IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns

Ted Lemon <mellon@fugue.com> Fri, 31 July 2020 15:13 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B13693A11DF for <ipv6@ietfa.amsl.com>; Fri, 31 Jul 2020 08:13:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r6aBY7wVtMXU for <ipv6@ietfa.amsl.com>; Fri, 31 Jul 2020 08:13:29 -0700 (PDT)
Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [IPv6:2607:f8b0:4864:20::f35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 124553A1099 for <ipv6@ietf.org>; Fri, 31 Jul 2020 08:13:28 -0700 (PDT)
Received: by mail-qv1-xf35.google.com with SMTP id x6so8429047qvr.8 for <ipv6@ietf.org>; Fri, 31 Jul 2020 08:13:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=OWVOxLRstSPGty7A+CBWdG4BJrIDPtSLRDzA9b2oi5A=; b=QV4sCfZkpI0/l2y9aY+Ku7pSwXSEoDqSQGBtPZSpsT0c3ApLUOTlyS95pxIV30EE5I n0xw+IrCb/Y07+7NcxX9p+pvLvTgsg6RK7/qbAli4FMqll++eK3yue5IuJFPEg3HAUhR vjM8BybP6WipJYbp8/0aw0H8LPPJ7s8+eKWQ/sm6cEB8ACtgeHPuXJnEiZscBZnAQwmM ljWUIwGxjzRYd+zF0f4hWZMXTYSLAnxTO25A0s9+VF7sFwhv9f+XvCblEl0Ro9S8ncsq JyJP04XjpUeLyaxKzax0TJbL2cTumE6yJ23h4ofSdj3Tvai99oI7zu06IAU9gZvx2+nI zcfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=OWVOxLRstSPGty7A+CBWdG4BJrIDPtSLRDzA9b2oi5A=; b=jWYnXGmFYFfixSG6ranp0oXD5ap1+NwmlWXrpGcfE6yl6GRTFp2g2tEVnvfQqaVTXZ FsZ9pcj0dJtPIZsashrmgmYtiMdFtyFT1/I2ySX3V5P12sRcbs2WkNimjGJrHa0Lkcdt bnPutSHSYP2VhUz1QX+uZW9/9K7r6fmbdBk3DMGBYaKwraSkRFKfvqgbKg1W2O9sfEYy soiISS/HZwjl6rrHbBnEFFzjhBMQ6CeQo9SiATdGSBt83R//fOwUrnOrsXxIdr7eZgDm S0n21G+p4wDs+JhlOIOwwHOA0ZNs7t4oGfdyWA4XOp3HWP0sffBne304SZRtOOe8FEdB 9pWA==
X-Gm-Message-State: AOAM532qGz9P05X4fM81E+BoiJg8b9tS8AgvpX5yPYulyjKEdQOFsU30 sj+kOCYFV7+6UdCOB3FfNHyi5g==
X-Google-Smtp-Source: ABdhPJwwdR4LQHiptwu26PwxzdA5BuiSWXqAi4jkr/Db+Q5nYYa2BuWYRnTyGXJ6VzgAS3j+xJlsig==
X-Received: by 2002:a0c:d7c9:: with SMTP id g9mr4691767qvj.83.1596208404431; Fri, 31 Jul 2020 08:13:24 -0700 (PDT)
Received: from ?IPv6:2601:18b:300:36ee:1d5e:d83c:760:89f9? ([2601:18b:300:36ee:1d5e:d83c:760:89f9]) by smtp.gmail.com with ESMTPSA id f31sm9672265qte.35.2020.07.31.08.13.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 31 Jul 2020 08:13:23 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <91D98D51-4045-4331-A711-8387ECE73400@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2D08DCFE-0988-461D-938A-F4BDB9AA8389"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Subject: Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns
Date: Fri, 31 Jul 2020 11:13:21 -0400
In-Reply-To: <3C1ECB6F-E667-4200-964F-AB233A0A56E9@cisco.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, v6ops list <v6ops@ietf.org>, 6man <ipv6@ietf.org>
To: "Pascal Thubert (pthubert)" <pthubert=40cisco.com@dmarc.ietf.org>
References: <96fa6d80137241dd9b57fcd871c8a897@huawei.com> <CAFU7BARePzdeU5DFgoOWyrF0xZCj67_xkC2t8vMN2nH0d8aUig@mail.gmail.com> <37e2a7110f6b423eba0303811913f533@huawei.com> <CAFU7BATiD8RkiWXjrxGuAJU-BUwRQCErYZivUPZ-Mc_up_qGxQ@mail.gmail.com> <aebc46c9b813477b9ae0db0ef33e7bd9@huawei.com> <CAO42Z2yL7+GbO6QRaNzFYoBXLF-JZ2NfwgTTt2zerKhJLwt2Lw@mail.gmail.com> <3C1ECB6F-E667-4200-964F-AB233A0A56E9@cisco.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/YbdDeAEmOSTba_4xzyzLqR1ODII>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 15:13:31 -0000

On Jul 30, 2020, at 6:26 PM, Pascal Thubert (pthubert) <pthubert=40cisco.com@dmarc.ietf.org> wrote:
> I support GRAND because it is better than nothing and progressing just that at 6MAN seems to be an incredible achievement already. 

Indeed.  GRAND seems like a thing that one would be tempted to add to a stack even in the absence of a draft describing it. Having a draft that describes how to do it is better, because we can then have a discussion of what the benefits and drawbacks are, and mitigate the drawbacks. This concern about ND security seems like a useless digression: yes, ND is not secure, we know this. We’ve tried to address it with SEND, but that hasn’t gotten any traction in the market. 

Are we seeing L2 attacks on ND in the wild? What’s the threat model? If this is a real concern, let’s confront it head-on, rather than trying to address it piecemeal.

v2.23.0 | Report a Bug | By Email