Iotdir telechat review of draft-ietf-6man-rfc4941bis-11

Dave Thaler via Datatracker <noreply@ietf.org> Tue, 20 October 2020 20:59 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: ipv6@ietf.org
Delivered-To: ipv6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 029583A1432; Tue, 20 Oct 2020 13:59:56 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Dave Thaler via Datatracker <noreply@ietf.org>
To: <iot-directorate@ietf.org>
Cc: ipv6@ietf.org, draft-ietf-6man-rfc4941bis.all@ietf.org, last-call@ietf.org
Subject: Iotdir telechat review of draft-ietf-6man-rfc4941bis-11
X-Test-IDTracker: no
X-IETF-IDTracker: 7.20.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <160322759593.31761.4896737564742954595@ietfa.amsl.com>
Reply-To: Dave Thaler <dthaler@microsoft.com>
Date: Tue, 20 Oct 2020 13:59:56 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/nvrD0BSPoDt4-2pDbF0V3lj-x7M>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2020 21:00:02 -0000

Reviewer: Dave Thaler
Review result: Ready with Issues

I reviewed the diffs between RFC 4941 and draft-ietf-6man-rfc4941bis-11
and have the following comments.

Section 1.2:
The change from RFC 4941 to add "on unencrypted packets" in
the paragraph starting "Note that an attacker, who is on path,
may be able to perform significant correlation" is incorrect.
That's because the 2nd bullet (about packet size and timing)
can still apply to encrypted packets.  Instead the "unencrypted"
clause only applies to the first bullet.  Either the change should
be reverted, or else it should be moved into the first bullet.
Similarly the text added to the end of 1.2 has the same problem.
Deployment of encryption will not prevent correlation based on
timing, and it will only prevent correlation based on packet size
if padding is used to make packets all the same size.  Simply
encrypting does not solve this.

Section 2:
Grammatically, the addition of "and" is unnecessary and arguably
poor grammar.  I would hope the RFC editor would revert it if you
didn't. Instead, Oxford comma fans will want to insert a comma
before "and makes comparisons".

Section 5:
The change from "MUST NOT" to "SHOULD NOT" is in point 7 of section
3.4 (Generating Temporary Addresses) is, I would argue, a significant
change that needs to be mentioned in section 5.

Also, significant text from RFC 4941 (sections 2.2 and 2.3) was removed
in the update and replaced with one sentence referencing RFCs 7721,
7707, and 7217.  That's fine but I wonder why it isn't mentioned
in section 5 (Significant Changes from RFC 4941).  Unlike what the
section title implies, the text of section 5 only contains the
subset of significant changes "that an implementer should be aware of".
I'd suggest also mentioning significant changes that other readers
may want to know, since implementers are not the only audience for
this doc (deployers, security analysts, application developers,
and even end users may benefit from reading this document).

Section 4:
With the change to use a separate IID per prefix, I believe the 2nd
paragraph should be augmented to point out that simply upgrading
an RFC 4941-compliant node to an implementation of this draft can
exacerbate the problem mentioned in this paragraph.

Also, "neighbour" should be "neighbor" twice in that paragraph,
for consistency with the other IPv6 RFCs.

Section 9:
RFC 4941 reused the same IID for multiple prefixes, with the rationale
explained in point 4 of section 3 of the RFCs.  With the change to use
a separate IID per prefix, additional security considerations are needed
since there is now a way to conduct new attacks that were not
present before.  Namely, by sending a large enough number of prefixes
one can force the host into multicast promiscuous mode and thereby
consume more host resources (e.g., drain battery).  For regular hosts
"large enough" might mean enough to generate 8 or 16 IIDs total
(link-local + stable + temporary total), but for some smaller devices
such as IoT devices, a much smaller number of prefixes (potentially
just one more) might be needed to result in such an effect.