IETF Logo Mail Archive

Re: 6MAN Agenda for IETF86

Nalini Elkins <nalini.elkins@insidethestack.com> Tue, 05 March 2013 13:33 UTC

Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9EF121F85D9 for <ipv6@ietfa.amsl.com>; Tue, 5 Mar 2013 05:33:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.616
X-Spam-Level:
X-Spam-Status: No, score=-1.616 tagged_above=-999 required=5 tests=[AWL=-0.218, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, J_CHICKENPOX_21=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UcdMnu6Aj02L for <ipv6@ietfa.amsl.com>; Tue, 5 Mar 2013 05:33:21 -0800 (PST)
Received: from nm14-vm0.access.bullet.mail.mud.yahoo.com (nm14-vm0.access.bullet.mail.mud.yahoo.com [66.94.236.15]) by ietfa.amsl.com (Postfix) with ESMTP id 8A42221F85CB for <ipv6@ietf.org>; Tue, 5 Mar 2013 05:33:21 -0800 (PST)
Received: from [66.94.237.197] by nm14.access.bullet.mail.mud.yahoo.com with NNFMP; 05 Mar 2013 13:33:21 -0000
Received: from [66.94.237.101] by tm8.access.bullet.mail.mud.yahoo.com with NNFMP; 05 Mar 2013 13:33:21 -0000
Received: from [127.0.0.1] by omp1006.access.mail.mud.yahoo.com with NNFMP; 05 Mar 2013 13:33:21 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 96717.67965.bm@omp1006.access.mail.mud.yahoo.com
Received: (qmail 48517 invoked by uid 60001); 5 Mar 2013 13:33:20 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1362490400; bh=3+bWhGaqQ3vl8KujGy0eqw6Iem6GqXzDqaFHKMqxCRk=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=gvKYDcdDyYQdtDcXMYS/A2jXZVE7Ex1/zCv6dGeiFXFvHCcRKmjeiwJrigfxygfrorDoP4sLVXQlkhckjKmMRqlu19TrveHYGP78G4dd0a+8laIRfoB9s7sVCKhvNBelLhzsg/wdfRTwiAlNSlnJ2t/92acZQ6H5FKAWjTJK/uU=
X-YMail-OSG: cB86PjcVM1m9TUeRKBrm_0ZyLf1QtJiA7yxHmxPBNIidAAU Qf077jHfKMp0ctSYriAy0dgYC27sOHOvUp9oE4_5VunvROhEyW7.bGz1Qv0i FYNv4pclF732tkoNWB3sCuEfplonDhTAHAE7LHZiLVIVaS9EUGnnRc3TB0oI KZClmaefY9oWHW9nh3t9q1_fnDd8jDOGzMsQ.vLI9cgF0RrTbYzjxA8dS07x YvknrE0cnMXD0iRRlbuLURoatU0H_AhmYXM3IKbVK32ELqTPBIOBWIDkGofo fDSlB6DrXVO0kP9J7gXUHgJIOUaAfWR2SAQWpKWixvupStgymDfTaPiugniA taiJFgYD4AkIXVryIDwG5pA9pai2UDIIHUUbKdJAOLQw0uI7L0WvGX51nGPy Tgegj8MryK6cDxihfGf1uv.F5knKBkc.dqbtq7onQBggmHgjyQoyvOd3zuuc MFf0DVhel5KfKQAfKVk4E1dSuyHh9RqHpz3m2YbdD6DOoB9BIG9xB3tLojoL oEZ8Mt44usyCbV6gEQqzffWHCjKh5GrS3PwCi60aEdMBlYCh4V2kHZrR6Tad gAAn0UUcQY7y0u0OpJa2k4XCFaFbx4U.17.hHQF84IQ--
Received: from [24.130.37.147] by web2805.biz.mail.ne1.yahoo.com via HTTP; Tue, 05 Mar 2013 05:33:20 PST
X-Rocket-MIMEInfo: 001.001, S2FybCwKCkkgZGVmaW5pdGVseSBhZ3JlZSB0aGF0IE5EIG5lZWRzIHRvIGJlIHNlY3VyZWQuIMKgQWxzbyBhZ3JlZSB0aGF0IG5laXRoZXIgSVBTZWMgbm9yIFNFTkQgYXJlIHZpYWJsZSBzb2x1dGlvbnMuCgpJIGRvIG5vdCBrbm93IGlmIEkgYW0gbWlzc2luZyBzb21ldGhpbmcgYnV0IEkgaGF2ZSBub3Qgc2VlbiBhIGNvbXByZWhlbnNpdmUgZG9jdW1lbnQgd2l0aCB0aGVzZSBwcm9ibGVtcyBkZXRhaWxlZC4gwqBJIGNlcnRhaW5seSBkb24ndCBoYXZlIGEgc29sdXRpb24gYnV0IEkgaGF2ZSBiZWVuIHRyeWkBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.135.514
References: <7EE61AD6-2E54-4F17-BBFD-30BE77F7E782@gmail.com> <1362476231.3387.278.camel@karl>
Message-ID: <1362490400.37136.YahooMailNeo@web2805.biz.mail.ne1.yahoo.com>
Date: Tue, 05 Mar 2013 05:33:20 -0800
From: Nalini Elkins <nalini.elkins@insidethestack.com>
Subject: Re: 6MAN Agenda for IETF86
To: Karl Auer <kauer@biplane.com.au>, "ipv6@ietf.org" <ipv6@ietf.org>
In-Reply-To: <1362476231.3387.278.camel@karl>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1619178251-1124769058-1362490400=:37136"
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Nalini Elkins <nalini.elkins@insidethestack.com>
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2013 13:33:22 -0000

Karl,

I definitely agree that ND needs to be secured.  Also agree that neither IPSec nor SEND are viable solutions.

I do not know if I am missing something but I have not seen a comprehensive document with these problems detailed.  I certainly don't have a solution but I have been trying to at least catalog such problems.   If there is such a document, would appreciate anyone letting me know.

If there isn't, if you would like, we can collaborate on such a document and create a draft for the IETF meeting in Berlin.   Maybe v6Ops is a place to discuss this topic.  Once many at IETF agree that indeed there is a problem, then we can discuss a potential solution.
 
Thanks,


Nalini Elkins
Inside Products, Inc.
(831) 659-8360
www.insidethestack.com



________________________________
 From: Karl Auer <kauer@biplane.com.au>
To: ipv6@ietf.org 
Sent: Tuesday, March 5, 2013 1:37 AM
Subject: Re: 6MAN Agenda for IETF86
 
On Mon, 2013-03-04 at 16:02 -0800, Bob Hinden wrote:
>    A Simple Secure Addressing Generation Scheme for IPv6
> AutoConfiguration
>     draft-rafiee-6man-ssas-01.txt
> [...]
>    DHCPv6/SLAAC Address Configuration Interaction Problem Statement
>     draft-liu-bonica-dhcpv6-slaac-problem-01.txt
> 
> We did not think there had been enough discussion or interest on the
> w.g. list to guarantee a speaking slot.  We allocated short slots at
> the end of the session if there is time before the meeting ends.  If
> anyone (other than the authors) think one of these should be given
> more time, please speak up.

For what it's worth it seems to me that there is a gaping hole around
securing ND. IPSec is obviously ridiculous, SEND is only marginally less
ridiculous. Maybe SSAS is a way forward? Or maybe noone else thinks ND
needs to be secured? Maybe the meeting could attempt to gauge whether
this is actually a real problem. I think it is, and I urge others to
speak up if they too think this should be pursued.

If there is a priority to these things, then sorting out the perceived
and actual discrepancies\ and ambiguities in the meaning of the RA M and
O flags would seem pretty important. Otherwise they will end up cemented
into even more implementations than they are now. The way Windows
handles them is just plain broken, and if the RFCs support that way of
handling them, then the RFCs are broken. At very least this topic needs
some impetus.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer@biplane.com.au)
http://www.biplane.com.au/kauer
http://www.biplane.com.au/blog

GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email