RE: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns

[Vasilenko Eduard <vasilenko.eduard@huawei.com>]

Hi Michael,
It is strange that most dangerous attack (unsolicited NA - leading to leakage of information) was not mentioned in RFC 3756.

>We need a for nodes to reserve resources on the router.
Then router would be stateful (in respect of ND) - it is a very big architecture change. The industry has the big inertia - I do not believe that it is possible to return IPv6 address management to stateful model (except government intrusion - see below).
By the way, stateful DHCPv6 exist. Switch could easily snoop all messages and assist to IPv6 in security (like it is done for IPv4).
I propose do not push SLAAC in stateful direction - anyone who would like - could use DHCPv6 or 6lo (stateful on router too).
I propose to think how to save SLAAC - keeping it with distributed address management.

> Many of us would prefer that we avoid making it stateful, but in wifi networks, are already allocate crypto state, and we should just leverage that.
Our days big campuses are deployed without CAT5/6 cabling - everything is WiFi.
SLAAC for WiFi looks like not the best technology. State repository (AP) is mandatory anyway. But anyone could use 6lo - it is developed specifically for such environment (not effective multicast, frame loss).
IMHO: It does not make sense to reinvent the wheel. RFC 6775 and 8505 do have good stateful solution for WiFi.
SLAAC has been left with the small niche for the future - if it would have fixes for biggest security problems (personal data protection).

Looking to all these "data privacy protection legislation" world-wide (in many countries): SLAAC could be banned by some government at any movement.
Experts would easily point to alternative: (1) stateful DHCPv6 (natural IPv4 prolong); (2) 6lo (it is optimized for wireless).
Probably DHCPv6 would win, because it is easy to understand for IT&IP professionals.
If any government would push - switchover to DHCPv6 would be fast.
Then fixing SLAAC would be too late. It would be the time for deprecation RFC.

Eduard
-----Original Message-----
From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Michael Richardson
Sent: 4 августа 2020 г. 2:57
To: Templin (US), Fred L <Fred.L.Templin@boeing.com>
Cc: Pascal Thubert (pthubert) <pthubert=40cisco.com@dmarc.ietf.org>; v6ops list <v6ops@ietf.org>; 6man <ipv6@ietf.org>
Subject: Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns


Templin (US), Fred L <Fred.L.Templin@boeing.com> wrote:
    > I wish this group could open its eyes. ND as defined in the last
    > century is not suited for modern fabrics, virtual machines and
    > wireless. It is a pain for silicon-based forwarding. Time to upgrade is
    > overdue.

You are right!

We either need SEND (RFC3971), or some technology that addresses the same use case (RFC3756).
We need a for nodes to reserve resources on the router.

Many of us would prefer that we avoid making it stateful, but in wifi networks, are already allocate crypto state, and we should just leverage that. (ND is just wasted effort on encrypted wifi in my opinion)

    > There is nothing broken with IPv6 ND that needs changing; it just needs a new option.
    > We have seen how that is possible through publications like RFC8801.

Also RFC8505.
I think, it's really really time to stop pretending everything is big-blue coaxial ethernet.

    > BTW, IPv6 itself is a last-century technology but the architects had the wisdom to allow
    > for future extensions without needing to modify the core architecture.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -= IPv6 IoT consulting =-