interface IDs). And at least on a Windows target,
>>>> you don't need a Zone ID, so you could do it today. But the search space is
>>>> still 2^64 in all cases. That's our primary defence against such attacks.
>>>>
>>>> I can, however, see use cases where embedding such a URL in a web page
>>>> would actually be useful to a service technician, so I'm fairly sure that
>>>> saying "don't do this" won't work.
>>>
>>>
>>> This got me thinking a bit;
>>>
>>> Maybe a short discussion, probably in an appendix, of LLA
>>> assignment strategies that are operationally useful for devices that
>>> intended support or require the use of manually entered Link-Local IPv6
>>> literals would be helpful and warranted.
>>>
>>> If you are going to manually enter a Link-Local IPv6 Literal into a
>>> browser the LLA, it would be very helpful for the LLA to either be known or
>>> discoverable by non-technical means, like being printed on the device's
>>> label or made available through a device's user interface, for example,
>>> printed on a printers test page, displayed on a video screen the device is
>>> attached to, etc...
>>>
>>> A naive device manufacturer, especially for a device with no user
>>> interface, could be tempted to use an LLA like fe80::1, which would be
>>> similar to the common IPv4 addresses used to bootstrap devices like
>>> 192.168.1.1 or 10.0.0.1. However, this is obviously a bad idea, because of
>>> the high probability of address collision and the trivially easy
>>> susceptibility to the types of attacks being discussed in this thread, but
>>> I think this is worth pointing out just how bad of an idea it is.
>>>
>>> Nevertheless, temporary or otherwise changing LLAs, perhaps generated on
>>> a per attachment basis, create a different problem, for devices that have
>>> no user interface, requiring a technical means to discover the LLA, in
>>> order to manually enter it. While for highly technical users, this would
>>> not be a problem. However, if this is intended to be useful to more general
>>> users, then requiring a technical means to discover the LLA would greatly
>>> limit the useability of Link-Local IPv6 Literals. While this could be a
>>> desirable feature, however, in that case, I suspect this entire endeavor is
>>> doomed to failure, as in order to get browsers to implement this feature it
>>> probably needs to be of some level of general usability for them to bother
>>> to implement the feature.
>>>
>>> So, from a usability perspective, and even though not recommended in
>>> most cases, a EUI-64 based LLA could be a good choice for devices with no
>>> user interface, as many, if not most, devices already have their MAC
>>> addresses printed on their label for a whole host of other reasons, making
>>> the LLA easily discovered by non-technical means. However, if a EUI-64
>>> based LLA is provided, it probably should be limited to LLA HTTP(S) access
>>> and not for sourcing more automated Link-Local tasks, such as Neighbor
>>> Discovery [RFC4861].
>>>
>>> That being said, EUI-64 based LLAs are still a bad idea for
>>> general-purpose devices or any device with even a minimal user interface
>>> capability, especially mobile devices.
>>>
>>> Another option could be a pseudo-random LLA generated at device
>>> manufacture, and also printed on the label, in addition to the MAC address.
>>>
>>> Finally, while most of the above are fairly obvious to members of the
>>> 6MAN and v6OPS working groups. However, they are probably not obvious to
>>> most IoT device implementers. Furthermore, helping IoT device implementers
>>> make good LLA assignment choices should help strengthen the case for
>>> browsers to support this feature.
>>>
>>> Thanks
>>>
>>
>>> --
>>> ===============================================
>>> David Farmer               Email:farmer@umn.edu
>>> Networking & Telecommunication Services
>>> Office of Information Technology
>>> University of Minnesota
>>> 2218 University Ave SE
>>> <https://www.google.com/maps/search/2218+University+Ave+SE?entry=gmail&source=g>
>>>       Phone: 612-626-0815
>>> Minneapolis, MN 55414-3029   Cell: 612-812-9952
>>> ===============================================
>>>
>> --
> ===============================================
> David Farmer               Email:farmer@umn.edu
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
>

v2.23.0 | Report a Bug | By Email