Re: Chairs Review on <draft-ietf-6man-predictable-fragment-id-02>
Bob Hinden <bob.hinden@gmail.com> Fri, 29 May 2015 15:21 UTC
Return-Path: <bob.hinden@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D9A01AC44B for <ipv6@ietfa.amsl.com>; Fri, 29 May 2015 08:21:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3viTY67gFYjk for <ipv6@ietfa.amsl.com>; Fri, 29 May 2015 08:21:37 -0700 (PDT)
Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com [IPv6:2a00:1450:400c:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 513101A90C8 for <ipv6@ietf.org>; Fri, 29 May 2015 08:21:37 -0700 (PDT)
Received: by wgme6 with SMTP id e6so65579826wgm.2 for <ipv6@ietf.org>; Fri, 29 May 2015 08:21:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to; bh=KEE5eiZDaM0bvD13+0Cohijd4TCCT6psT1ZLllVk5Lc=; b=qxNkI0UmXoM7BcU8s95Afh4XUnI5OQe774xtktxuKYg02cKxxm17yjou5CYpi9QQva GMbAq/3whJA+2KA87wjR2rxw0jdHWzdIjrgE0uv2BoUV6h+A9kc5NsW4DTdcn9Po7mH3 qX1PLg6MfTNjyXgcGWPLdw58xGudpI+Ojayxh7UXLmEW/NyL6FzzDKRXTdjTEuWUweYZ E/F+XM1eaua0F3Aq6W/PTfC1VutHYDybMLV8aEq66n4eE8RhngKa9/Py+7SXVc+504eH loyVHznksGlilmgHYtofcQtuKXYEjyLXANnFPxu2kgitRPigxHtHNTf+sHf6MSUXCl7A vgXA==
X-Received: by 10.180.90.209 with SMTP id by17mr7486673wib.2.1432912895996; Fri, 29 May 2015 08:21:35 -0700 (PDT)
Received: from ?IPv6:2601:9:400:ac2:45a6:1e7a:b2f0:f3d5? ([2601:9:400:ac2:45a6:1e7a:b2f0:f3d5]) by mx.google.com with ESMTPSA id bh7sm8811572wjb.8.2015.05.29.08.21.33 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 29 May 2015 08:21:35 -0700 (PDT)
Subject: Re: Chairs Review on <draft-ietf-6man-predictable-fragment-id-02>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
Content-Type: multipart/signed; boundary="Apple-Mail=_5F5DC48E-A41A-4875-8D10-F70A19A92075"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5b6
From: Bob Hinden <bob.hinden@gmail.com>
In-Reply-To: <55682029.2040609@si6networks.com>
Date: Fri, 29 May 2015 08:21:30 -0700
Message-Id: <0427FFC3-B085-44B2-BD4E-15991CE6E18C@gmail.com>
References: <6277AC1A-F1ED-4BE9-984E-C424BC9A5136@gmail.com> <54FCDECD.2040609@si6networks.com> <75C9B430-7D39-4466-AB17-0F3553EC6EB4@gmail.com> <555AE0AF.5050601@si6networks.com> <F1464F80-172F-4F83-B10B-F9738B2B1AB3@gmail.com> <55682029.2040609@si6networks.com>
To: Fernando Gont <fgont@si6networks.com>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/IlyUbSo2ev54FFSmPJTu6VTg_dA>
Cc: IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 May 2015 15:21:39 -0000
Fernando, > On May 29, 2015, at 1:15 AM, Fernando Gont <fgont@si6networks.com> wrote: > > Hi, Bob, > > On 05/19/2015 05:40 AM, Bob Hinden wrote: >>>>>> In Section 2 "Security Implications of Predictable Fragment >>>>>> Identification valuesâ. The problems listed seem to us to >>>>>> be overstated. As the draft notes later, the issue with >>>>>> predictable fragment IDs in IPv6 is only an issue for IPv6 >>>>>> packets with the fragment header. >>>>> >>>>> Yes, but you can trigger fragmentation for any traffic flow >>>>> (see draft-ietf-6man-deprecate-atomfrag-generation). >>>> >>>> >>>> Yes, if it knows the address of the other side of the >>>> connection. The attacker would have to be on link, or monitoring >>>> the traffic between the two hosts. This make this attack much >>>> harder in practice for an off link attacker. If on link, then >>>> there are so many better attacks. Hence my comment of the >>>> problem being overstated. >>> >>> It is trivial to know the IPv6 addresses involved for many >>> scenarios. e.g. BGP peer to BGP peer, secondary DNS to primary DNS, >>> SMTP server to SMTP server, etc. >> >> That’s my point. It’s trivial only if you know the addresses of both >> side of the connection. It effects well known nodes. It does not >> affect the vast majority of hosts on the Internet. Hence, I think >> the text should accurately describe the risk. I think the current >> text overstates the problem. You could say something like you did >> above. > > I've added text along these lines and rev'ed the I-D. > > P.S.: Ready to ship now? I will take a look. This was the last issue I had. Thanks, Bob
- Chairs Review on <draft-ietf-6man-predictable-fra… Bob Hinden
- Re: Chairs Review on <draft-ietf-6man-predictable… Fernando Gont
- Re: Chairs Review on <draft-ietf-6man-predictable… Bob Hinden
- Re: Chairs Review on <draft-ietf-6man-predictable… Fernando Gont
- Re: Chairs Review on <draft-ietf-6man-predictable… Bob Hinden
- Re: Chairs Review on <draft-ietf-6man-predictable… Fernando Gont
- Re: Chairs Review on <draft-ietf-6man-predictable… Bob Hinden
- Re: Chairs Review on <draft-ietf-6man-predictable… Fernando Gont