RE: IPv6 first-hop risks and threats and mitigations

Xipengxiao <xipengxiao@huawei.com> Wed, 16 December 2020 20:37 UTC

Return-Path: <xipengxiao@huawei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45E563A103F; Wed, 16 Dec 2020 12:37:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iv2Awiy1mDXB; Wed, 16 Dec 2020 12:37:24 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F71A3A1036; Wed, 16 Dec 2020 12:37:24 -0800 (PST)
Received: from fraeml713-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Cx6Lt6mnZz67Cpw; Thu, 17 Dec 2020 04:35:02 +0800 (CST)
Received: from fraeml712-chm.china.huawei.com (10.206.15.61) by fraeml713-chm.china.huawei.com (10.206.15.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Wed, 16 Dec 2020 21:37:20 +0100
Received: from fraeml712-chm.china.huawei.com ([10.206.15.61]) by fraeml712-chm.china.huawei.com ([10.206.15.61]) with mapi id 15.01.2106.002; Wed, 16 Dec 2020 21:37:19 +0100
From: Xipengxiao <xipengxiao@huawei.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Nabil Benamar <benamar73@gmail.com>, "Pascal Thubert (pthubert)" <pthubert=40cisco.com@dmarc.ietf.org>, 6man Chairs <6man-chairs@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>
Subject: RE: IPv6 first-hop risks and threats and mitigations
Thread-Topic: IPv6 first-hop risks and threats and mitigations
Thread-Index: AQHWwS8DSiI0vtn9H0azlrlBGPWmHqn6UyZg
Date: Wed, 16 Dec 2020 20:37:19 +0000
Message-ID: <c3267d8670d74df2a61e260c65981ad5@huawei.com>
References: <160603202606.8188.11893701417034577472@ietfa.amsl.com> <7B0EBC9E-4831-4005-98D9-5010CD1097F6@cisco.com> <CAMugd_UrsgmYTSg-abzuHt5ry2dxrU8gLFAQn+WkgcupGbrc5Q@mail.gmail.com> <74f40b386fc24d288412663a707517e4@huawei.com> <20462.1606091054@localhost>
In-Reply-To: <20462.1606091054@localhost>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.48.218.206]
Content-Type: multipart/alternative; boundary="_000_c3267d8670d74df2a61e260c65981ad5huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/O34rHJB78oE7oBhbD5B88FNXMdw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2020 20:37:26 -0000

Hi Michael,



>> So, the idea being to write down the issues, give the attacks names, and then clarify what defenses we have already and how well they work?



Yes.  Are you interested in working on this together?  Happy holidays!



XiPeng



-----Original Message-----
From: Michael Richardson [mailto:mcr+ietf@sandelman.ca]
Sent: Monday, November 23, 2020 1:24 AM
To: Xipengxiao <xipengxiao@huawei.com>om>; Nabil Benamar <benamar73@gmail.com>om>; Pascal Thubert (pthubert) <pthubert=40cisco.com@dmarc.ietf.org>rg>; 6man Chairs <6man-chairs@ietf.org>rg>; ipv6@ietf.org
Subject: IPv6 first-hop risks and threats and mitigations





Xipengxiao <xipengxiao@huawei.com<mailto:xipengxiao@huawei.com>> wrote:

    > I also think that it’s a good piece of work, and shouldn’t be given up.



    > I would also like to take this opportunity to propose that the WG start

    > a “problem statement of IPv6 first-hop protocols” draft.  The rationale

    > is: many IPv6 first-hop protocols like ND, SLAAC were designed long

    > time ago; many things have changed over the years, e.g. the advent of

    > wireless, mobility, IoT, overlays;  lately there are multiple drafts

    > trying to fix various issues in a number of IPv6 first-hop protocols,

    > including:



So, the idea being to write down the issues, give the attacks names, and then clarify what defenses we have already and how well they work?



--

Michael Richardson <mcr+IETF@sandelman.ca<mailto:mcr+IETF@sandelman.ca>>   . o O ( IPv6 IøT consulting )

           Sandelman Software Works Inc, Ottawa and Worldwide