Chairs Review on <draft-ietf-6man-predictable-fragment-id-02>
Bob Hinden <bob.hinden@gmail.com> Tue, 03 March 2015 20:50 UTC
Return-Path: <bob.hinden@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C79E11A894F for <ipv6@ietfa.amsl.com>; Tue, 3 Mar 2015 12:50:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hsui1Z0hrHTW for <ipv6@ietfa.amsl.com>; Tue, 3 Mar 2015 12:50:00 -0800 (PST)
Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com [IPv6:2607:f8b0:4001:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2C0F1A893F for <ipv6@ietf.org>; Tue, 3 Mar 2015 12:49:59 -0800 (PST)
Received: by igdh15 with SMTP id h15so31415571igd.4 for <ipv6@ietf.org>; Tue, 03 Mar 2015 12:49:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :cc:to:mime-version; bh=l26G32T91OFLueTzZAON5jwqo5djFmGhlm03UbqhhNE=; b=ZCHCddF/udtiPEeO3Ao6V71QHwAZ7sSMcR8Ke1eYruxq9fKAB60rfULn7hanwkqnFP uhDgsaiyajg7IPyVXL+tKG8FBoO3/caOtPntGXzJlLA0p5OjrvS/nOn713ihz3o3UO3v UPBscSoGLOAQmrwFQBASBJ9bWE4QQlCVjPmomtIxAEEps7T7symetXYR2vIPXoToSDEA pquWc6NGLMK+7mM7/Anyg1muHC6w8BcQU6WDjkzdTcltJyH7KtyNbdZ61yUmIxUdyyOb bC3u6CNzC1gJN/3nf6vtXEgiFN6xrihFo7zAh9zu+0b/OchHff/tyRy3tQOAgycCWrF0 z4cQ==
X-Received: by 10.107.38.13 with SMTP id m13mr4751499iom.77.1425415799000; Tue, 03 Mar 2015 12:49:59 -0800 (PST)
Received: from [172.16.224.219] ([209.97.127.34]) by mx.google.com with ESMTPSA id ig15sm1612680igb.10.2015.03.03.12.49.57 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 03 Mar 2015 12:49:58 -0800 (PST)
From: Bob Hinden <bob.hinden@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Subject: Chairs Review on <draft-ietf-6man-predictable-fragment-id-02>
Date: Tue, 03 Mar 2015 12:49:48 -0800
Message-Id: <6277AC1A-F1ED-4BE9-984E-C424BC9A5136@gmail.com>
To: IPv6 List <ipv6@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/DRLv0v3644WX_S4_ZCvYHYw_e2o>
Cc: Bob Hinden <bob.hinden@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2015 20:50:01 -0000
The chairs have completed our review of this draft and have issues we would like to raise. Some are for the author, and some are for for the working group. Our comments range from serious to editorial.
Please review and send us your comments.
Thanks,
Bob & Ole
-------
Serious
The biggest issue is if advancing and publishing this draft is worthwhile. We note that in Appendix B "Survey of Fragment Identification selection algorithms employed by popular IPv6 implementations”, of the implementation listed, all of the current ones (FreeBSD 9, Linux-current, OpenBSD-current) show unpredictable or random. While there are many older obsolete operating systems that have issues, we aren’t going to fix these by publishing this draft. The report does not list current versions of Windows (9 or 10), nor any mobile OS’s (though, IOS and Android are based on BSD and Linux respectively). We wonder what will achieved by publishing this RFC since it appears that current shipping operating systems don’t have the issue. This is a question for the working group.
Moderate
In Section 2 "Security Implications of Predictable Fragment Identification values”. The problems listed seem to us to be overstated. As the draft notes later, the issue with predictable fragment IDs in IPv6 is only an issue for IPv6 packets with the fragment header. Traffic that doesn’t include a fragment header is, of course, immune. This alone reduces the severity of the problems listed. We don’t think the draft makes this clear. We agree it is possible for an attacker to cause a host to respond with a fragmented packet making the Fragment ID visible to this won’t give the attacker any visibility into the non-fragmented traffic the host is sending. The significantly reduces the severity of the items listed.
On Page 5 of Section 2, the draft cites problems with Linux 2.6.38-8. This is an old version of the Linux kernel and we don’t think it justifies the problem, especially since according to the appendix it is fixed in later version of the Linux kernel.
In the second paragraph of Section 2., it says
[CPNI-IPv6] contains a detailed analysis of possible vulnerabilities
introduced by predictable Fragment Identification values.
This appears to be a significant part of the justification. However, when looking at the reference it says:
[CPNI-IPv6] Gont, F., "Security Assessment of the Internet Protocol
version 6 (IPv6)", UK Centre for the Protection of
National Infrastructure, (available on request).
Including a reference that isn’t generally available, appears to be an issue to us if this is part of the justification for this work. Has anyone in the working group reviewed it? We suggest it be removed or the document referenced be made available on a stable web site.
Editorial
Abstract.
OLD:
Some implementations use simple a global counter for
setting the Identification field, thus leading to predictable values.
NEW:
Some implementations use a simple global counter for
setting the Identification field, thus leading to predictable values.
Issue #2:
Remove: [I-D.ietf-6man-deprecate-atomfrag-generation] aims at deprecating the
generation of IPv6 atomic fragments.
Issue #3:
s/DoS/DoS attack/
"DoS" isn't a verb.
Issue #4:
OLD:
From a security standpoint, unpredictable Identification values are
desirable. However, this is somewhat at odds with the "re-use"
requirements specified in [RFC2460].
NEW:
From a security standpoint, unpredictable Identification values are
desirable. However, this is somewhat at odds with the "re-use"
requirements specified in [RFC2460], that specifies that an Identification
value must be different than that of any other fragment sent recently.
Issue #5:
Section 4.1 Add reference RFC4861 for "Destination cache"
Issue #6:
References: Remove [I-D.ietf-6man-deprecate-atomfrag-generation]
- Chairs Review on <draft-ietf-6man-predictable-fra… Bob Hinden
- Re: Chairs Review on <draft-ietf-6man-predictable… Fernando Gont
- Re: Chairs Review on <draft-ietf-6man-predictable… Bob Hinden
- Re: Chairs Review on <draft-ietf-6man-predictable… Fernando Gont
- Re: Chairs Review on <draft-ietf-6man-predictable… Bob Hinden
- Re: Chairs Review on <draft-ietf-6man-predictable… Fernando Gont
- Re: Chairs Review on <draft-ietf-6man-predictable… Bob Hinden
- Re: Chairs Review on <draft-ietf-6man-predictable… Fernando Gont