IETF Logo Mail Archive

Re: Flow label drafts updated

RJ Atkinson <rja.lists@gmail.com> Tue, 03 May 2011 09:47 UTC

Return-Path: <rja.lists@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB4BFE07B1 for <ipv6@ietfa.amsl.com>; Tue, 3 May 2011 02:47:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Znw+o3YcSVMh for <ipv6@ietfa.amsl.com>; Tue, 3 May 2011 02:47:27 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9189DE079D for <ipv6@ietf.org>; Tue, 3 May 2011 02:47:27 -0700 (PDT)
Received: by wwa36 with SMTP id 36so4864673wwa.13 for <ipv6@ietf.org>; Tue, 03 May 2011 02:47:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:from:content-type:content-transfer-encoding :subject:date:message-id:to:mime-version:x-mailer; bh=ePYUFtJdpGnrGx4Q5XWVETvyBtfg9mq4nc5Fc76IHss=; b=pIx8+P/RLsE9aBLu5J9cfEmJSyBKIqw6XxbvBwyIGw4cn5VjsW2kAmMDyuMGfLD09w +787ZjNMp9x65Kwfghp94ERe+bD/eUQaUo+8j6Yi/AzauC3BOeMkFeV4+ocmBw3CUiht aYPhZDs2Ad5btbgA2MNIQpoE8EUpW5Yjj0JiE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; b=fdz21/VWznYsB4pgree1+7MBilyoR4k6sUen3MrJUWKndGwIc08rxPVZ6urtSerDoz pBNIbZ1tu+8NuBMmbPjcUcv2BOrVS3j7qYWs8WOu6fnfXfCJj6gYtoICyG34LfoLauDl R9SIr844wohpHvVtr0bRV4LS1VL2Wk2+Cl/cM=
Received: by 10.227.197.201 with SMTP id el9mr4958725wbb.22.1304416045738; Tue, 03 May 2011 02:47:25 -0700 (PDT)
Received: from dragonfly.cs.ucl.ac.uk (dragonfly.cs.ucl.ac.uk [128.16.64.246]) by mx.google.com with ESMTPS id ca12sm111779wbb.2.2011.05.03.02.47.24 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 03 May 2011 02:47:25 -0700 (PDT)
From: RJ Atkinson <rja.lists@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: Flow label drafts updated
Date: Tue, 03 May 2011 05:47:23 -0400
Message-Id: <D98CE1E0-4F21-4D7D-BB6C-AC2F89FE96B8@gmail.com>
To: ipv6@ietf.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2011 09:47:28 -0000

Hi,

My thanks to all of the editors for their joint work to sort out
these drafts and to progress them together.  It is substantial
work to undertake.  The drafts generally seem fine and are
eminently readable.

However, the "Security Considerations" for both 
draft-ietf-6man-flow-ecmp-02 and draft-ietf-6man-flow-3697bis 
seem not to mention the issue where the IPv6 Flow Label field
is a relatively high-bandwidth covert channel.  This means the
Security Considerations for those 2 I-Ds are incomplete.

I'm pleased that the covert channel issue is discussed on page 4 
of draft-ietf-6man-flow-update-05.  This covert channel issue is 
one reason why a number of deployed IPv6-capable firewalls (and 
other similar security appliances) clear the IPv6 Flow Label 
(e.g. in financial/trading environments where M&A information 
has very high monetary value).  

I request that this operational security concern, which is entirely 
legitimate albeit not applicable to all operational environments, 
at least be mentioned at the top of page 11 of draft-ietf-6man-flow-3697bis 
(i.e. where the fact that Flow Labels will continue to be zeroed 
in some deployments is noted).  At present, the words there seem 
to imply that the zeroing behaviour is illogical, silly, and/or wrong 
-- when in fact it is logical, sensible, and quite correct in certain 
deployments.  I would be MUCH happier if the wording were changed
to allow an "operational security" exception to the general 
principle of not modifying non-zero IPv6 Flow Labels during transit.
For example, the wording could say that network devices ought
not modify non-zero IPv6 Flow Labels *by default*, leaving it
open for users with particular security concerns to configure
a non-default configuration (i.e. zeroing the Flow Label).

I request that at least a brief mention of the covert channel
issue be made in the Security Considerations sections of both 
draft-ietf-6man-flow-ecmp and draft-ietf-6man-flow-3697bis.
If desired, such mentions could refer to the Gont draft or 
to the -3697bis draft for more detailed discussion of that
issue.

I am troubled by the apparent decision to ignore legitimate
operational security considerations (e.g. about covert channels) 
and also the apparent decision to write these documents 
in a manner intended to legislate reasonable security measures 
(if applicable only in selected deployments) out of existence.
This seems to be a case of the IETF levying deployment
constraints upon users/operators, which is something that the
IETF generally tries to avoid.

Yours,

Ran Atkinson

v2.23.0 | Report a Bug | By Email