IETF Logo Mail Archive

Re: rfc4941bis: temporary addresses as "outgoing-only"?

Mark Smith <markzzzsmith@gmail.com> Tue, 11 February 2020 05:56 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AC3E12007A for <ipv6@ietfa.amsl.com>; Mon, 10 Feb 2020 21:56:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K2rcJ6ZKXhgw for <ipv6@ietfa.amsl.com>; Mon, 10 Feb 2020 21:56:12 -0800 (PST)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2925120041 for <6man@ietf.org>; Mon, 10 Feb 2020 21:56:11 -0800 (PST)
Received: by mail-ot1-x32d.google.com with SMTP id p8so8918657oth.10 for <6man@ietf.org>; Mon, 10 Feb 2020 21:56:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jP6NYq0k0fBt+0smFNadQ/78nK/hquay6nHH85W81/8=; b=pSdywwjfPgOFvcI0Zj71lPxPGsqnh68G7jcNm+4hgnbqBfAxOTs8YRfay+ufx1McYM ArdDsQ5NI2ut98X5delXHNX7vXVdiLR/a2fq1EB68ElvZcD/eBjrgRMrpOHkocwuDEKk Zbvcsq54fWepGl27ejmLhz4XCrR5ByJ2UmS8AhA1eM2VF8dRjh0LxODombKp+ShOBHDR XEBt8H/iR2LqnGE0brZHepOzOecFgBlAXBMBUnrwei/ltSOXxBgsvx56RFYum9rBfUf5 OL2i/w7EPHmzDeHroNAXOoTKw9vmclcOB1hxUwADHbnnPFVAod2ut12uRp1yAf0Nzqs1 wMWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jP6NYq0k0fBt+0smFNadQ/78nK/hquay6nHH85W81/8=; b=trvWvRrVh7QjT8FWv3SvGJuUil+NYh8KAR+1Vk4gnVVXKMHfFmjh1mBlRACAu4+eE/ jVxReFrAyRvTL20cGs4NKgEPnI3eAy3F6jC4DUcNivGTbuaiphvWSIHZql6BXcn8BOGt QxL23oTW1QB1TTfPsTmNSHqYeBOpB6gCUwJDJ56+6/heSYW2/sVi0rct4Ho5+wmw1fT4 Rl1RNXKwJlby3Ieyt0irLOxNQdIgQf+jIEwD2jLKSkcp9t4fgEd8EguhZqZncigKM9sY AGf0CRO8t7PyppAKGT56YKOqeNt6Uwptn78MqVmNrdB6y81KtJYu/YO8FsY/u9+4V67+ HjEg==
X-Gm-Message-State: APjAAAU9ddbS6OXv8zd3XzcCc5bDGUD8mFS/O6pIONHYSxSrfKwUMHkG lv+hryAcjRCtX3LxPyH3R7rnIhduTtU/6AW+6do=
X-Google-Smtp-Source: APXvYqxvTHbm723iGHA2cRUkdfC3FtGRvlYbWkz89965lYMYcAhDAgu6uBq9dNTgJu7Gv1gS/+CRqKlia6AStLQTuKc=
X-Received: by 2002:a9d:798e:: with SMTP id h14mr3899727otm.257.1581400571256; Mon, 10 Feb 2020 21:56:11 -0800 (PST)
MIME-Version: 1.0
References: <3217323b-3d8b-bf75-b5b0-ffdd01ee1501@si6networks.com> <CAO42Z2xtvjo_RO7kNsFCi4=S0TJKRest-8fEkvnwbC3rBNAj0A@mail.gmail.com> <ac38ca41-a148-470a-d2ba-26649f77e2f8@gmail.com> <992cb8c9-f360-44f1-89fe-ec9b1abd0846@si6networks.com> <CAO42Z2yXxPzhVOyE6NTgn1hHactQXZ0CRsyWZqWjBYEX3b_y9g@mail.gmail.com> <65587adb-d7f8-5457-b51a-82a9b8582ff7@si6networks.com>
In-Reply-To: <65587adb-d7f8-5457-b51a-82a9b8582ff7@si6networks.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Tue, 11 Feb 2020 16:55:45 +1100
Message-ID: <CAO42Z2zwBYibicBVgDOLuCO1gSLBWQHkEi3_HfXxDQY2_btJtg@mail.gmail.com>
Subject: Re: rfc4941bis: temporary addresses as "outgoing-only"?
To: Fernando Gont <fgont@si6networks.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, 6MAN <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Ut_Tqd8pvz76Ui4-P-B8z1puIzA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 05:56:13 -0000

On Tue, 11 Feb 2020 at 16:38, Fernando Gont <fgont@si6networks.com> wrote:
>
> On 11/2/20 02:18, Mark Smith wrote:
> > On Tue, 11 Feb 2020 at 15:32, Fernando Gont <fgont@si6networks.com> wrote:
> >>
> >> On 10/2/20 19:17, Brian E Carpenter wrote:
> >>> On 11-Feb-20 09:46, Mark Smith wrote:
> >>>>
> >>>>
> >>>> On Tue, 11 Feb 2020, 03:13 Fernando Gont, <fgont@si6networks.com <mailto:fgont@si6networks.com>> wrote:
> >>>>
> >>>>       Folks,
> >>>>
> >>>>       Since we are at it, I wonder if rfc4941bis should say anything about the
> >>>>       use of temporary addresses for incoming connections. (see
> >>>>       https://tools.ietf.org/html/draft-gont-6man-address-usage-recommendations-04#section-4.3).
> >>>>       (e.g., "an implementation MAY....")
> >>>>
> >>>>       Particularly for connection-oriented protocols, hosts that prevent
> >>>>       incoming connections on temporary addresses reduce exposure even when
> >>>>       their temporary addresses become "exposed" by outgoing sessions.
> >>>>
> >>>>       i.e., if the model is that temporary addresses are employed for outgoing
> >>>>       connections, unless a host uses temporary-only, there's no reason to
> >>>>       receive incoming connections on temporary addresses. (e.g., browsing the
> >>>>       web or sending email should not be an invitation for folks to e.g.
> >>>>       port-scan you).
> >>>>
> >>>>
> >>>> This would prevent peer-to-peer connections between end-user devices, as it means devices become clients only, and they therefore cannot provide a temporary server/service.
> >>>
> >>> If a node has a stable address as well as a temporary address, that isn't the case.
> >>
> >> That's what I had in mind.
> >>
> >
> > So if we want to support adhoc peer-to-peer file transfers between
> > e.g. smartphones via NFC/Bluetooth/Adhoc Wifi, then stable addresses
> > are required, even if the file transfer takes say 30 seconds, well
> > within the valid lifetime of the RFC4291bis temporary addresses?
>
> I see your point. And if one were to implement this policy, yes, stable
> addresses would be required.
>
> That said, it is clear to me that this is out of scope for this document
> (I just wanted to check with the group).

Yes, I agree out of scope.

I think we want to restrict this document to temporary addresses and
what we expect to work when only temporary addresses are used or
available. That's naturally bounded by the properties of the temporary
addresses, which is why for example, connections that are longer lived
than the valid lifetime of the temporary address are going to break
and are expected to break.

Regards,
Mark.


> Once again, if we had
> appropriate APIs, applying this sort of policy host-wide wouldn't even
> make sense.
>
> Thanks,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>

v2.23.0 | Report a Bug | By Email