Re: Iotdir telechat review of draft-ietf-6man-rfc4941bis-11
Fernando Gont <fgont@si6networks.com> Tue, 20 October 2020 21:58 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E701B3A140E; Tue, 20 Oct 2020 14:58:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.146
X-Spam-Level:
X-Spam-Status: No, score=-2.146 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.247, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H7yAoqfxltG1; Tue, 20 Oct 2020 14:58:51 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A1FF3A0A88; Tue, 20 Oct 2020 14:58:41 -0700 (PDT)
Received: from [IPv6:2800:810:464:b9c:69b8:4602:916c:a007] (unknown [IPv6:2800:810:464:b9c:69b8:4602:916c:a007]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 0C800284580; Tue, 20 Oct 2020 21:58:36 +0000 (UTC)
Subject: Re: Iotdir telechat review of draft-ietf-6man-rfc4941bis-11
To: Dave Thaler <dthaler@microsoft.com>, iot-directorate@ietf.org
Cc: ipv6@ietf.org, draft-ietf-6man-rfc4941bis.all@ietf.org, last-call@ietf.org
References: <160322759593.31761.4896737564742954595@ietfa.amsl.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <6431e4d6-faf9-2910-69b3-e69f8a6c2a69@si6networks.com>
Date: Tue, 20 Oct 2020 18:44:13 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <160322759593.31761.4896737564742954595@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/G9wsBrOkCSFBKA5jh8m9Owl7qls>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2020 21:58:58 -0000
Hello, Dave,
Thanks a lot for your feedback! In-line...
On 20/10/20 17:59, Dave Thaler via Datatracker wrote:
> Reviewer: Dave Thaler
> Review result: Ready with Issues
>
> I reviewed the diffs between RFC 4941 and draft-ietf-6man-rfc4941bis-11
> and have the following comments.
>
> Section 1.2:
> The change from RFC 4941 to add "on unencrypted packets" in
> the paragraph starting "Note that an attacker, who is on path,
> may be able to perform significant correlation" is incorrect.
> That's because the 2nd bullet (about packet size and timing)
> can still apply to encrypted packets.
Good grief!
How about moving "on unencrypted packets" to the first bullet, as:
o The payload contents of unencrypted packets on the wire
?
(but see below)
> Instead the "unencrypted"
> clause only applies to the first bullet. Either the change should
> be reverted, or else it should be moved into the first bullet.
> Similarly the text added to the end of 1.2 has the same problem.
> Deployment of encryption will not prevent correlation based on
> timing, and it will only prevent correlation based on packet size
> if padding is used to make packets all the same size. Simply
> encrypting does not solve this.
How reverting this text as:
OLD:
---- cut here ----
Note that an attacker, who is on path, may be able to perform
significant correlation on unencrypted packets based on
o The payload contents of the packets on the wire
o The characteristics of the packets such as packet size and timing
Use of temporary addresses will not prevent such payload-based
correlation, which can only be addressed by widespread deployment of
encryption as discussed in [RFC7624]. Nor will it prevent an on-link
observer (e.g. the node's default router) to track all the node's
addresses.
---- cut here ----
NEW:
---- cut here ----
Note that an attacker, who is on path, may be able to perform
significant correlation based on
o The payload contents of the packets on the wire
o The characteristics of the packets such as packet size and timing
Use of temporary addresses will not prevent such payload-based
correlation.
---- cut here ----
(Tweaking our text to elaborate what encryption may or may not mitigate
would seem to introduce complexity for what's a mostly orthogonal topic)
Thoughts?
> Section 2:
> Grammatically, the addition of "and" is unnecessary and arguably
> poor grammar. I would hope the RFC editor would revert it if you
> didn't. Instead, Oxford comma fans will want to insert a comma
> before "and makes comparisons".
This might have been my fault (English as second-language here). This is
how I would have written the text:
This section discusses the problem in more detail, provides context
for evaluating the significance of the concerns in specific
environments, and makes comparisons with existing practices.
(not sure what you meant about the "addition of 'and'", though).
> Section 5:
> The change from "MUST NOT" to "SHOULD NOT" is in point 7 of section
> 3.4 (Generating Temporary Addresses) is, I would argue, a significant
> change that needs to be mentioned in section 5.
Will do.
> Also, significant text from RFC 4941 (sections 2.2 and 2.3) was removed
+-> in the update and replaced with one sentence referencing RFCs 7721,
> 7707, and 7217. That's fine but I wonder why it isn't mentioned
> in section 5 (Significant Changes from RFC 4941).
(me thinking out loud) Probably because it's not a change to the actual
protocol (i.e., those are not necessarily changes "an implementer of RFC
4941 should be aware of"). Please do let us know if you think this
should be added to the bulleted list in Section 5, though.
> Unlike what the
> section title implies, the text of section 5 only contains the
> subset of significant changes "that an implementer should be aware of".
> I'd suggest also mentioning significant changes that other readers
> may want to know, since implementers are not the only audience for
> this doc (deployers, security analysts, application developers,
> and even end users may benefit from reading this document).
Ok.
I guess one might apply this:
OLD:
This section summarizes the changes in this document relative to RFC
4941 that an implementer of RFC 4941 should be aware of.
NEW:
This section summarizes the substantive changes in this document
relative to RFC 4941.
Then, regarding the item you've raised above, one might add a bullet
like this one:
o The discussion about the security and privacy implications of
different address generation mechanisms has been replaced with
references to recent work in this area ([RFC7707], [RFC7721], and
[RFC7217]).
Thoughts?
> Section 4:
> With the change to use a separate IID per prefix, I believe the 2nd
> paragraph should be augmented to point out that simply upgrading
> an RFC 4941-compliant node to an implementation of this draft can
> exacerbate the problem mentioned in this paragraph.
For all practical scenarios, this will actually be the other way around:
Since this document reduces the Valid Lifetime, then, for the case where
the local network employs say, one GUA prefix and one ULA prefix, nodes
would end up using 4 concurrent temporary addresses, as opposed to the
14 temporary addresses they might end up employing with RFC4941.
> Also, "neighbour" should be "neighbor" twice in that paragraph,
> for consistency with the other IPv6 RFCs.
Will fix this (thanks!).
> Section 9:
> RFC 4941 reused the same IID for multiple prefixes, with the rationale
> explained in point 4 of section 3 of the RFCs. With the change to use
> a separate IID per prefix, additional security considerations are needed
> since there is now a way to conduct new attacks that were not
> present before. Namely, by sending a large enough number of prefixes
> one can force the host into multicast promiscuous mode and thereby
> consume more host resources (e.g., drain battery). > For regular hosts
> "large enough" might mean enough to generate 8 or 16 IIDs total
> (link-local + stable + temporary total), but for some smaller devices
> such as IoT devices, a much smaller number of prefixes (potentially
> just one more) might be needed to result in such an effect.
Is this any different from RFC4941 or even with SLAAC itself?
Namely:
* As noted above, for all typical cases nodes will end up employing
fewer temporary addresses than with RFC4941.
* An attacker can always advertise multiple PIOs, or both SLAAC PIOs
plus RAs with M set (such that nodes configure addresses with both SLAAC
and DHCPv6). Ultimately, it's up to the node to enforce a limit on the
maximum number of configured addresses.
Thoughts?
Thanks!
Cheers,
--
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Iotdir telechat review of draft-ietf-6man-rfc4941… Dave Thaler via Datatracker
- Re: Iotdir telechat review of draft-ietf-6man-rfc… Fernando Gont
- RE: Iotdir telechat review of draft-ietf-6man-rfc… Dave Thaler
- Re: Iotdir telechat review of draft-ietf-6man-rfc… Fernando Gont
- RE: Iotdir telechat review of draft-ietf-6man-rfc… Dave Thaler
- Re: Iotdir telechat review of draft-ietf-6man-rfc… Fernando Gont
- Re: Iotdir telechat review of draft-ietf-6man-rfc… Fernando Gont