3484bis security considerations
Dave Thaler <dthaler@microsoft.com> Wed, 27 June 2012 00:01 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8988211E80EE for <ipv6@ietfa.amsl.com>; Tue, 26 Jun 2012 17:01:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.755
X-Spam-Level:
X-Spam-Status: No, score=-103.755 tagged_above=-999 required=5 tests=[AWL=-0.156, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WXijsmTJOQNr for <ipv6@ietfa.amsl.com>; Tue, 26 Jun 2012 17:01:22 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe006.messaging.microsoft.com [213.199.154.209]) by ietfa.amsl.com (Postfix) with ESMTP id 92BEE11E80ED for <6man@ietf.org>; Tue, 26 Jun 2012 17:01:21 -0700 (PDT)
Received: from mail12-am1-R.bigfish.com (10.3.201.252) by AM1EHSOBE009.bigfish.com (10.3.204.29) with Microsoft SMTP Server id 14.1.225.23; Tue, 26 Jun 2012 23:59:39 +0000
Received: from mail12-am1 (localhost [127.0.0.1]) by mail12-am1-R.bigfish.com (Postfix) with ESMTP id DE778260195 for <6man@ietf.org>; Tue, 26 Jun 2012 23:59:38 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -6
X-BigFish: VS-6(zz1b0bM1432Izz1202hzzz2fh2a8h668h839h944hd25hf0ah)
Received-SPF: pass (mail12-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=dthaler@microsoft.com; helo=TK5EX14HUBC104.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail12-am1 (localhost.localdomain [127.0.0.1]) by mail12-am1 (MessageSwitch) id 1340755176687333_16261; Tue, 26 Jun 2012 23:59:36 +0000 (UTC)
Received: from AM1EHSMHS012.bigfish.com (unknown [10.3.201.231]) by mail12-am1.bigfish.com (Postfix) with ESMTP id A63AC4A0083 for <6man@ietf.org>; Tue, 26 Jun 2012 23:59:36 +0000 (UTC)
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS012.bigfish.com (10.3.207.112) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 26 Jun 2012 23:59:35 +0000
Received: from TK5EX14MLTW653.wingroup.windeploy.ntdev.microsoft.com (157.54.24.14) by TK5EX14HUBC104.redmond.corp.microsoft.com (157.54.80.25) with Microsoft SMTP Server (TLS) id 14.2.309.3; Wed, 27 Jun 2012 00:01:15 +0000
Received: from TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com ([169.254.4.28]) by TK5EX14MLTW653.wingroup.windeploy.ntdev.microsoft.com ([157.54.24.14]) with mapi id 14.02.0309.003; Tue, 26 Jun 2012 17:01:15 -0700
From: Dave Thaler <dthaler@microsoft.com>
To: "6man@ietf.org" <6man@ietf.org>
Subject: 3484bis security considerations
Thread-Topic: 3484bis security considerations
Thread-Index: Ac1T9VSHnkt9OqeUTBScW/hekQcEGQAAoa8g
Date: Wed, 27 Jun 2012 00:01:14 +0000
Message-ID: <9B57C850BB53634CACEC56EF4853FF653B678D85@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.90]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-Mailman-Approved-At: Wed, 27 Jun 2012 00:32:18 -0700
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jun 2012 00:01:22 -0000
FYI, Ben Campbell's GEN-ART review raised the following "minor issue", which resulted in the only DISCUSS on the document: > Minor issues: > > -- security considerations, 1st paragraph: "This document has no > direct impact on Internet infrastructure security." > > Can source and/or destination address selection could influence > whether data is sent over and encrypted path? In particularly true > since section 7 allows the address selection to influence interface > selection? If so, it's worth mentioning the fact, and considering > whether an encrypted path vs unencrypted path should be considered in > the selection rules. Perhaps such decisions should be made prior to > following the rules in this draft--but if so it would be helpful to > explicitly say that. To address the above issue, I'm adding the following text to the security considerations section in between the 2nd and 3rd paragraph: + Similarly, most source and destination address selection algorithms, + including the one specified in this document, influence the choice of + network path taken (as do routing algorithms that are orthogonal to, + but used together with such algorithms) and hence whether data might + be sent over a path or network that might be more or less trusted + than other paths or networks. Administrators should consider the + security impact of the rows they configure in the prefix policy + table, just as they should consider the security impact of the + interface metrics used in the routing algorithms. -Dave
- 3484bis security considerations Dave Thaler
- 3484bis security considerations Dave Thaler