IETF Logo Mail Archive

Re: Scripting attacks [was Next step for draft-ietf-6man-rfc6874bis]

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 30 June 2022 22:12 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D83CCC157B58 for <ipv6@ietfa.amsl.com>; Thu, 30 Jun 2022 15:12:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.984
X-Spam-Level:
X-Spam-Status: No, score=-3.984 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-1.876, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F3hvS_b1D3f7 for <ipv6@ietfa.amsl.com>; Thu, 30 Jun 2022 15:12:33 -0700 (PDT)
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59FC9C157B40 for <ipv6@ietf.org>; Thu, 30 Jun 2022 15:12:33 -0700 (PDT)
Received: by mail-pj1-x1030.google.com with SMTP id x1-20020a17090abc8100b001ec7f8a51f5so4573095pjr.0 for <ipv6@ietf.org>; Thu, 30 Jun 2022 15:12:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=JemGgL/NLdCDxp72xdSF4xM6jeU+7+kdlJThi17m1t8=; b=LQnjRdqy2jMQHTsudejzNG3wkELguprfUIqbwz2UitBxaMKd8SGxGlMIdmtniYXqbj GmiIpYLykRBdAqqslfwCfMFVrpv4SJ9f3TRTbNqvHyPEhluwzuFz5VSMIBnU9bQVVqro 6DBmg7xoxn/5X40UUeV9I14fWW82YiJh1B5Dptxq4dNHx3rfh01r/k9Txtm/VSUzcctm /2Q+rryfZSDtE5AW72ojtumqpcT6Xof1033lUie0V5PgHoGPoXjo3fMOZEhevLhiLtv1 MS2EgGcCnzhV8nngf+ITeus0PnJ0i6sE10lXczvVbTWLeEGeBDuL1fGxsvFa/S5EhUqz YDjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=JemGgL/NLdCDxp72xdSF4xM6jeU+7+kdlJThi17m1t8=; b=jagqPqcuXUA00k55zP5nLp7WMzy/YWjuF9JkCvopYpm00TPXPOk8eoTSX5ZIz/z41X s1OAiQItCDepRG53SeRi4sg+lXn+bLJXe97SuHZ1jQ2vkoguMBMchqTNdT9kThv8B6Fi /sWpFsXfq+D61V1pkX8m/QMXe1D33is68HRiGFmyhipe/pY9gufford8cKuaEX/z/6Az asHeWLi7hphfM1VMFSCdCtZe/AKVBbnmWaSOa5wt+eyg/XofIDod8Ydt0rKW/lpwDXUx 8/vsuvliitLuUlJyKHcAWrmIAzu322ghVHYpsy0ut5oZFg6IcZAxZx0dk1920pFmULaP ZCQQ==
X-Gm-Message-State: AJIora+PuJVUEjcJrnxUjm4rA1B5GYKYeUd+mTOhIBG9tvqOugJkgQWQ ET5/9+B4bjyv2aglvDDRp83h1xFDI2IozaV/
X-Google-Smtp-Source: AGRyM1vGTW4Fntp0jaO+rc1MktuXBCz1yfEGyDOn9h3eyLufhlqxMZpSaYHum5ThR1OranklencNaw==
X-Received: by 2002:a17:902:ce90:b0:16b:8fe5:6c0b with SMTP id f16-20020a170902ce9000b0016b8fe56c0bmr15911055plg.110.1656627152487; Thu, 30 Jun 2022 15:12:32 -0700 (PDT)
Received: from ?IPV6:2406:e003:1124:9301:80b2:5c79:2266:e431? ([2406:e003:1124:9301:80b2:5c79:2266:e431]) by smtp.gmail.com with ESMTPSA id x13-20020a17090a2b0d00b001eab0a27d92sm2445181pjc.51.2022.06.30.15.12.29 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 30 Jun 2022 15:12:31 -0700 (PDT)
Message-ID: <fac9959a-5675-fb7f-7f00-3542e260d6a9@gmail.com>
Date: Fri, 01 Jul 2022 10:12:26 +1200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Subject: Re: Scripting attacks [was Next step for draft-ietf-6man-rfc6874bis]
Content-Language: en-US
To: Carsten Bormann <cabo@tzi.org>
Cc: Ted Lemon <mellon@fugue.com>, Stuart Cheshire <cheshire@apple.com>, Bob Hinden <bob.hinden@gmail.com>, 6man <ipv6@ietf.org>
References: <164938402532.17740.11717866110301931501@ietfa.amsl.com> <b1780128-2069-b32e-7ca5-86977c119f0c@gmail.com> <11d4e419-11a9-8768-abf2-1335e5f1c3d8@gmail.com> <149924f9-da30-fa79-0509-c01c439d1796@gmail.com> <5BEFA97B-CF09-44D7-8C10-017FEAE4C3A8@tiesel.net> <e6ff75e7-b6c6-ea03-2e10-b1ad95d650f0@gmail.com> <98D15BD9-A631-4D09-AE9E-9D4C750714C9@tiesel.net> <95c82ad3-2138-ab2a-7ba5-57ad80472964@gmail.com> <E5C368C5-9DAE-4C61-ADDE-B881EA11EDA0@tiesel.net> <6968ca7b-dac3-b192-41ed-a193adab7eb4@gmail.com> <529B863C-BCC9-40C1-A5B8-B0598E7DF17C@tzi.org> <bf8c5c54-d548-a40a-0381-0583ef946f26@gmail.com> <CAPt1N1=4wbqrrzvwdr4FD7awa6pkyffhwRZC3zAWLs7uzY3BJQ@mail.gmail.com> <86509E47-77CE-4210-A1B7-C1E9955D9672@tzi.org> <CAPt1N1kYBMSA5Y7BZLMd9o96tBxFY7SrRUxb9jxfBNvBiA_OJQ@mail.gmail.com> <d3d9d68a-adff-b29b-4d1b-78f82e6bf282@gmail.com> <A2DD6902-EF02-4EA4-80D3-18820B912DF1@tzi.org>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <A2DD6902-EF02-4EA4-80D3-18820B912DF1@tzi.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/G0ZK4sqkpWPynsJNMICPcluSpM4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2022 22:12:33 -0000

On 30-Jun-22 16:45, Carsten Bormann wrote:
> On 30. Jun 2022, at 06:40, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>
>> For the present draft, one thing my small experiment shows is that we won't make things worse by adding zone identifiers to URLs. They too have to be guessed by the attacker, and in modern Linux they are things like "enxb813ebc170a4" out of the box. That makes the attacker's job significantly harder.
> 
> Do you know how enxb813ebc170a4 is generated?  (I.e., is the 48-bit thing in there guessable?)

No, I don't and it seems to be a complicated issue and very dependent on the exact Linux version:
https://wiki.debian.org/NetworkInterfaceNames

It doesn't seem to be a function of the relevant MAC address. Maybe someone with Linux kernel expertise can answer.

    Brian


> 
> I think I agree with the conclusion (at least, that it is quite hard/costly/lengthy to mount an attack based on this), but I think that it would be good to get a clean argument for that in the security considerations.
> 
> Grüße, Carsten
> 
> .

v2.23.0 | Report a Bug | By Email