IETF Logo Mail Archive

Re: draft-wbeebee-nd-implementation-pitfalls-00 with urgent changes suggested to 2462bis-08

JINMEI Tatuya / 神明達哉 <jinmei@isl.rdc.toshiba.co.jp> Mon, 25 June 2007 08:58 UTC

Return-path: <ipv6-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I2kPG-0005qm-5l; Mon, 25 Jun 2007 04:58:46 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I2kPE-0005qb-Hd for ipv6@ietf.org; Mon, 25 Jun 2007 04:58:44 -0400
Received: from shuttle.wide.toshiba.co.jp ([2001:200:1b1::35]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I2kPD-0001oF-Ry for ipv6@ietf.org; Mon, 25 Jun 2007 04:58:44 -0400
Received: from jmb.local (unknown [IPv6:2001:200:1b1:1010:217:f2ff:fe26:34a0]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 880E47301E; Mon, 25 Jun 2007 17:58:41 +0900 (JST)
Date: Mon, 25 Jun 2007 17:58:39 +0900
Message-ID: <m1bqf49zr4.wl%jinmei@isl.rdc.toshiba.co.jp>
From: JINMEI Tatuya / 神明達哉 <jinmei@isl.rdc.toshiba.co.jp>
To: "Hemant Singh (shemant)" <shemant@cisco.com>
In-Reply-To: <B00EDD615E3C5344B0FFCBA910CF7E1D034C0B11@xmb-rtp-20e.amer.cisco.com>
References: <B00EDD615E3C5344B0FFCBA910CF7E1D03468BF6@xmb-rtp-20e.amer.cisco.com> <m1abusbtko.wl%jinmei@isl.rdc.toshiba.co.jp> <B00EDD615E3C5344B0FFCBA910CF7E1D034C0B11@xmb-rtp-20e.amer.cisco.com>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.0 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
X-Spam-Score: -2.8 (--)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Cc: ipv6@ietf.org
Subject: Re: draft-wbeebee-nd-implementation-pitfalls-00 with urgent changes suggested to 2462bis-08
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Errors-To: ipv6-bounces@ietf.org

At Fri, 22 Jun 2007 09:05:36 -0400,
"Hemant Singh (shemant)" <shemant@cisco.com> wrote:

> Thanks for the quick review of section 5 in our new I-D.  Your reading
> of section 5 is correct - we have proposed both new and old
> implementations to always perform DAD for any unicast address. You are
> also correct that the gross change we have proposed over 2462bis is that
> old implementations MUST also not skip DAD. We stress about old
> implementations because if older implementations that are already
> deployed continue to be deployed for say, the next 5-10 years, that's
> not good. A software upgrade to older implementation is certainly
> possible.
> 
> We have given a solid reason for our case - it's presented in Section 2,
> bullet 4 of our I-D. Please see if our reasoning is solid enough to
> convince IETF.

I've also read that part (copied below to be very specific), but I
doubt it convinces the opponents of forcing DAD in all cases.  First,
it is not clear which "security problem" this bullet tries to
indicate.  Also, if Host1 is assumed to be the attacker that mounts
traffic hijacking and/or DoS against Host2, forcing Host2 to perform
DAD doesn't help because Host1 can get the same result by simply
ignoring the DAD-NS from Host1.

Meanwhile, 2462bis has just entered the AUTH48 state.  From what I've
seen so far, I don't see the need for delaying the publication of the
document due to this issue (and I'm going to complete this work just
with a few minor editorial fixes).

					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.
					jinmei@isl.rdc.toshiba.co.jp

   4.  The host MUST issue NS(DAD)s for all of its acquired unicast
       addresses except when the host interface has
       DupAddrDetectTransmits variable set to zero.  Section 5.4 of RFC
       2462 [ADDRCONF] erroneously relaxes this requirement and suffers
       from a security problem as illustrated by the following example:

          Host1 uses EUI-64 to configure a Link Local Address (LLA)
          using MAC1 and manually configures a Global Unicast Address
          (GUA) that is equal to an address configured using EUI-64 and
          MAC2.  Host1 completes an NS(DAD) for both its LLA and GUA.
          Then, Host2 uses EUI-64 to configure both a LLA and a GUA
          using MAC2.  Host2 completes an NS(DAD) for the LLA and does
          not send an NS(DAD) for its GUA in compliance with RFC 2462
          [ADDRCONF].  Now Host1 and Host2 have the same GUA on the same
          link.

       Therefore, this exception in section 5.4 of RFC 2462 [ADDRCONF]
       MUST be ignored.  Note that draft-ietf-ipv6-rfc2462bis-08
       [ADDRCONFbis] refers to an extensibility concern with new
       implementations and states in section 5.4:

          "Whereas this document does not invalidate such
          implementations, this kind of 'optimization' is NOT
          RECOMMENDED, and new implementations MUST NOT do that
          optimization."

       However, the security problem mentioned in this document
       invalidates even currently existing implementations.  The
       "Changes to draft-ietf-ipv6-rfc2462bis-08" section in this
       document describes the corresponding changes to
       draft-ietf-ipv6-rfc2462bis-08 [ADDRCONFbis].

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email