IETF Logo Mail Archive

Re: default-iids ready for WGLC? (Re: I-D Action: draft-ietf-6man-default-iids-10.txt)

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 18 March 2016 03:12 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B44AD12DF0E for <ipv6@ietfa.amsl.com>; Thu, 17 Mar 2016 20:12:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7BBoENUuNI2c for <ipv6@ietfa.amsl.com>; Thu, 17 Mar 2016 20:12:19 -0700 (PDT)
Received: from mail-pf0-x22b.google.com (mail-pf0-x22b.google.com [IPv6:2607:f8b0:400e:c00::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3AD012DF08 for <ipv6@ietf.org>; Thu, 17 Mar 2016 20:12:19 -0700 (PDT)
Received: by mail-pf0-x22b.google.com with SMTP id u190so147725836pfb.3 for <ipv6@ietf.org>; Thu, 17 Mar 2016 20:12:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=T9alY+P7gCnGi189LamAlm+rLF3EXne2nmwhR2rJsFw=; b=iOcSN7piR59LFNj+obGwr2VqnSB1xLUo2+wqjPZOKPTc4+hcemY1WxF0uN5ocpuZp6 sFnck/i0w8/BBu0XmG3MjmZ1liRkJP6d0XZutQKeNkaq72AX6lyfmyj+52X6rzwIst5E tc1QVFPl0qz9vNIrsnjjr6yKSaWylomcw6cycdzWuPNJxrX7ZqZkYnHkPhrbPL62NvUK iRvbFKPWenwl2mrWhz55slb6rpSVTK1u1fO86spRODNMq5ClOu9lWYOa7YNIXX8RgTga dEwA+keyftpnDJRuBBJ3npg6uyv0f54iF/vDjAu3jYn5ZRFcuOljg4Xg/5sHWoMHxKHt ag4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=T9alY+P7gCnGi189LamAlm+rLF3EXne2nmwhR2rJsFw=; b=kviT8wRARcTkkmGm4P3Wx7BjJWwBzojCilDUvBcmXpIy3wkpFre55e/qaq+58Sximu C/HM3UXaYx8hzaEWSvw8fatbUEIhpuPuqqUvz/CWyA3Pa0k09YC2HNzaZuv7ur8Iqqzx QOz2swAZGgy4Siccropuz1pbS7k0K47k8trNXlslymLgSkr+yPYORUl+bES+hAG1sfqJ bh9MVkN1XUvzPLROLXFpnHNDwVpgp7y6FCzDG4/5ovYe71BcueYnOIkHfNXyQa+yQZN7 v7MrqmEM6WLXrvQPDLc3Rff+dR9i5TPEZY9sEoMb3i46hPF5GRSdrYzz1+82nSFCPeyy F7lA==
X-Gm-Message-State: AD7BkJJ8Nrjl4tKV634B62quUJx80Wxk063cQJulDsJ1c3Oxtptv+I2fSyzB+AaWfllqOg==
X-Received: by 10.98.40.200 with SMTP id o191mr20231566pfo.83.1458270739459; Thu, 17 Mar 2016 20:12:19 -0700 (PDT)
Received: from [10.1.9.199] ([103.23.18.15]) by smtp.gmail.com with ESMTPSA id y7sm10508831pfa.82.2016.03.17.20.12.15 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 17 Mar 2016 20:12:18 -0700 (PDT)
Subject: Re: default-iids ready for WGLC? (Re: I-D Action: draft-ietf-6man-default-iids-10.txt)
To: Fernando Gont <fgont@si6networks.com>, Lorenzo Colitti <lorenzo@google.com>
References: <20160217110334.12586.6254.idtracker@ietfa.amsl.com> <56C454F3.30003@si6networks.com> <CAKD1Yr2=vK8_txebpUQD1=Ha1aLoBLqMb3HQpvum1js4ODbQGQ@mail.gmail.com> <56EACDE3.3020708@si6networks.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <56EB7218.70804@gmail.com>
Date: Fri, 18 Mar 2016 16:12:24 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0
MIME-Version: 1.0
In-Reply-To: <56EACDE3.3020708@si6networks.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/O2jmrrWmGUPsi251IhQELw3dRyA>
Cc: "6man-chairs@tools.ietf.org" <6man-chairs@tools.ietf.org>, "draft-ietf-6man-default-iids@tools.ietf.org" <draft-ietf-6man-default-iids@tools.ietf.org>, IETF IPv6 Mailing List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Mar 2016 03:12:22 -0000

On 18/03/2016 04:31, Fernando Gont wrote:
> On 03/17/2016 10:19 AM, Lorenzo Colitti wrote:
>> On Wed, Feb 17, 2016 at 8:09 PM, Fernando Gont <fgont@si6networks.com
>> <mailto:fgont@si6networks.com>> wrote:
>>
>>     This rev addresses the feedback received on-list, mostly y Alex, Brian,
>>     and Ray.
>>
>>     I personally think that this one should be ready for WGLC.
>>
>>
>> I have various objections to this document.
>>
>> First: I don't see why the document require that the link layers MUST
>> provide stable identifiers. What if a link layer or a host does not want
>> a stable identifier? What about privacy threats?
> 
> Are you are arguing in favor of RFC4941-only, o what?

I think we need some careful wording here. I thought the intent
was that stacks MUST provide this mechanism (instead of a MAC-based
mechanism) as the default, with alternatives (such as manual
assignment or RFC4941) being configurable.

>> I do not support the recommendation to use RFC7217 because doing so
>> creates a false sense of security.
> 
> So... fixing a bug/hole creates a false sense of security?

Indeed. What we are trying to fix is transparent mapping between
stable MAC addresses and IIDs.

>> RFC 7217 and similar schemes provide
>> protection against some threats but not others. Randomizing the
>> link-layer provides much better protection, and is what other parts of
>> the IETF are moving towards - see for example
>> draft-ietf-dhc-anonymity-profile, which pretty much takes MAC address
>> randomization as a given.
> 
> MAC address randomization is going to break many of the security
> controls currently employed. -- including simple captive portals that
> allow connectivity based on your MAC address.
> 
> Besides, many devices may not even be capable of doing MAC address
> randomization.

And many campus or enterprise operators will have strong security arguments
for forbidding it. I see stable MAC addresses being around for ever in
many networks.

Not to say that the IETF can ignore randomized MACs, but we can't rely on
them either.

> Besides, MAC addresses are IEEE's turf, not IETF's. And, the logic of
> keeping some vulnerable part blaming the layer bellow is simply flawed.
> 
> The traditional SLAAC addresses have security and privacy implications,
> as explained in RFC7721, and it's our job to address them.
> 
>> In various places, the document talks about "the interface identifier".
>> This does not match reality because most IPv6 hosts have more than one
>> IPv6 address formed using more than one IID.
> 
> "the interface identifier [of the ipv6 address in question]".
>
>> I don't see how it's useful or constructive to suddenly declare billions
>> of implementations no longer compliant with specs that have been current
>> for nearly 20 years (e.g., RFC2464 is from 1998).
> 
> Firstly, some implementations that have cared about sec/priv have been
> "non-compliant" for years.
> 
> Secondly, an update obviously means that implementations need to be
> updated to comply with the newly published specs. Otherwise the new spe
> would be a noop, and we wouldn't be publishing it, right? 
> 
>> Instead of a sweeping update to lots of IPv6-over-foo documents, I'd
>> much rather see a best current practice that suggests that hosts do
>> something sane to address this sort of threat. "Something sane" should
>> probably be MAC address randomization, but could also be
>> RFC7217+RFC4941, etc.
> 
> Embedding the MAC address in the IID is part of such specs. Obviously,
> if we want that to change, we need to update them.
> 
> Besides, what we're saying here is that the traditional SLAAC addresses
> should be replaced with RFC7217. Use of RFC4941 is orthogonal.

And that is the weakness in the current wording - you need to set the context
that the recommendation is for scenarios where RFC4941 does not apply,
that MAC addresses are not necessarily randomized, and that stable identifiers
are in fact operationally desirable. So this would be a mandatory to
implement default for such cases.

    Brian

v2.41.0 | Report a Bug | By Email | System Status