IETF Logo Mail Archive

Re: Link-local IPv6 addresses in URIs

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 14 November 2011 09:41 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EEB721F8DC8 for <ipv6@ietfa.amsl.com>; Mon, 14 Nov 2011 01:41:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.268
X-Spam-Level:
X-Spam-Status: No, score=-103.268 tagged_above=-999 required=5 tests=[AWL=-0.268, BAYES_00=-2.599, J_CHICKENPOX_37=0.6, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v5mcp+vCggST for <ipv6@ietfa.amsl.com>; Mon, 14 Nov 2011 01:40:57 -0800 (PST)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 56EB021F8F3F for <ipv6@ietf.org>; Mon, 14 Nov 2011 01:40:27 -0800 (PST)
Received: by ywt34 with SMTP id 34so4510062ywt.31 for <ipv6@ietf.org>; Mon, 14 Nov 2011 01:40:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=gzLLpqvEVKha5yc4I8hBCYE0Mus6HYCbRUVJ9Jjc9VI=; b=qVzElKAWa7+fIVXiH/2oyUIHXrP2dfzCaKBnKw0Gc7uJxMFLYLpnFCMKa6KwR4qaA9 v2+u/ESXk3lsdf3tyCbWK5ZDqwDLjKDNZGA9PtgVbuFCfWuecuHP5nWnykel9gHhfr+T Ly/YjanjO7++MoX9rvYKoKmLqgHd7fUns40eg=
Received: by 10.236.175.72 with SMTP id y48mr13287270yhl.17.1321263626388; Mon, 14 Nov 2011 01:40:26 -0800 (PST)
Received: from [130.129.19.92] (dhcp-135c.meeting.ietf.org. [130.129.19.92]) by mx.google.com with ESMTPS id l19sm59708466anc.14.2011.11.14.01.40.23 (version=SSLv3 cipher=OTHER); Mon, 14 Nov 2011 01:40:25 -0800 (PST)
Message-ID: <4EC0E1FD.6050107@gmail.com>
Date: Mon, 14 Nov 2011 22:40:13 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Kerry Lynn <kerlyn2001@gmail.com>
Subject: Re: Link-local IPv6 addresses in URIs
References: <CABOxzu0np9tCJgurrL6zCc1CpHd6KbrUdwnL5UocE6TM8a_G2w@mail.gmail.com>
In-Reply-To: <CABOxzu0np9tCJgurrL6zCc1CpHd6KbrUdwnL5UocE6TM8a_G2w@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: 6man <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2011 09:41:24 -0000

Kerry,

On 2011-11-14 18:41, Kerry Lynn wrote:
> Greetings,
> 
> I've noticed that a "bug" has re-appeared in Firefox:
> https://bugzilla.mozilla.org/show_bug.cgi?id=700999
> 
> In older versions of Firefox (e.g. 3.6.23) it is possible to enter URIs of
> the form http://[fe80::206:98ff:fe00:232%tap0] in the
> location bar and get a positive result.  This capability is quite handy in
> simple testing scenarios and obviously requires the client and server
> to be on a common link (so I don't necessarily see how it creates a
> security risk.)
> 
> According to a note attached to the bug, the regression occurred as a
> result of fixing a security bug:
> https://bugzilla.mozilla.org/show_bug.cgi?id=<https://bugzilla.mozilla.org/show_bug.cgi?id=700999>
> 504014 <https://bugzilla.mozilla.org/show_bug.cgi?id=504014>
> I don't seem to have access to that bug, so I don't know the complete
> rationale.  However, the note on 700999 says the title is "Enforce RFC
> 3986 syntax for IPv6 literals".  It goes on to say that RFC 3986
> "disallows" interface specifiers (a.k.a. zone indices:
> http://en.wikipedia.org/wiki/IPv6_address#Link-local_addresses_and_zone_indices
> ).
> 
> I don't see how a link-local address can be used in this context w/o
> using a zone index.  

As soon as there's more than one interface, there is an issue.

> Granted, RFC 3986 doesn't cover this case but
> it also doesn't prohibit it.  

Yes it does, because the ABNF for IPv6address is for an address, not
a scoped address. A scoped address would not conform to the ABNF, so
that amounts to a prohibition.

> This leads me to suspect it was an oversight,

This part of RFC 3986 derives from RFC 2732 (which had broken ABNF,
and didn't allow for a scoped address, because they didn't exist then).

> so I'm wondering if RFC 3986 needs to be updated to cover it link-
> local IPv6 literals?  If so, is there a reference that could be used to
> derive the necessary ABNF?

I don't believe so. The ABNF has never been extended to cover RFC 4007
as far as I know.

Getting RFC 3986 updated would be reasonably complicated I suspect.
It involves a chat with the W3C people for a start.

   Brian

v2.23.0 | Report a Bug | By Email