Re: rfc4941bis: temporary addresses as "outgoing-only"?

Fernando Gont <fgont@si6networks.com> Tue, 11 February 2020 04:33 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B956A12008A for <ipv6@ietfa.amsl.com>; Mon, 10 Feb 2020 20:33:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z-pOeLD99w5u for <ipv6@ietfa.amsl.com>; Mon, 10 Feb 2020 20:33:45 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D6C2120072 for <6man@ietf.org>; Mon, 10 Feb 2020 20:33:45 -0800 (PST)
Received: from [192.168.1.29] (host138.200-117-192.telecom.net.ar [200.117.192.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 65EB086C3E; Tue, 11 Feb 2020 05:33:42 +0100 (CET)
Subject: Re: rfc4941bis: temporary addresses as "outgoing-only"?
To: Gyan Mishra <hayabusagsm@gmail.com>
Cc: "6man@ietf.org" <6man@ietf.org>
References: <3217323b-3d8b-bf75-b5b0-ffdd01ee1501@si6networks.com> <CABNhwV0thfs+iARfN-Z45FEeyrJQtsi2AxVGAouf7KQy1TPXYQ@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <cbfd2645-92b9-5061-6a68-de4f656ab276@si6networks.com>
Date: Tue, 11 Feb 2020 01:33:31 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CABNhwV0thfs+iARfN-Z45FEeyrJQtsi2AxVGAouf7KQy1TPXYQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/SODfSOGL8KjRjTIjaCEBVEzsF5A>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 04:33:47 -0000

On 10/2/20 21:17, Gyan Mishra wrote:
> 
> 
> On Mon, Feb 10, 2020 at 11:12 AM Fernando Gont <fgont@si6networks.com 
> <mailto:fgont@si6networks.com>> wrote:
> 
>     Folks,
> 
>     Since we are at it, I wonder if rfc4941bis should say anything about the
>     use of temporary addresses for incoming connections. (see
>     https://tools.ietf.org/html/draft-gont-6man-address-usage-recommendations-04#section-4.3).
>     (e.g., "an implementation MAY....")
> 
>     Particularly for connection-oriented protocols, hosts that prevent
>     incoming connections on temporary addresses reduce exposure even when
>     their temporary addresses become "exposed" by outgoing sessions.
> 
>     i.e., if the model is that temporary addresses are employed for outgoing
>     connections, unless a host uses temporary-only, there's no reason to
>     receive incoming connections on temporary addresses. (e.g., browsing the
>     web or sending email should not be an invitation for folks to e.g.
>     port-scan you).
> 
>     The caveats here are:
> 
>     1) If a host does temporary-only, these are the only addrs you have, and
>     hence they should allow incomming connections
> 
>     2) It could be easily done for connection-oriented protocols such as
>     TCP, but not so easily (if at all possible) for e.g. connectionless
>     protocols.
> 
> 
>     As noted in
>     https://tools.ietf.org/html/draft-gont-6man-address-usage-recommendations-04#section-4.3
>     , *in theory* there are other ways in which the same effect could be
>     achieved... so one could certainly argue that this policy should not be
>     enforced on the addresses, but rather we should have a more appropriate
>     API that could allow apps to e.g. bind() subsets of all the available
>     addresses.
> 
>     Thoughts?
> 
> 
> 
>    I agree it below makes sense excerpt from the bottom of that 
> section.  So with temporary address enabled are you stating that the 
> “stable” address is what we want to use but based on OS implementations 
> they may not always be the case due to lack of API support.  Is the 
> issue with default source address selection used which may differ from 
> OS to OS and in that case is it possible the temporary address could be 
> bound to services thus exposing the host to attacks.  Kind of defeats 
> the purpose of having a temporary address.
> 
> It really sounds like we desperately need API development.

Indeed. We did all the machinery but the tool apps can use to leverage 
IPv6 addressing: an API.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492