RE: [Int-area] Route Information Options in Redirect Messages
"Templin, Fred L" <Fred.L.Templin@boeing.com> Wed, 11 January 2017 22:22 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E16EB1295A5; Wed, 11 Jan 2017 14:22:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bfRw4ybD3ZRn; Wed, 11 Jan 2017 14:22:36 -0800 (PST)
Received: from phx-mbsout-02.mbs.boeing.net (phx-mbsout-02.mbs.boeing.net [130.76.184.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ACE0129439; Wed, 11 Jan 2017 14:22:35 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id v0BMMZDC062637; Wed, 11 Jan 2017 15:22:35 -0700
Received: from XCH15-06-07.nw.nos.boeing.com (xch15-06-07.nw.nos.boeing.com [137.136.238.213]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id v0BMMOQM062026 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Wed, 11 Jan 2017 15:22:24 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) by XCH15-06-07.nw.nos.boeing.com (2002:8988:eed5::8988:eed5) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 11 Jan 2017 14:22:23 -0800
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1178.000; Wed, 11 Jan 2017 14:22:23 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Zied Bouziri <zied.bouziri@gmail.com>
Subject: RE: [Int-area] Route Information Options in Redirect Messages
Thread-Topic: [Int-area] Route Information Options in Redirect Messages
Thread-Index: AdJqj8MpX1D7bRpERNaWpSFDneETogAeC3cAABhBxNAAFKbugAAMs3RQACpBLgAAD+D48A==
Date: Wed, 11 Jan 2017 22:22:23 +0000
Message-ID: <c8baed16b3dc46d2a667614310f0334d@XCH15-06-08.nw.nos.boeing.com>
References: <b0d15d2e8b3e414abf4e87c60d39e252@XCH15-06-08.nw.nos.boeing.com> <32fbea25-01c9-aa32-e70f-3e1282f56294@gmail.com> <5cd024891c204a9bb37dcc23796c36c6@XCH15-06-08.nw.nos.boeing.com> <016f01d26b78$870895a0$9519c0e0$@huitema.net> <6d21dd17f0b94a39a71600944878ec39@XCH15-06-08.nw.nos.boeing.com> <BFB9A939-2CA7-4E00-8B93-5548CDA244E3@gmail.com>
In-Reply-To: <BFB9A939-2CA7-4E00-8B93-5548CDA244E3@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: multipart/alternative; boundary="_000_c8baed16b3dc46d2a667614310f0334dXCH150608nwnosboeingcom_"
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/JMA_wsf3ppQrvNKKa50RnSke4yU>
Cc: 6man WG <ipv6@ietf.org>, INT Area <int-area@ietf.org>, Christian Huitema <huitema@huitema.net>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2017 22:22:38 -0000
Hi Zied, This is discussed in “IPv6 ND Trust Models and Threats [RFC3756]”. Under Section 4.2.4 it says: “This attack is not a concern if access to the link is restricted to trusted nodes”. SEND [RFC3971] provides one possible mitigation in other cases. Thanks - Fred From: Zied Bouziri [mailto:zied.bouziri@gmail.com] Sent: Wednesday, January 11, 2017 1:48 PM To: Templin, Fred L <Fred.L.Templin@boeing.com> Cc: Christian Huitema <huitema@huitema.net>; Brian E Carpenter <brian.e.carpenter@gmail.com>; 6man WG <ipv6@ietf.org>; INT Area <int-area@ietf.org> Subject: Re: [Int-area] Route Information Options in Redirect Messages Hi Fred In section 6 : "Namely, the protocol must take measures to secure IPv6 ND messages on links where spoofing attacks are possible » By reading this passage, I have the impression that there are links where attack spoofing is possible and others not ! How can we know if this attack is possible or not in a specified link ? Thank you Zied Le 10 janv. 2017 à 22:52, Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> a écrit : Hi Christian, -----Original Message----- From: Christian Huitema [mailto:huitema@huitema.net] Sent: Tuesday, January 10, 2017 11:34 AM To: Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>>; 'Brian E Carpenter' <brian.e.carpenter@gmail.com<mailto:brian.e.carpenter@gmail.com>>; '6man WG' <ipv6@ietf.org<mailto:ipv6@ietf.org>>; 'INT Area' <int-area@ietf.org<mailto:int-area@ietf.org>> Subject: RE: [Int-area] Route Information Options in Redirect Messages On Tuesday, January 10, 2017 9:55 AM, Fred Templin wrote: ... What is being proposed in the document I submitted is the inclusion of RIOs in Redirect messages for a *prefix* that is not on-link, as opposed to a singleton destination. So, the same SHOULD in the paragraph above would seem to apply also to prefix redirection the same as for ordinary destination redirection. Fred, I am reading the security section of your draft. I think it needs a bit more work. Currently, the RIO are only expected in router advertisements. RA are somewhat special, and there is often specific code in switches to check RA and prevent RA spoofing -- e.g., RA-Guard. Allowing the option in Redirect messages could very well bypass the RA specific checks. Doesn't that open the path for new attacks? Should you not say something about that in the security section? How about specific mitigations, such as sanity checks when processing redirect messages? Since IP will still operate correctly if transmission of Redirect messages is somehow suppressed (i.e., denial of Redirect service), the more serious threat to be considered is spoofing. Here is what currently appears under Security Considerations: "Security considerations for Redirect messages that include RIOs are the same as for any IPv6 ND messages as specified in Section 11 of [RFC4861]. Namely, the protocol must take measures to secure IPv6 ND messages on links where spoofing attacks are possible. A spoofed Redirect message containing no RIOs could cause corruption in the host's destination cache while a spoofed Redirect message containing RIOs could corrupt the host's routing tables. While the latter would seem to be a more onerous result, the possibility for corruption is unacceptable in either case." So, from the first paragraph, we can see that the protocol must take measures to secure IPv6 ND messages on links where spoofing attacks are possible. The second paragraph then analyzes the consequences of what could happen if a spoofing attack were successful and we see that there are unacceptable negative consequences for both traditional Redirects and Redirects that include RIOs. The text stops short of saying that "no Redirects of any kind should be used on links where spoofing attacks are possible". Would adding a statement such as this address the concern? Thanks - Fred fred.l.templin@boeing.com<mailto:fred.l.templin@boeing.com> -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org<mailto:ipv6@ietf.org> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 -------------------------------------------------------------------- Best Regards, مع تحياتي Zied BOUZIRI، زياد بوزيري ISET Charguia, Tunisie www.bouziri.tn<http://www.bouziri.tn/>
- Route Information Options in Redirect Messages Templin, Fred L
- FW: Route Information Options in Redirect Messages Templin, Fred L
- Re: Route Information Options in Redirect Messages james woodyatt
- Re: Route Information Options in Redirect Messages Brian E Carpenter
- RE: [Int-area] Route Information Options in Redir… Templin, Fred L
- RE: Route Information Options in Redirect Messages Templin, Fred L
- RE: [Int-area] Route Information Options in Redir… Christian Huitema
- RE: [Int-area] Route Information Options in Redir… Templin, Fred L
- Re: Route Information Options in Redirect Messages Brian E Carpenter
- RE: Route Information Options in Redirect Messages Templin, Fred L
- Re: [Int-area] Route Information Options in Redir… Zied Bouziri
- RE: [Int-area] Route Information Options in Redir… Templin, Fred L
- Re: [Int-area] Route Information Options in Redir… Tomoyuki Sahara
- RE: [Int-area] Route Information Options in Redir… Templin, Fred L
- RE: [Int-area] Route Information Options in Redir… Mikael Abrahamsson
- Re: [Int-area] Route Information Options in Redir… sthaug
- Re: [Int-area] Route Information Options in Redir… james woodyatt
- RE: [Int-area] Route Information Options in Redir… Templin, Fred L
- Re: [Int-area] Route Information Options in Redir… james woodyatt