IETF Logo Mail Archive

Re: WG Last Call for for draft-ietf-6man-rfc6874bis

Ted Lemon <mellon@fugue.com> Sat, 18 June 2022 10:20 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B326C14F74E for <ipv6@ietfa.amsl.com>; Sat, 18 Jun 2022 03:20:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qeKIor9UkqCu for <ipv6@ietfa.amsl.com>; Sat, 18 Jun 2022 03:20:24 -0700 (PDT)
Received: from mail-oi1-x232.google.com (mail-oi1-x232.google.com [IPv6:2607:f8b0:4864:20::232]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C934CC14F721 for <ipv6@ietf.org>; Sat, 18 Jun 2022 03:20:24 -0700 (PDT)
Received: by mail-oi1-x232.google.com with SMTP id v143so8138977oie.13 for <ipv6@ietf.org>; Sat, 18 Jun 2022 03:20:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uAOSh4kF2ah/5A9jAyyE2Sk8nnb7yceKVr7cBCSK7jQ=; b=eLz83sI1tIADkLkIwllVxhhXyUPDBtrgqH0SvPUVYxnlZMXIfpd7vwfSraPD3pcYL+ UHExdUyGv+opscM8gDDg/gxOR6euEsifS1CzvWK9sYuDP2UrDDbYIZGiWug/pCLN+e5n s/AAkT/8YYsUtoYrKD6XShCden5iy42eg4jBVhGCVQfdfSyQTPsQlOm8EBV/BewQZdXM NdZQkJxyAoE71Tsc+khHEMBE+kiBgdOxQdQgQzDtdpUfpUFUdOLMEkaU9j4+L++ifiU3 f21kfuwtYy9eHJlXFEK7axM/U8iJRA8/0PQ5CR6NhZ47HX35WbAax/ZINTY+UgA8bbG+ m/dg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uAOSh4kF2ah/5A9jAyyE2Sk8nnb7yceKVr7cBCSK7jQ=; b=KRJgUl7KEobV/eA9RL4o3vFtTLqo0YNNjUP++UYnBdhc77hLG48JTZhRs5SH/q54gu GHDCT8gTWpvzn6Kaq1sKvB53NGCvUd9+ONnD3et4Z79UdokGgffgOMXvWvjq/WRtR+Nc ONZ/HOhDvIznjAw3d1VI+I1EYnIYKfnNu4L26VvrGuBMy0Ebr79pJYWiyFz/ynlgSSIn pzaxZlM2aDjKaD6/Fq08DyuCKRknbPpgpRJmAxeD1zu5Hqt/rwgRaRNK5O099wp6DCW1 MZy0k1abKqskDdubmdLu0yosDLCVOHx3Id4rb4FKabtrVB1Cmbp4+h4ihq5BNgieRZYs 5+6w==
X-Gm-Message-State: AJIora9wSPyTmYSibRNL5nVX+S9IFanahIbSgD89VJfjtdkrqNYOoBZR nWfFomzDdW5VwhmpM7iAEkX3n80ixjKRSeeACRptGw==
X-Google-Smtp-Source: AGRyM1uWmZPcx6M2PrPcinwgQuad5Tn5ZK/G65IBT85K2lhmikYDhDqkezDb3cuiWp7fQnvLkccvQWsmdg/v3Q6vKOY=
X-Received: by 2002:a05:6808:2194:b0:32f:1309:c4e0 with SMTP id be20-20020a056808219400b0032f1309c4e0mr7571400oib.12.1655547623358; Sat, 18 Jun 2022 03:20:23 -0700 (PDT)
MIME-Version: 1.0
References: <CAFU7BAQVr_UMK_v7O7DGTV363j7q25X9GwrgraTEypzq_Lz3gQ@mail.gmail.com> <CAPt1N1m+g8Yu9rPyvfvrxG_bST_9_z3siByOCsMmeTpWAfAiZA@mail.gmail.com> <223eeed3-40f0-1958-5df4-a6b310a29706@gmail.com> <CAN-Dau14A+GANWRBwHH=+NTkcdaOTfrNN3wcfzo_iiWwo4LzLQ@mail.gmail.com>
In-Reply-To: <CAN-Dau14A+GANWRBwHH=+NTkcdaOTfrNN3wcfzo_iiWwo4LzLQ@mail.gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Sat, 18 Jun 2022 06:20:12 -0400
Message-ID: <CAPt1N1mt=ykhOcb8bXBw4antBBdprhVMNa2iHMBJ3GsR-VX5tg@mail.gmail.com>
Subject: Re: WG Last Call for for draft-ietf-6man-rfc6874bis
To: David Farmer <farmer@umn.edu>
Cc: 6man <ipv6@ietf.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000ffdea705e1b63771"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/awHNhYeqB6RDc2qU8-BCDsAj6-o>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jun 2022 10:20:26 -0000

It sounds like you’re reinventing dns-sd + mDNS. I think the usual use case
for IPv6 address literals is that you cut and paste them from the terminal.
I don’t think we need to mandate LLAs printed on the box.

On Fri, Jun 17, 2022 at 23:51 David Farmer <farmer@umn.edu> wrote:

>
>
> On Thu, Jun 16, 2022 at 9:55 PM Brian E Carpenter <
> brian.e.carpenter@gmail.com> wrote:
>
>> On 17-Jun-22 01:36, Ted Lemon wrote:
>> >
>> > In the security considerations section, I think if the syntax were only
>> allowed in the case of input into the browser's dialog box, then most of
>> the possible attacks would go away. If there is no anticipated use case
>> other than manual input (perhaps a scripted input would also count) then
>> unless the script would be allowed to open the URI but not otherwise probe
>> IPv6 address literals, it's hard to see what additional vulnerability this
>> would create.
>>
>> I still have to review Phillip Tiesel's comment carefully, but if there
>> is a real exploit, I'm pretty sure it would have to be Javascript, trying
>> to find other devices on the LAN. I'm not sure why that would be more
>> interesting than trying to find other devices with routeable IPv6 addresses
>> in the same prefix, which is feasible today (and the reason why we
>> recommend pseudo-random interface IDs). And at least on a Windows target,
>> you don't need a Zone ID, so you could do it today. But the search space is
>> still 2^64 in all cases. That's our primary defence against such attacks.
>>
>> I can, however, see use cases where embedding such a URL in a web page
>> would actually be useful to a service technician, so I'm fairly sure that
>> saying "don't do this" won't work.
>
>
> This got me thinking a bit;
>
> Maybe a short discussion, probably in an appendix, of LLA
> assignment strategies that are operationally useful for devices that
> intended support or require the use of manually entered Link-Local IPv6
> literals would be helpful and warranted.
>
> If you are going to manually enter a Link-Local IPv6 Literal into a
> browser the LLA, it would be very helpful for the LLA to either be known or
> discoverable by non-technical means, like being printed on the device's
> label or made available through a device's user interface, for example,
> printed on a printers test page, displayed on a video screen the device is
> attached to, etc...
>
> A naive device manufacturer, especially for a device with no user
> interface, could be tempted to use an LLA like fe80::1, which would be
> similar to the common IPv4 addresses used to bootstrap devices like
> 192.168.1.1 or 10.0.0.1. However, this is obviously a bad idea, because of
> the high probability of address collision and the trivially easy
> susceptibility to the types of attacks being discussed in this thread, but
> I think this is worth pointing out just how bad of an idea it is.
>
> Nevertheless, temporary or otherwise changing LLAs, perhaps generated on a
> per attachment basis, create a different problem, for devices that have no
> user interface, requiring a technical means to discover the LLA, in order
> to manually enter it. While for highly technical users, this would not be a
> problem. However, if this is intended to be useful to more general users,
> then requiring a technical means to discover the LLA would greatly limit
> the useability of Link-Local IPv6 Literals. While this could be a desirable
> feature, however, in that case, I suspect this entire endeavor is doomed to
> failure, as in order to get browsers to implement this feature it probably
> needs to be of some level of general usability for them to bother to
> implement the feature.
>
> So, from a usability perspective, and even though not recommended in most
> cases, a EUI-64 based LLA could be a good choice for devices with no user
> interface, as many, if not most, devices already have their MAC addresses
> printed on their label for a whole host of other reasons, making the LLA
> easily discovered by non-technical means. However, if a EUI-64 based LLA is
> provided, it probably should be limited to LLA HTTP(S) access and not for
> sourcing more automated Link-Local tasks, such as Neighbor Discovery
> [RFC4861].
>
> That being said, EUI-64 based LLAs are still a bad idea for
> general-purpose devices or any device with even a minimal user interface
> capability, especially mobile devices.
>
> Another option could be a pseudo-random LLA generated at device
> manufacture, and also printed on the label, in addition to the MAC address.
>
> Finally, while most of the above are fairly obvious to members of the 6MAN
> and v6OPS working groups. However, they are probably not obvious to most
> IoT device implementers. Furthermore, helping IoT device implementers make
> good LLA assignment choices should help strengthen the case for browsers to
> support this feature.
>
> Thanks
>
> --
> ===============================================
> David Farmer               Email:farmer@umn.edu
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE
> <https://www.google.com/maps/search/2218+University+Ave+SE?entry=gmail&source=g>
>       Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
>

v2.23.0 | Report a Bug | By Email