Re: Improving ND security
Ted Lemon <mellon@fugue.com> Fri, 31 July 2020 17:40 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 818333A08E6 for <ipv6@ietfa.amsl.com>; Fri, 31 Jul 2020 10:40:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8GE5jcVZo9OY for <ipv6@ietfa.amsl.com>; Fri, 31 Jul 2020 10:40:46 -0700 (PDT)
Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D43523A094E for <ipv6@ietf.org>; Fri, 31 Jul 2020 10:40:45 -0700 (PDT)
Received: by mail-qt1-x82f.google.com with SMTP id h21so17156249qtp.11 for <ipv6@ietf.org>; Fri, 31 Jul 2020 10:40:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=YtwQ5dx3S1BB8hOkvC6e+3D0wguaHTW4Zph+6fBMuZg=; b=hxbadQ/L6ditv9NrQxxbmlrtUV1mFUB2UsH1CK/55Q0Dfkidc6+a+ybsiGKJy7RC8L rgB+ZB8HHxrERd7E7pE+ackgXLNBv/dfPeS0WY8BRB96vOTzC0sM7eRm3LMnhAL9FYnL XaQraCTOafysamNIPS0Pf95FN+5BbTvdsztQv0K41Zb4jOuN5cebqsFoP9f79viDnVwt boP0rEKv+fm9Hk3sdl2sKEUpwRMx0qz3zaVHWoQMhuslTYLPel0Gs75sZqy8GyBudoay bES01b2uHuI684Kg9/ESzLO0SxJ80mASEL5mwoDsjs/3+FMqobZ92JdFCIQf1PnHbz6c MhYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=YtwQ5dx3S1BB8hOkvC6e+3D0wguaHTW4Zph+6fBMuZg=; b=qzPAgwnvTG1dYEE8qnDBMOeBYFOzUH4rpr3EjZlPr0RVvMJNhG8KLrbF/YBEDsVuDs DFD0TJajIIdmU4DQn8hkft7VqIYh212wAsi7I+ya1T4KBQYdjxUAe1aPOnzKEV/vrVCE gfQHKJjdb3svbUkkw/fg4bma/mAiGkI9P1YQGnZlk3CiKyxhv8ryREQyhp58eLzSs/9b hw8i9XNdzKvPBV4/6D14V2GbfCSa8XXXL5g36MDrnIuVq3Oy6woTSMTscfKWY2/XGqCi C67dNAMT080j/WXJHv2Ez+47H5H9HBUVCBQF+FDGwOpnmZ3fuKvTMmnDpIdeQbzvC0gb A5bw==
X-Gm-Message-State: AOAM532HLRNpjvMm9d1dPznpxM2FHDtOg5MZnZokIVxR0vlq/pDxxxaq odSbETa1ZTQfwyk9nztruAtLlw==
X-Google-Smtp-Source: ABdhPJy1Ptz7qCBPwdUaQEPHUOA0NK0EQqPS9xse9AmjozXL/4UkfRz4eUh5aWJ6zNM48jHxCn2GYA==
X-Received: by 2002:ac8:1486:: with SMTP id l6mr4853530qtj.195.1596217244784; Fri, 31 Jul 2020 10:40:44 -0700 (PDT)
Received: from ?IPv6:2601:18b:300:36ee:1d5e:d83c:760:89f9? ([2601:18b:300:36ee:1d5e:d83c:760:89f9]) by smtp.gmail.com with ESMTPSA id o17sm9092097qtr.13.2020.07.31.10.40.44 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 31 Jul 2020 10:40:44 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <860E06E2-2650-4AAE-AD33-D4D12B0290DC@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7951215C-D4FF-4301-B74D-C9BA0BA9FFB9"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Subject: Re: Improving ND security
Date: Fri, 31 Jul 2020 13:40:42 -0400
In-Reply-To: <d5c245f216c3409f826f8132e532a882@boeing.com>
Cc: "Pascal Thubert (pthubert)" <pthubert=40cisco.com@dmarc.ietf.org>, v6ops list <v6ops@ietf.org>, 6man <ipv6@ietf.org>
To: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
References: <d5c245f216c3409f826f8132e532a882@boeing.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ddbmt-cbQSSAEN3ENpsm7N7xphk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 17:40:52 -0000
On Jul 31, 2020, at 1:35 PM, Templin (US), Fred L <Fred.L.Templin@boeing.com> wrote: > I think as long as the network has a way of associating the key pair with another piece > of information that accompanies the IPv6 ND message then the network would be able > to know when the mobile node is using its (single) authorized key. So, for example, if > the IPv6 ND message included an identity for the MN (sort of like a DHCPv6 DUID), the > network would know when the MN is using the correct key pair – right? (BTW, I am > not saying to use DHCPv6 DUID – that is just one example of a MN identity…) By “NM” I think you mean “Mobile Node?” That’s not really one of the use cases we’re talking about here. Or am I missing something? In any case, you’re presuming some kind of trust establishment for non-router nodes, right? SEND only talks about trust establishment for routers. And, let’s be frank, doesn’t actually give us enough operational guidance that we would expect what _is_ said to be generally practicable.
- I-D Action: draft-ietf-6man-grand-01 - additional… Vasilenko Eduard
- Re: I-D Action: draft-ietf-6man-grand-01 - additi… Jen Linkova
- RE: I-D Action: draft-ietf-6man-grand-01 - additi… Vasilenko Eduard
- Re: I-D Action: draft-ietf-6man-grand-01 - additi… Jen Linkova
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Nick Hilliard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Nick Hilliard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Mark Smith
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … joel jaeggli
- RE: I-D Action: draft-ietf-6man-grand-01 - additi… Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Mark Smith
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Pascal Thubert (pthubert)
- RE: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Ted Lemon
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Owen DeLong
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Ted Lemon
- RE: [EXTERNAL] Re: [v6ops] I-D Action: draft-ietf… Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Bob Hinden
- Improving ND security Ted Lemon
- RE: [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [EXTERNAL] Improving ND security Ted Lemon
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Tony Finch
- draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: Improving ND security Ted Lemon
- RE: [EXTERNAL] Improving ND security Templin (US), Fred L
- RE: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [EXTERNAL] Improving ND security Ted Lemon
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Ted Lemon
- RE: Improving ND security Templin (US), Fred L
- RE: [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Improving ND security Bjoern A. Zeeb
- RE: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- RE: [v6ops] Improving ND security Templin (US), Fred L
- RE: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Improving ND security Fernando Gont
- RE: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Owen DeLong
- Re: [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- RE: [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- RE: [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- RE: [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- RE: [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Philip Homburg
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Fernando Gont
- RE: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Christian Huitema
- RE: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- RE: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- RE: [v6ops] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Fernando Gont
- RE: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Michael Richardson
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Michael Richardson
- Re: [EXTERNAL] Re: [v6ops] I-D Action: draft-ietf… Michael Richardson
- Re: [EXTERNAL] Improving ND security Michael Richardson
- RE: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- RE: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Pascal Thubert (pthubert)
- RE: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Mark Smith
- RE: [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- RE: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- RE: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- RE: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- RE: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- RE: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- RE: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- RE: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- RE: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- RE: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Mark Smith
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Bob Hinden
- distributed vs centralized approaches to ND secur… Michael Richardson
- Re: distributed vs centralized approaches to ND s… Nick Hilliard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Mark Smith
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Bob Hinden
- RE: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- RE: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Nick Hilliard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Bob Hinden
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Michael Richardson
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- RE: [EXTERNAL] Re: [v6ops] draft-ietf-6man-grand … Templin (US), Fred L
- Re: [EXTERNAL] [v6ops] draft-ietf-6man-grand : sa… Ted Lemon
- RE: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- RE: [EXTERNAL] Re: [v6ops] draft-ietf-6man-grand … Templin (US), Fred L
- Re: [EXTERNAL] [v6ops] draft-ietf-6man-grand : sa… Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Warren Kumari
- RE: [EXTERNAL] [v6ops] draft-ietf-6man-grand : sa… Templin (US), Fred L
- RE: [EXTERNAL] [v6ops] draft-ietf-6man-grand : sa… Manfredi (US), Albert E
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Fred Baker
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- RE: [EXTERNAL] [v6ops] draft-ietf-6man-grand : sa… Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- RE: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- RE: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Lorenzo Colitti
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Gyan Mishra
- RE: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- RE: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- RE: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)