IETF Logo Mail Archive

Re: Errata for RFC4862

Tim Chown <Tim.Chown@jisc.ac.uk> Tue, 10 January 2017 12:45 UTC

Return-Path: <tim.chown@jisc.ac.uk>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C1AA129F8E for <ipv6@ietfa.amsl.com>; Tue, 10 Jan 2017 04:45:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.091
X-Spam-Level:
X-Spam-Status: No, score=-4.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=jisc365.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60CVPijyxR9J for <ipv6@ietfa.amsl.com>; Tue, 10 Jan 2017 04:45:35 -0800 (PST)
Received: from eu-smtp-delivery-189.mimecast.com (eu-smtp-delivery-189.mimecast.com [207.82.80.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3354F129E83 for <ipv6@ietf.org>; Tue, 10 Jan 2017 04:45:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jisc365.onmicrosoft.com; s=selector1-jisc-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GEiMbZgDvCBaofQWYXIm7MrxtT8xYGDUqsZlLrH07Q8=; b=O96vF64e2xyZ3SPHtjs5u1whG2Y805UoLp4oX2JGK1vDd5+AKq559YRgVdF9EWmiNPI1A0YF06nt2MTSG3Upw/l8PzsEojZjyJv4rHR7ccyg588TjLs4LY3onzQG0gIujtnKX2DQxxhSZsvySn4IXMuOGzO3w54QGfngg508/sw=
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01lp0239.outbound.protection.outlook.com [213.199.154.239]) (Using TLS) by eu-smtp-1.mimecast.com with ESMTP id uk-mta-88-VGEZQpwCOfK07fhoS28BMQ-1; Tue, 10 Jan 2017 12:45:29 +0000
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com (10.163.188.14) by AM3PR07MB1137.eurprd07.prod.outlook.com (10.163.188.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.845.3; Tue, 10 Jan 2017 12:45:28 +0000
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::5973:c4fc:6c1c:27c2]) by AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::5973:c4fc:6c1c:27c2%14]) with mapi id 15.01.0845.012; Tue, 10 Jan 2017 12:45:28 +0000
From: Tim Chown <Tim.Chown@jisc.ac.uk>
To: "otroan@employees.org" <otroan@employees.org>
Subject: Re: Errata for RFC4862
Thread-Topic: Errata for RFC4862
Thread-Index: AQHSaXBn5ebqxyUYbEyFjv7/ZjHe0aEv2MYAgAHTMAA=
Date: Tue, 10 Jan 2017 12:45:27 +0000
Message-ID: <4921ADB7-42A6-443E-B639-A3F6F300B13C@jisc.ac.uk>
References: <CAO42Z2xH9wqXKFjtAbv6isQ3cG1=FNUmkNFq2DGJdqj9BFDVaQ@mail.gmail.com> <E459F5B0-D088-4D74-B92A-9A8671249716@employees.org>
In-Reply-To: <E459F5B0-D088-4D74-B92A-9A8671249716@employees.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3259)
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [194.12.168.164]
x-ms-office365-filtering-correlation-id: fb186b98-e537-4249-e27f-08d439568e22
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:AM3PR07MB1137;
x-microsoft-exchange-diagnostics: 1; AM3PR07MB1137; 7:DwpIStPMkkGbcrUUgY1/cVuetTD70BgiUkA392XJa8E2kCzE3uUnJYXftJBQpUAzq83eUjaTed1mLVz0IUKKps1giKwXlPGvbRk5POwkVa0pTJLkQ/zqCB8rmQILaHRslc4127RV1ejWzHCOoPSVG5xYje0fdvoUA+m14AaqXh3izL+wd9bXx/N+QR8/KBgFAzbkb26YCpYbUIzkn/Zf3bIMDQWM+vsz1C+yhxZ+LUqdy6LbP5xWonrAm2HEadU5EKqQqHLRVQbcYCxcmZ0yGgamqZMHyTTqOKg97OkBKBLqd89KwjjWIhU+umd1ZRjHO2rDYyCTxG8rlVoXjTGEF/v65Xj/qlrYBmQTnoQqeDwZsFaKv1Aiqy57qBtMm/8DXMY4ciVnLqmyvRJYApiXs7LZb/rqT5c14X1+F+fnD6dGFt65SlyM3J3U8nuwrIE6TwaOOF275yLK2OaGFkBgyw==; 20:8j2Y6+P5AMMkOYX5QBbJtA03jhNkXuSVMruFFxUzJfFLGmmlfghIaDBQDjoxoVQCKfSzB+h3SIi42iq7790599WHyv/8tMet6MnAdIxmBYuCiHL7/fd2Mj5VPI9eqUNlqCsb/tj8+4lrulHRiXN/qrY4bSaRNoL4SZUNPWPIRhs=
x-microsoft-antispam-prvs: <AM3PR07MB11372B00AC08FF2F9D3908D3D6670@AM3PR07MB1137.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(20161123562025)(20161123555025)(20161123564025)(20161123560025)(6072148); SRVR:AM3PR07MB1137; BCL:0; PCL:0; RULEID:; SRVR:AM3PR07MB1137;
x-forefront-prvs: 01834E39B7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(39450400003)(189002)(199003)(85644002)(24454002)(86362001)(102836003)(6116002)(229853002)(57306001)(6436002)(39060400001)(3846002)(76176999)(50986999)(101416001)(6486002)(3660700001)(38730400001)(6512007)(6306002)(105586002)(106116001)(68736007)(106356001)(36756003)(74482002)(66066001)(3280700002)(4326007)(2351001)(97736004)(33656002)(5640700003)(2900100001)(189998001)(82746002)(50226002)(54906002)(7736002)(83716003)(92566002)(99286003)(8676002)(2950100002)(42882006)(6916009)(1730700003)(81156014)(305945005)(5250100002)(2906002)(7116003)(110136003)(2501003)(5660300001)(6506006)(81166006)(8936002)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR07MB1137; H:AM3PR07MB1140.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-ID: <635DBE432CA11F4BAA4B41E212817721@eurprd07.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: jisc.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jan 2017 12:45:27.9392 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR07MB1137
X-MC-Unique: VGEZQpwCOfK07fhoS28BMQ-1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/AzEBNV-9dblWINKsxoXtot2tzv8>
Cc: 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2017 12:45:38 -0000

> On 9 Jan 2017, at 08:53, otroan@employees.org wrote:
> 
> Mark,
> 
> The current text is crafted both to allow renumbering and to support scenarios where the RA lifetimes are short. I.e. under two hours.
> Your proposed changes appear to lock the lifetimes to no less than two hours. Is that correctly understood?

Do you mean Preferred or Valid Lifetimes?

My recollection of running renumbering experiments is that it’s the Preferred Lifetime that matters, i.e. when that is set to zero for a prefix, the prefix is marked as deprecated.  So when renumbering, you run with two prefixes advertised, old and new, setting the Preferred Lifetime to 0 on the old prefix (even though the Valid Lifetime is set to 2+ hours), so that the address with the new prefix is used for newly initiated communications (as per RFC 6724, Rule 3).

Tim

> Btw, this might not be appropriate for an erratum, but I do also think we should revisit this behaviour. For the IPv6 core specifications to Internet standards work, I think the tentative conclusion was that we needed to do 4861/4862bis documents in-place before considering an advancement.
> 
> O.
> 
>> On 8 Jan 2017, at 06:30, Mark Smith <markzzzsmith@gmail.com> wrote:
>> 
>> Hi,
>> 
>> I've struggled with the Errata tool complaining about not having line
>> breaks at 72 characters for the last 15 or so minutes, and after
>> making number of failed attempts to fix that, that's enough!
>> 
>> Section:
>> 
>> 5.5.3 RouterAdvertisement Processing
>> 
>> 
>> Original Text:
>> 
>>     1.  If the received Valid Lifetime is greater than 2 hours or
>>         greater than RemainingLifetime, set the valid lifetime of the
>>         corresponding address to the advertised Valid Lifetime.
>> 
>>     2.  If RemainingLifetime is less than or equal to 2 hours, ignore
>>         the Prefix Information option with regards to the valid
>>         lifetime, unless the Router Advertisement from which this
>>         option was obtained has been authenticated (e.g., via Secure
>>         Neighbor Discovery [RFC3971]).  If the Router Advertisement
>>         was authenticated, the valid lifetime of the corresponding
>>         address should be set to the Valid Lifetime in the received
>>         option.
>> 
>>     3.  Otherwise, reset the valid lifetime of the corresponding
>>         address to 2 hours.
>> 
>> 
>> Corrected Text:
>> 
>> 1. If the Router Advertisement is not authenticated (e.g., via Secure
>> Neighbor Discovery [RFC3971]), and if the received Valid Lifetime is greater
>> than 2 hours, set the valid lifetime of the corresponding address to the
>> advertised Valid Lifetime.
>> 
>> 2. If the Router Advertisement has been authenticated (e.g., via Secure
>> Neighbor Discovery [RFC3971]), the valid lifetime of the corresponding
>> address should be set to the Valid Lifetime in the received option
>> (regardless of whether it is greater than 2 hours or not).
>> 
>> 3.  Otherwise, reset the valid lifetime of the corresponding address to 2
>> hours.
>> 
>> In other words, unless an RA is authenticated, Valid Lifetimes in RA PIOs
>> MUST be greater than 2 hours.
>> 
>> 
>> Notes:
>> 
>> For unauthenticated RAs, throughout the text there are numerous checks
>> to prevent a possible DoS attack described in the subsequent
>> paragraph:
>> 
>> "The above rules address a specific denial-of-service attack in
>>     which a bogus advertisement could contain prefixes with very small
>>     Valid Lifetimes."
>> 
>> Check 1 above would seem to allow a Valid Lifetime in an RA PIO that
>> is much less than 2 hours, as long as the value is greater than the
>> RemainingLifetime. For example, if a host's RemainingLifetime for an
>> address is 60 seconds, an RA PIO ValidLifetime of 61 seconds would be
>> acceptable. This would seem to contradict the DoS protection goal.
>> 
>> Check 2 does check to ensure that RemainingLifetime is greater than 2
>> hours, however Check 1 has
>> already accepted the RA PIO VL <2 hours (if greater than
>> RemainingLifetime) and set the address's Valid
>> Lifetime to a value possibly much less than 2 hours.
>> 
>> An attacker could take advantage of this by doing the following:
>> 
>> 1. Send an initial RA with a ValidLifetime of 2 hours, which would pass Check 1.
>> 2. Wait until around 1 hour and 59.5 minutes, and then send an RA with
>> a ValidLifetime of 61 seconds.
>> 3. Send RAs every 30 or so seconds with a ValidLifetime of 61 seconds,
>> holding all of the victim hosts'
>> ValidLifetimes at a low value. These RAs would also pass Check 1 as
>> long as the VL in the RA was
>> greater than the hosts' current VL for the addresses.
>> 4. When it could cause the most significant denial of service, stop
>> sending the RAs, causing the hosts'
>> address VLs and therefore the addresses to expire within 60 seconds or so.
>> 
>> 
>> Regards,
>> Mark.
>> 
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email