Re: [2462bis] preferred lifetime and the 'two-hour' rule

Erik Nordmark <Erik.Nordmark@sun.com> Fri, 06 February 2004 01:06 UTC

Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA21574 for <ipv6-archive@odin.ietf.org>; Thu, 5 Feb 2004 20:06:49 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AouRo-0006AS-Iw for ipv6-archive@odin.ietf.org; Thu, 05 Feb 2004 20:06:20 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i1616KDr023702 for ipv6-archive@odin.ietf.org; Thu, 5 Feb 2004 20:06:20 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AouRo-0006AD-CA for ipv6-web-archive@optimus.ietf.org; Thu, 05 Feb 2004 20:06:20 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA21558 for <ipv6-web-archive@ietf.org>; Thu, 5 Feb 2004 20:06:18 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AouRm-00004W-00 for ipv6-web-archive@ietf.org; Thu, 05 Feb 2004 20:06:18 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AouQp-00001g-00 for ipv6-web-archive@ietf.org; Thu, 05 Feb 2004 20:05:20 -0500
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AouQ1-0007nf-00 for ipv6-web-archive@ietf.org; Thu, 05 Feb 2004 20:04:29 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AouPa-0005hk-2B; Thu, 05 Feb 2004 20:04:02 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AouOz-0005gg-F1 for ipv6@optimus.ietf.org; Thu, 05 Feb 2004 20:03:25 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA21480 for <ipv6@ietf.org>; Thu, 5 Feb 2004 20:03:24 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AouOx-0007jr-00 for ipv6@ietf.org; Thu, 05 Feb 2004 20:03:23 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AouO2-0007hc-00 for ipv6@ietf.org; Thu, 05 Feb 2004 20:02:27 -0500
Received: from nwkea-mail-2.sun.com ([192.18.42.14]) by ietf-mx with esmtp (Exim 4.12) id 1AouNn-0007f3-00 for ipv6@ietf.org; Thu, 05 Feb 2004 20:02:11 -0500
Received: from bebop.France.Sun.COM ([129.157.174.15]) by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id i1611ddO008705; Thu, 5 Feb 2004 17:01:40 -0800 (PST)
Received: from lillen (punchin-nordmark.SFBay.Sun.COM [192.9.61.11]) by bebop.France.Sun.COM (8.11.7p1+Sun/8.10.2/ENSMAIL,v2.2) with SMTP id i1611bQ26720; Fri, 6 Feb 2004 02:01:37 +0100 (MET)
Date: Thu, 05 Feb 2004 17:00:58 -0800
From: Erik Nordmark <Erik.Nordmark@sun.com>
Reply-To: Erik Nordmark <Erik.Nordmark@sun.com>
Subject: Re: [2462bis] preferred lifetime and the 'two-hour' rule
To: JINMEI Tatuya / 神明達哉 <jinmei@isl.rdc.toshiba.co.jp>
Cc: ipv6@ietf.org
In-Reply-To: "Your message with ID" <y7v65enqopf.wl@ocean.jinmei.org>
Message-ID: <Roam.SIMC.2.0.6.1076029258.554.nordmark@bebop.france>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET="US-ASCII"
Sender: ipv6-admin@ietf.org
Errors-To: ipv6-admin@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Id: IP Version 6 Working Group (ipv6) <ipv6.ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60

> 1) update the preferred lifetime regardless of whether the valid
>    lifetime is accepted or not wrt the "two-hour" rule
> 2) update the preferred lifetime only when the valid lifetime is
>    accepted
> 3) leave this as implementation dependent

> The KAME/BSD implementation behaves as option 1.  However, it seems to
> me that option 2 makes much more sense because a rejected valid
> lifetime indicates a possibility of attack and the other parts of
> the information may then be bogus as well.  And, in fact, item 2 of

I'm trying to understand the utility/danger scale here.

An operational possibility is that somebody accidentally 
configures an incorrect prefix in a router and advertises that with the
default lifetimes (which are greater than 2 hours).
When that is detected a minute later the operator can
 - drop the valid lifetime on the hosts down to 2 hours (by starting to
   advertise the prefix with a 2 hour valid lifetime which decrements over
time)

If we take alt #1 then the preferred lifetime can be immediately dropped
to zero, which will stop the incorrect prefix from being used as a source
address for new communication (which is good).

Does alt #2 mean that the preferred lifetime would be 2 hours?
Or that the preferred lifetime could be announced as zero as long as the
valid lifetime is annouced with an acceptable value?
I think you are suggesting the second one.

And on the danger scale,
with alt. #2 an on-link attacker can cause immediate deprecation by
advertising the prefix with a valid lifetime = 3 hours and a preferred
lifetime = 0, so I don't think it makes a difference whether we choose
#1 or #2. 

I must be missing something.

  Erik


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------