Re: 6MAN Agenda for IETF86
Nalini Elkins <nalini.elkins@insidethestack.com> Tue, 05 March 2013 15:24 UTC
Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8014C21F88EF for <ipv6@ietfa.amsl.com>; Tue, 5 Mar 2013 07:24:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.244
X-Spam-Level:
X-Spam-Status: No, score=-1.244 tagged_above=-999 required=5 tests=[AWL=-0.445, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, J_CHICKENPOX_21=0.6, J_CHICKENPOX_34=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IIGJISJvbKM4 for <ipv6@ietfa.amsl.com>; Tue, 5 Mar 2013 07:24:54 -0800 (PST)
Received: from nm3.access.bullet.mail.sp2.yahoo.com (nm3.access.bullet.mail.sp2.yahoo.com [98.139.44.130]) by ietfa.amsl.com (Postfix) with ESMTP id 8A58821F88FC for <ipv6@ietf.org>; Tue, 5 Mar 2013 07:24:54 -0800 (PST)
Received: from [98.139.44.100] by nm3.access.bullet.mail.sp2.yahoo.com with NNFMP; 05 Mar 2013 15:24:49 -0000
Received: from [98.139.44.67] by tm5.access.bullet.mail.sp2.yahoo.com with NNFMP; 05 Mar 2013 15:24:49 -0000
Received: from [127.0.0.1] by omp1004.access.mail.sp2.yahoo.com with NNFMP; 05 Mar 2013 15:24:49 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 601829.87030.bm@omp1004.access.mail.sp2.yahoo.com
Received: (qmail 33179 invoked by uid 60001); 5 Mar 2013 15:24:49 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1362497089; bh=naYjCV224+lo4iU+uBt6d5+PbrlwGjwZWT/0iKcjZPs=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=fAT4JbQ+Q6+S1tFpua+Cez1uCHD2JjNjvrCvXj9E4Ixjy6g1n0IgzbuWJDUk+VHuq/NJiROIpB8IWKkUciiCZzco7yJiLvw2s0MADXfASEJfQzmbtdWK9AVxubiEtr7do/c66d1vJyowe7a1f0cEHqJFPQQWwZGYrItayssp/2M=
X-YMail-OSG: bQafzKMVM1kDq_QV8A4vO8FuQ_xD5N023a8Q8zmNDExJ1X1 Xu7_f5WVVwlBvlrdgJuAHDav47Fb.ILoWG85Eoh6w3mwTN7gU.kCtMBuyfPP 1VxYKlLlCpfhfQ46cwjH2v_shglW6u4RpotZZg8hgFmR8pCwXfkFiSfEW4Lp XDLc3FdZdkWwIyI2md8b4M_cfSvv8D9bxJvTQfhrHoeLaGt2WKBDktBbaPnF 1tFakMMeFxwA6LihwET0dlY2dPT41pJrKw.rkf7pZ9cLfOc6GqI_AV4YblhT oVed8aaj4hIvwFgeBT_SZw0V01mKM4cDXNd.a_08sd0lsvaogfOUL6qt2nun h0YJKMcOJCWh3v5a_29aUJdbjpkGGLBAdXogI6ZnffY.TImp17llCSXt5dB1 qtwoA0BWoL4TkoQTVCsh2u2Ba6lzryKv2l42OUHZuG1lZaoC0ok7DejlpHPg QhalDqTekx0pbOnCzkYXk.1zzVHnfnw9ARq_EQbc61P5agCokHbCI4NOdokJ A3Kou5UK6VCrthHyim7KaDxEMMm37sdnjV1Iy5kgMdOyliA91vw8CDPFoANd kB9VBiS9qfMIjDm_7a8lHFbjldljtpSou7qXbbIzeLjenwYbTjQaoH.SK7d5 _NqFoaRjQ8tIfhBhqvUJh6QAtMvFVMPtS4A2GpurRI9jw1QblKrDksb1Vkfm dPMDnammlqN2b4F.ZR2ZMr..qDz_VrB7t2wd6cQaNy5tf
Received: from [24.130.37.147] by web2805.biz.mail.ne1.yahoo.com via HTTP; Tue, 05 Mar 2013 07:24:48 PST
X-Rocket-MIMEInfo: 001.001, R3V5cywKCkkgYW0gZ29pbmcgdG8gZ28gYmFjayBhbmQgcmV2aWV3ICJJUHY2IE5laWdoYm9yIERpc2NvdmVyeSAoTkQpIFRydXN0IE1vZGVscyBhbmQgVGhyZWF0czrCoFJGQyAzNzU2IgoKaHR0cDovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9yZmMzNzU2LwoKRm9yIGFsbCB3aG8gdGhpbmsgdGhhdCBORCBhbmQgUkEgaW4gcGFydGljdWxhciBkb2VzIG5vdCBoYXZlIHByb2JsZW1zLCBoZXJlIGlzIGEgVVR1YmUgdmlkZW8gb2YgYSBoYWNrZXIgYXQgd29yayB1c2luZyBSQS4KCmh0dHA6Ly93d3cueW91dHUBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.135.514
References: <7EE61AD6-2E54-4F17-BBFD-30BE77F7E782@gmail.com> <1362476231.3387.278.camel@karl> <1362490400.37136.YahooMailNeo@web2805.biz.mail.ne1.yahoo.com> <5135F5CA.1090207@gmail.com> <006801ce19a9$0ff8bcd0$2fea3670$@com> <51360424.5030504@gmail.com>
Message-ID: <1362497088.22505.YahooMailNeo@web2805.biz.mail.ne1.yahoo.com>
Date: Tue, 05 Mar 2013 07:24:48 -0800
From: Nalini Elkins <nalini.elkins@insidethestack.com>
Subject: Re: 6MAN Agenda for IETF86
To: Alexandru Petrescu <alexandru.petrescu@gmail.com>, Hosnieh Rafiee <ietf@rozanak.com>, Karl Auer <kauer@biplane.com.au>
In-Reply-To: <51360424.5030504@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Nalini Elkins <nalini.elkins@insidethestack.com>
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2013 15:24:55 -0000
Guys, I am going to go back and review "IPv6 Neighbor Discovery (ND) Trust Models and Threats: RFC 3756" http://datatracker.ietf.org/doc/rfc3756/ For all who think that ND and RA in particular does not have problems, here is a UTube video of a hacker at work using RA. http://www.youtube.com/watch?v=TfsfNWHCKK0 Next, there is an interesting web site: http://www.thc.org/thc-ipv6/ You can see the "interesting" tools available: dnssecwalk - performs NSEC walking including Iv6+IPv4 resolving firewall6 - various TCP/UDP ACL bypass test cases fake_pim6 - send fake hello and join/prune pim messages ndpexhaust26 - very performant ndp exhauster based on ICMP error toobig messages but can send many types of packets alive6: ranges are now supported in the input file too parasite6: enhancements to make it way more effective fake_router26: added overlap RA guard evasion type (-E o, -E O) dos-new-ip6: fix that only DAD replies are sent, not full NDP spoofing flood_router26: Added local LAN privacy extension prevention attack randicmp6: - added function which dumps icmp answers received - added funtionality to send a specific type (and also code) dnsdict6: added SRV result address resolving and others. I will review all drafts with the above in mind. Thanks, Nalini Elkins Inside Products, Inc. (831) 659-8360 www.insidethestack.com ________________________________ From: Alexandru Petrescu <alexandru.petrescu@gmail.com> To: Hosnieh Rafiee <ietf@rozanak.com> Cc: ipv6@ietf.org Sent: Tuesday, March 5, 2013 6:41 AM Subject: Re: 6MAN Agenda for IETF86 Hosnieh, I would have to read the draft and feed back about SSAS. Some of the drafts I mentioned (ND-PD) were presented to 6MAN meeting in Atlanta, and discussed on the email list. One of the drafts (draft-jhlee-mext-mnpp-00) is considered at ISO, but I dont know its status. Another draft which generates IID from VIN (Vehicular Identification Number) we discussed recently in the 6MAN email list is: draft-imadali-its-vinipv6-viid-00.txt We don't have a WG about vehicular communications but we have an email list ITS for Intelligent Transportation Systems (ietf.org/mailman/listinfo/its). We discuss a Charter proposal there. Alex Le 05/03/2013 14:55, Hosnieh Rafiee a écrit : > In the latest version of my draft RFC,SSAS, l have provided > information about using SSAS for mobile nodes and I have specified > the sections of the RFCs that can use this mechanism. So maybe this > can prove useful for vehicular communication too. Are the drafts > that you mentioned discussed in 6man? I have not seen any > discussions about them. Maybe I missed it. If it is in another WG, > would you please tell me which one? > > Thanks, Hosnieh > > > > -----Original Message----- From: ipv6-bounces@ietf.org > [mailto:ipv6-bounces@ietf.org] On Behalf Of Alexandru Petrescu Sent: > Dienstag, 5. März 2013 14:40 To: ipv6@ietf.org Subject: Re: 6MAN > Agenda for IETF86 > > ND security is an important topic. > > Let me explain why. > > We consider the use of ND over 802.11p links for vehicular > communications. These links dont have ESSID nor link-layer security. > (it is not clear whether it is legal to run IP straight over > 80211p, being "safety apps") but once it becomes clear the security > question comes up. > > (ND drafts for vehicular communications: > draft-petrescu-autoconf-ra-based-routing draft-kaiser-nd-pd-01 > draft-jhlee-mext-mnpp-00) > > The security of ND on these links needs to be fast and easy to set > up. > > Alex > > Le 05/03/2013 14:33, Nalini Elkins a écrit : >> Karl, >> >> I definitely agree that ND needs to be secured. Also agree that >> neither IPSec nor SEND are viable solutions. >> >> I do not know if I am missing something but I have not seen a >> comprehensive document with these problems detailed. I certainly >> don't have a solution but I have been trying to at least catalog >> such problems. If there is such a document, would appreciate >> anyone letting me know. >> >> If there isn't, if you would like, we can collaborate on such a >> document and create a draft for the IETF meeting in Berlin. Maybe >> v6Ops is a place to discuss this topic. Once many at IETF agree >> that indeed there is a problem, then we can discuss a potential >> solution. Thanks, >> >> Nalini Elkins Inside Products, Inc. (831) 659-8360 >> www.insidethestack.com >> >> ---------------------------------------------------------------------- >> >> >> -- >> >> > *From:* Karl Auer <kauer@biplane.com.au> >> *To:* ipv6@ietf.org *Sent:* Tuesday, March 5, 2013 1:37 AM >> *Subject:* Re: 6MAN Agenda for IETF86 >> >> On Mon, 2013-03-04 at 16:02 -0800, Bob Hinden wrote: >>> A Simple Secure Addressing Generation Scheme for IPv6 >>> AutoConfiguration draft-rafiee-6man-ssas-01.txt [...] >>> DHCPv6/SLAAC Address Configuration Interaction Problem Statement >>> draft-liu-bonica-dhcpv6-slaac-problem-01.txt >>> >>> We did not think there had been enough discussion or interest on >>> the w.g. list to guarantee a speaking slot. We allocated short >>> slots at the end of the session if there is time before the >>> meeting ends. If anyone (other than the authors) think one of >>> these should be given more time, please speak up. >> >> For what it's worth it seems to me that there is a gaping hole >> around securing ND. IPSec is obviously ridiculous, SEND is only >> marginally less ridiculous. Maybe SSAS is a way forward? Or maybe >> noone else thinks ND needs to be secured? Maybe the meeting could >> attempt to gauge whether this is actually a real problem. I think >> it is, and I urge others to speak up if they too think this should >> be pursued. >> >> If there is a priority to these things, then sorting out the >> perceived and actual discrepancies\ and ambiguities in the meaning >> of the RA M and O flags would seem pretty important. Otherwise >> they will end up cemented into even more implementations than they >> are now. The way Windows handles them is just plain broken, and if >> the RFCs support that way of handling them, then the RFCs are >> broken. At very least this topic needs some impetus. >> >> Regards, K. >> >> -- >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >> >> ~ >> >> > Karl Auer (kauer@biplane.com.au <mailto:kauer@biplane.com.au>) >> http://www.biplane.com.au/kauerhttp://www.biplane.com.au/blog >> >> GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A >> Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017 >> >> >> -------------------------------------------------------------------- >> >> >> IETF IPv6 working group mailing list ipv6@ietf.org >> <mailto:ipv6@ietf.org> Administrative Requests: >> https://www.ietf.org/mailman/listinfo/ipv6 >> -------------------------------------------------------------------- >> >> >> >> >> >> >> -------------------------------------------------------------------- >> IETF IPv6 working group mailing list ipv6@ietf.org Administrative >> Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> -------------------------------------------------------------------- >> > >> >> > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list ipv6@ietf.org Administrative > Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > > > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- Re: 6MAN Agenda for IETF86 Brian E Carpenter
- 6MAN Agenda for IETF86 Bob Hinden
- Re: 6MAN Agenda for IETF86 Brian E Carpenter
- RE: 6MAN Agenda for IETF86 Hosnieh Rafiee
- Re: 6MAN Agenda for IETF86 Karl Auer
- Re: 6MAN Agenda for IETF86 Ole Troan
- RE: 6MAN Agenda for IETF86 Hosnieh Rafiee
- RE: 6MAN Agenda for IETF86 Hosnieh Rafiee
- Re: 6MAN Agenda for IETF86 Nalini Elkins
- Re: 6MAN Agenda for IETF86 Alexandru Petrescu
- RE: 6MAN Agenda for IETF86 Hosnieh Rafiee
- RE: 6MAN Agenda for IETF86 Hosnieh Rafiee
- Re: 6MAN Agenda for IETF86 Nalini Elkins
- Re: 6MAN Agenda for IETF86 Alexandru Petrescu
- Re: 6MAN Agenda for IETF86 Nalini Elkins
- RE: 6MAN Agenda for IETF86 Hosnieh Rafiee
- Re: 6MAN Agenda for IETF86 Nalini Elkins
- Re: 6MAN Agenda for IETF86 Michael Richardson
- RE: 6MAN Agenda for IETF86 Hosnieh Rafiee
- Re: 6MAN Agenda for IETF86 Mark Smith
- Re: 6MAN Agenda for IETF86 Carsten Bormann
- RE: 6MAN Agenda for IETF86 Hosnieh Rafiee
- Re: 6MAN Agenda for IETF86 Bob Hinden
- Re: 6MAN Agenda for IETF86 Bob Hinden
- RE: 6MAN Agenda for IETF86 Samita Chakrabarti
- RE: 6MAN Agenda for IETF86 Hosnieh Rafiee
- Re: 6MAN Agenda for IETF86 Bob Hinden
- Re: 6MAN Agenda for IETF86 Michael Richardson
- RE: 6MAN Agenda for IETF86 Hosnieh Rafiee
- Re: 6MAN Agenda for IETF86 Fernando Gont
- Re: 6MAN Agenda for IETF86 Fernando Gont
- Re: 6MAN Agenda for IETF86 Doug Barton