Re: I-D Action: draft-gont-6man-flowlabel-security-02.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 24 January 2012 03:04 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 124DD21F862F for <ipv6@ietfa.amsl.com>; Mon, 23 Jan 2012 19:04:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.909
X-Spam-Level:
X-Spam-Status: No, score=-102.909 tagged_above=-999 required=5 tests=[AWL=-0.510, BAYES_00=-2.599, J_CHICKENPOX_14=0.6, J_CHICKENPOX_16=0.6, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hSJiPbK1hL9s for <ipv6@ietfa.amsl.com>; Mon, 23 Jan 2012 19:04:30 -0800 (PST)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 9202E21F862D for <ipv6@ietf.org>; Mon, 23 Jan 2012 19:04:30 -0800 (PST)
Received: by ghbg16 with SMTP id g16so1259775ghb.31 for <ipv6@ietf.org>; Mon, 23 Jan 2012 19:04:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=1uvpfnty+Z0CuzCXXmnzxZz6oUcejK6vRgNo2hbrrGU=; b=cBjpDHMiqYvmKmR05ZEyiYH0TpQ0puIClo9DxA/XLrW0pIAGOfJS6fYeqvRyit+JtP 16iXTJfcSd3vqw6gk7qnmEbamAgAiJoUT/umRxdhyA/1/oPzGT6bBRKR7Qd62zPPSSQO W56VdcWXSztV2BsNe7sjoa2bo+RvsreRZZToM=
Received: by 10.236.124.172 with SMTP id x32mr15148788yhh.19.1327374270186; Mon, 23 Jan 2012 19:04:30 -0800 (PST)
Received: from [130.216.38.124] (stf-brian.sfac.auckland.ac.nz. [130.216.38.124]) by mx.google.com with ESMTPS id h20sm40708222ang.7.2012.01.23.19.04.27 (version=SSLv3 cipher=OTHER); Mon, 23 Jan 2012 19:04:29 -0800 (PST)
Message-ID: <4F1E1FC3.2000206@gmail.com>
Date: Tue, 24 Jan 2012 16:04:35 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Fernando Gont <fgont@si6networks.com>
Subject: Re: I-D Action: draft-gont-6man-flowlabel-security-02.txt
References: <20120113130238.26417.24991.idtracker@ietfa.amsl.com> <4F1E06DF.2090307@gmail.com> <4F1E1C38.1070901@si6networks.com>
In-Reply-To: <4F1E1C38.1070901@si6networks.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: 6man <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2012 03:04:31 -0000
On 2012-01-24 15:49, Fernando Gont wrote:
> Hi, Brian,
>
> On 01/23/2012 10:18 PM, Brian E Carpenter wrote:
>> I really don't like the use of the counter in Fernando's proposed algorithm:
>>
>> Flow Label = counter + F(Source Address, Destination Address, Secret Key)
>>
>> It seems to me that it introduces significant predictability for a malicious
>> observer of the packets leaving a given source.
>
> As noted off-list, I personally think that rather than proposing a
> single algorithm, we should describe a set of algorithms, a la RFC 6056
> -- as there a number of tradeoffs-
>
>
>> Effectively the equivalent algorithm in RFC 6437 is
>>
>> Flow Label = F(Srce Addr, Dest Addr, Protocol #, Srce Port, Dest Port, Secret Key)
>>
>> which is less predictable, even if the port number is not randomized.
>
> If the attacker can predict the algorithm in
> draft-gont-6man-flowlabel-security-02.txt, he knows the IPv6 addresses
> of the two endpoints, and the secret key. So I don't see what'd be the
> real improvement of this variant.
With your proposal, after observing label N, you can (with reasonable probability)
predict label N+1; you don't need this to be 100% accurate to cause trouble.
>
> That said, it also seems technically incorrect: If you expect the
> resulting (src ip, dst ip, flow label) to be unique, then introducing
> the port numbers in F() could lead to unnecessary collisions.
Sure, as noted in the new RFC: a statistically small rate of collisions
does not significantly bias load sharing.
>
> Yes, now that the requirement of uniqueness has been relaxed, collisions
> are less important... but I don't see what's the "gain" of the modified
> expression you suggest above.
That label 4502 will essentially never be followed by label 4503,
which your method explictly allows (your Table 1). Include the counter in
the input to the hash function and this problem disappears.
Regards
Brian
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Brian E Carpenter
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Fernando Gont
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Brian E Carpenter
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Fernando Gont
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Brian E Carpenter
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Fernando Gont
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Brian E Carpenter
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Fernando Gont
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Brian Haberman
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Fernando Gont
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Brian E Carpenter
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Fernando Gont
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Brian E Carpenter
- Re: I-D Action: draft-gont-6man-flowlabel-securit… Fernando Gont