Re: Giving up security & privacy when manually configuring addresses - rfc4291bis text (Re: draft-bourbaki-6man-classless-ipv6-00)
Tom Herbert <tom@herbertland.com> Wed, 07 June 2017 03:48 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12395129BDB for <ipv6@ietfa.amsl.com>; Tue, 6 Jun 2017 20:48:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MMvzPXjvKAu8 for <ipv6@ietfa.amsl.com>; Tue, 6 Jun 2017 20:48:45 -0700 (PDT)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22ABD129BEF for <ipv6@ietf.org>; Tue, 6 Jun 2017 20:48:40 -0700 (PDT)
Received: by mail-wm0-x235.google.com with SMTP id n195so2332521wmg.1 for <ipv6@ietf.org>; Tue, 06 Jun 2017 20:48:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=BA/ZJt7m5uoO8jKQkLl3elwMyW88YfeIX7leJqcgFG4=; b=niZPCUJVIi0eN8Y+uwcRB6M6v9lr6TSkb82jlYYxDle8xgIqegW5fFc/yNwJYpAlat jwjsDjk9HrncKBm3XQha0+HF6W5wSPIBZ+19304SUgZ5djsoQnjX1IDRmhNRGLSuGnr6 VLTSAlyHSmZPnJsMu0+IvhdskeyAHnZEahCdlhpiYBa3YhiW9EWv3fGvu626GPN9LLgK 8Sas2VJKTBC8QpiLhlALbicgumGaKcRLpoUV6dNBPZRSaUhRDT5UdChN+JuitHJzM+Y2 /vVkKItpW3yNzBEoeoOIF8ASUTStV8CVYH/8MWzSp5qf4c7CaQhQOSxHKK358RYsi8tl Rb0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=BA/ZJt7m5uoO8jKQkLl3elwMyW88YfeIX7leJqcgFG4=; b=fw7xk6fYIM7/CpxZAk37Lbd44o8AoH6ZA/6nDqr3xAJM+ESgVhPQG87/BR2MEMr89H bJ/zZqWG8g5phsK+aiIhqcAtyiyla+BE6ri5BV43BHroxe/cxGQhERSDnCiuIkNLJjb7 Y2XvXA49O3d4dHW2Cw6qNdmJP0dJ8n2FxVKAiH6YUDNeqr9iHHtORZusU5EDpCMS7nv+ 4N03iShIy0GaMXhLlTHBqAWWaDnW9/pFq5m3NiLOw1Hk6hgGp15rS2i1Jq15H9amMG1/ K8lF4DGGcW3FdHB0ourPrHR1BJf1Fju/IXQvoU/iju5WPCeXu7c/U25lGb5yFNioMPGg nQaA==
X-Gm-Message-State: AODbwcAX05nKfdSmJvAATKyJ2KwW5tfn/QJ1D7tGIUdx++nRdyPncrne UJwBfhdOfKdg5cqYuwIeNJ117/APgRLj
X-Received: by 10.28.54.204 with SMTP id y73mr483074wmh.53.1496807318653; Tue, 06 Jun 2017 20:48:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.132.135 with HTTP; Tue, 6 Jun 2017 20:48:38 -0700 (PDT)
In-Reply-To: <CACWOCC_7QpGexm8HBiEjjYdPjgkNwVCGiLg_yDNgK71BndA=Ew@mail.gmail.com>
References: <CAO42Z2ziUZnK+n2f9N_Xvb5TZBppApXgNSmDsRLxaT1_taLvFw@mail.gmail.com> <EB4E2A17-B77F-40B8-B565-B3BBC1E378B3@gmail.com> <CACWOCC_7QpGexm8HBiEjjYdPjgkNwVCGiLg_yDNgK71BndA=Ew@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 06 Jun 2017 20:48:38 -0700
Message-ID: <CALx6S373abVj-DPEL+ZHBZ2Mq1jx80mKMcjjS42Ou3sfwYAfzA@mail.gmail.com>
Subject: Re: Giving up security & privacy when manually configuring addresses - rfc4291bis text (Re: draft-bourbaki-6man-classless-ipv6-00)
To: Job Snijders <job@instituut.net>
Cc: Fred Baker <fredbaker.ietf@gmail.com>, Mark Smith <markzzzsmith@gmail.com>, Erik Kline <ek@google.com>, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/QBiSEmuHRuMJYvJtLDph-NFmN6A>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 03:48:49 -0000
On Tue, Jun 6, 2017 at 8:40 PM, Job Snijders <job@instituut.net> wrote: > I don't think so. > Right. This security technique doesn't help any servers on the Internet that have public DNS addresses or other situations where the addresses can be discovered. In reality, hosts should never assume that the network provides any security which is why we need to spend a lot of effort hardening stacks to handle SYN and other types of attacks. It's great if this makes attackers work harder, but I would never count on for security from a host perspective. Tom > On Tue, 6 Jun 2017 at 20:37, Fred Baker <fredbaker.ietf@gmail.com> wrote: >> >> >> On Jun 6, 2017, at 6:23 PM, Mark Smith <markzzzsmith@gmail.com> wrote: >> > >> > That doesn't mention that security and privacy properties of addresses >> > will be compromised if the manually configured addresses are from a >> > small prefix. >> >> Or advertised in DNS? >> >> I would expect that any address configured manually would also be >> advertised in DNS, the latter being the reason for the former. If the >> address is publicly announced, does one have a reasonable expectation of >> privacy? > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- Giving up security & privacy when manually config… Mark Smith
- Re: Giving up security & privacy when manually co… David Farmer
- Re: Giving up security & privacy when manually co… Fred Baker
- Re: Giving up security & privacy when manually co… Job Snijders
- Re: Giving up security & privacy when manually co… Christopher Morrow
- Re: Giving up security & privacy when manually co… Tom Herbert
- Re: Giving up security & privacy when manually co… sthaug
- Re: Giving up security & privacy when manually co… Erik Kline
- Re: Giving up security & privacy when manually co… sthaug
- Re: Giving up security & privacy when manually co… Fernando Gont
- Re: Giving up security & privacy when manually co… Fernando Gont
- Re: Giving up security & privacy when manually co… Mark Andrews
- Re: Giving up security & privacy when manually co… Nick Hilliard
- Re: Giving up security & privacy when manually co… Mark Smith
- Re: Giving up security & privacy when manually co… Philip Homburg
- Re: Giving up security & privacy when manually co… Lorenzo Colitti
- Re: Giving up security & privacy when manually co… Simon Hobson
- Re: Giving up security & privacy when manually co… Fernando Gont
- Re: Giving up security & privacy when manually co… Lorenzo Colitti
- Re: Giving up security & privacy when manually co… Fernando Gont
- Re: Giving up security & privacy when manually co… Mark Smith
- Re: Giving up security & privacy when manually co… Tom Herbert
- Re: Giving up security & privacy when manually co… Lorenzo Colitti
- Re: Giving up security & privacy when manually co… Fernando Gont
- Re: Giving up security & privacy when manually co… Alexandre Petrescu
- Re: Giving up security & privacy when manually co… Mark Smith
- Re: Giving up security & privacy when manually co… Simon Hobson
- Re: Giving up security & privacy when manually co… Tom Herbert
- Re: Giving up security & privacy when manually co… Fernando Gont
- Re: Giving up security & privacy when manually co… Fernando Gont