Re: comments on draft-gont-6man-lla-opt-validation-00
神明達哉 <jinmei@wide.ad.jp> Mon, 17 March 2014 16:43 UTC
Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15D191A0401 for <ipv6@ietfa.amsl.com>; Mon, 17 Mar 2014 09:43:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.922
X-Spam-Level: *
X-Spam-Status: No, score=1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CHARSET_FARAWAY_HEADER=3.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g6SaR_itmvhp for <ipv6@ietfa.amsl.com>; Mon, 17 Mar 2014 09:43:53 -0700 (PDT)
Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com [IPv6:2a00:1450:400c:c00::233]) by ietfa.amsl.com (Postfix) with ESMTP id 3ACC61A006F for <6man@ietf.org>; Mon, 17 Mar 2014 09:43:53 -0700 (PDT)
Received: by mail-wg0-f51.google.com with SMTP id k14so4899524wgh.10 for <6man@ietf.org>; Mon, 17 Mar 2014 09:43:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=ZZLnL9bxMgdaWNiFusEyNDBgmjI/47ygv5KtQmkBvW8=; b=WyE6CT7scz62yBKL/EAnL3ZUTOpDjxY3zRNWf8kzVODGW0TVohI4CD0+msdvJ2iLSJ uNV9BrCuO+j2CBsesnLRTMFiHABzs62iuZ6xpT9osIMQhFBvo7o9pXRgssK5GzxpWvSn JDiSWSC0ILGHoj0J5OF9ns6JNS2E+Y4++2YqWaVamPnYUQcjVgD3ql190xjpc1B6P7xb PiMWx793KVYtMEER7RiTJwsqPk4LkoRLg8ZiwfsUxU2/vUyOHAJ6DOGavQpUUQ036FGQ ynDiVM/PW6qH+RSDV9Kq38Vijy7q4JXSu+/augHSgAUFwtExnFlT3nvqzFXmBeXy0JeH Gdaw==
MIME-Version: 1.0
X-Received: by 10.194.186.170 with SMTP id fl10mr2504086wjc.67.1395074624785; Mon, 17 Mar 2014 09:43:44 -0700 (PDT)
Sender: jinmei.tatuya@gmail.com
Received: by 10.194.120.167 with HTTP; Mon, 17 Mar 2014 09:43:44 -0700 (PDT)
In-Reply-To: <5c0352179723449a8b9a2ec00813f549@CO1PR05MB442.namprd05.prod.outlook.com>
References: <CAJE_bqehAuPoNx8aOaFAyZ66JbCivEjQDAne3M3P4R2OL1cP7w@mail.gmail.com> <5c0352179723449a8b9a2ec00813f549@CO1PR05MB442.namprd05.prod.outlook.com>
Date: Mon, 17 Mar 2014 09:43:44 -0700
X-Google-Sender-Auth: 0SR21j-suMkBJuC5_1qwQ96U2ko
Message-ID: <CAJE_bqepvOisWCc1RHNdq1QmuhXonpWXeKoG0bD3tp7DNp3yqA@mail.gmail.com>
Subject: Re: comments on draft-gont-6man-lla-opt-validation-00
From: 神明達哉 <jinmei@wide.ad.jp>
To: Ronald Bonica <rbonica@juniper.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/Ge44aR3JS0JxkND7yeVXrK-6n3E
Cc: "6man@ietf.org" <6man@ietf.org>, "draft-gont-6man-lla-opt-validation@tools.ietf.org" <draft-gont-6man-lla-opt-validation@tools.ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 16:43:55 -0000
At Thu, 13 Mar 2014 20:36:30 +0000, Ronald Bonica <rbonica@juniper.net> wrote: > Point 2: You are absolutely correct. The validation rules for TLLA should be restated as follows: > > OLD> > The TLLA option MUST NOT not contain a broadcast or multicast > address. If the option does not pass this check, the Neighbor > Discovery message carrying the option MUST be discarded. Finally, > nodes MUST NOT allow the source link-layer address to contain one of > the receiving node's link-layer addresses. If the option does not > pass this check, the Neighbor Discovery message carrying the option > MUST discarded. > <OLD > > NEW> > The TLLA option MUST NOT contain a broadcast or multicast > address. If the option does not pass this check, the Neighbor > Discovery message carrying the option MUST be discarded. > > Finally, the ICMPv6 message that contains the TLLA option also contains a Target Address. If that Target Address is not associated with any interface on the receiving node, the link layer address contained by the TLLA option MUST NOT be associated with any interface on the receiving node. If the option does not pass this check, the Neighbor Discovery message carrying the option MUST be discarded. > <NEW I'm not sure how I should interpret the first sentence...is that really what you intended? But anyway, I see the rest of the "finally" paragraph tries to address the point. I'd note, however, the check for the target address would only have to be performed on the receiving interface (or to be super accurate, interfaces that attache to the receiving link). And, my higher level point still stands: I'd first rather like to know the severity of this "attack" and discuss whether it's worth trying to avoid with updating the specification at the risk of introducing such a regression. > Point 4: Again, you are correct. The validation rules for SLLA should be restated as follows: > > OLD> > Additionally, the SLLA option MUST NOT not contain a broadcast or > multicast address. If the option does not pass this check, the > Neighbor Discovery message carrying the option MUST be discarded. > Finally, nodes MUST NOT allow the SLLA option to contain one of the > receiving node's link-layer addresses. If the option does not pass > this check, the Neighbor Discovery message carrying the option MUST > discarded. > <OLD > > NEW> > Additionally, the SLLA option MUST NOT contain a broadcast or multicast address. If the option does not pass this check, the Neighbor Discovery message carrying the option MUST be discarded. > > Finally, the SLLA option MUST NOT contain a link layer address that is associated with any interface on the receiving node. If the option does not pass this check, the Neighbor Discovery message carrying the option MUST discarded. > <NEW So the intent was to check all interfaces. I'm not necessarily opposed to it, but as I said in my original comment, it should be sufficient if we perform the check for the receiving interface (like above, to be more accurate for the interfaces that attache to the receiving link). Doing it for all interfaces might be unnecessarily expensive if the node has many, many interfaces. Also, what if it happens as follows? - A router has two interfaces I1 and I2, whose link-layer addresses are LLA1 and LLA2, attaching to different links, L1 and L2 respectively. - A host is also attached to link L1 on an interface whose link-layer address is LLA2. This is quite pathological (at least in a world where link-layer addresses are supposed to be unique), but before the proposed change they should be able to communicate without any problem. The introduction of the proposed check on all interfaces would break this environment. -- JINMEI, Tatuya
- comments on draft-gont-6man-lla-opt-validation-00 神明達哉
- RE: comments on draft-gont-6man-lla-opt-validatio… Ronald Bonica
- Re: comments on draft-gont-6man-lla-opt-validatio… 神明達哉
- RE: comments on draft-gont-6man-lla-opt-validatio… Ronald Bonica
- Re: comments on draft-gont-6man-lla-opt-validatio… 神明達哉
- RE: comments on draft-gont-6man-lla-opt-validatio… Ronald Bonica
- Re: comments on draft-gont-6man-lla-opt-validatio… Mark ZZZ Smith
- RE: comments on draft-gont-6man-lla-opt-validatio… Ronald Bonica
- Re: comments on draft-gont-6man-lla-opt-validatio… 神明達哉