IETF Logo Mail Archive

Re: Flow label drafts updated

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 05 May 2011 06:03 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A80DE0693 for <ipv6@ietfa.amsl.com>; Wed, 4 May 2011 23:03:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.753
X-Spam-Level:
X-Spam-Status: No, score=-102.753 tagged_above=-999 required=5 tests=[AWL=-0.373, BAYES_00=-2.599, DATE_IN_PAST_24_48=1.219, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xMk2+GncfG4z for <ipv6@ietfa.amsl.com>; Wed, 4 May 2011 23:03:12 -0700 (PDT)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id A7B6EE0692 for <ipv6@ietf.org>; Wed, 4 May 2011 23:03:11 -0700 (PDT)
Received: by bwz13 with SMTP id 13so1788918bwz.31 for <ipv6@ietf.org>; Wed, 04 May 2011 23:03:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:organization:user-agent :mime-version:to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=mmHS9tiUcjfV/DVr4BhtKh2IrxIqCZnC9C/k0cdl164=; b=dXaAuj3LYaxGevmf2u+aT3cGS49K5z8i5MD+wIH9pm9TsGJCIluselYeuP+CpNZS0k eBn4Sdu6+a//UAitX+kKq2VjboUHp0aPrsHdAeKw9OtDEaVKouW4byrd8jiY7xOlfNEm HjHtsuOLutLFQmPZoIgz2okV0kAhheN5Zhxgw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=JVrXRay6sySbfzCe4/g2d5cNBkbu2woszCAMd16oLJFxH7BHWgj++t3SYKiNDITFJF GgaxA8VjRSNZly/go93JCTYt85Q72lqra45c67CliKsU4OkxUrkL9vmzMbb0sDqk2tP6 bSmsezXKPAEuaL5UFN0rmCEiGQTrVZL6JdjeE=
Received: by 10.204.230.194 with SMTP id jn2mr1845504bkb.133.1304574965651; Wed, 04 May 2011 22:56:05 -0700 (PDT)
Received: from [10.1.1.5] ([121.98.251.219]) by mx.google.com with ESMTPS id c11sm1150375bkc.2.2011.05.04.22.56.02 (version=SSLv3 cipher=OTHER); Wed, 04 May 2011 22:56:04 -0700 (PDT)
Message-ID: <4DC07A80.2030200@gmail.com>
Date: Wed, 04 May 2011 09:58:24 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: RJ Atkinson <rja.lists@gmail.com>
Subject: Re: Flow label drafts updated
References: <D98CE1E0-4F21-4D7D-BB6C-AC2F89FE96B8@gmail.com>
In-Reply-To: <D98CE1E0-4F21-4D7D-BB6C-AC2F89FE96B8@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2011 06:03:12 -0000

Ran,

> I am troubled by the apparent decision to ignore legitimate
> operational security considerations (e.g. about covert channels) 

We should certainly mention the covert channels issue in the
security considerations of 3697bis.

> and also the apparent decision to write these documents 
> in a manner intended to legislate reasonable security measures 
> (if applicable only in selected deployments) out of existence.

I don't understand this comment. The flow label has always been
defined as immutable; the consensus in the WG is to keep that
property. So a firewall that overwrites it is unambiguously
breaking the standard.

Regards
   Brian

On 2011-05-03 21:47, RJ Atkinson wrote:
> Hi,
> 
> My thanks to all of the editors for their joint work to sort out
> these drafts and to progress them together.  It is substantial
> work to undertake.  The drafts generally seem fine and are
> eminently readable.
> 
> However, the "Security Considerations" for both 
> draft-ietf-6man-flow-ecmp-02 and draft-ietf-6man-flow-3697bis 
> seem not to mention the issue where the IPv6 Flow Label field
> is a relatively high-bandwidth covert channel.  This means the
> Security Considerations for those 2 I-Ds are incomplete.
> 
> I'm pleased that the covert channel issue is discussed on page 4 
> of draft-ietf-6man-flow-update-05.  This covert channel issue is 
> one reason why a number of deployed IPv6-capable firewalls (and 
> other similar security appliances) clear the IPv6 Flow Label 
> (e.g. in financial/trading environments where M&A information 
> has very high monetary value).  
> 
> I request that this operational security concern, which is entirely 
> legitimate albeit not applicable to all operational environments, 
> at least be mentioned at the top of page 11 of draft-ietf-6man-flow-3697bis 
> (i.e. where the fact that Flow Labels will continue to be zeroed 
> in some deployments is noted).  At present, the words there seem 
> to imply that the zeroing behaviour is illogical, silly, and/or wrong 
> -- when in fact it is logical, sensible, and quite correct in certain 
> deployments.  I would be MUCH happier if the wording were changed
> to allow an "operational security" exception to the general 
> principle of not modifying non-zero IPv6 Flow Labels during transit.
> For example, the wording could say that network devices ought
> not modify non-zero IPv6 Flow Labels *by default*, leaving it
> open for users with particular security concerns to configure
> a non-default configuration (i.e. zeroing the Flow Label).
> 
> I request that at least a brief mention of the covert channel
> issue be made in the Security Considerations sections of both 
> draft-ietf-6man-flow-ecmp and draft-ietf-6man-flow-3697bis.
> If desired, such mentions could refer to the Gont draft or 
> to the -3697bis draft for more detailed discussion of that
> issue.
> 
> I am troubled by the apparent decision to ignore legitimate
> operational security considerations (e.g. about covert channels) 
> and also the apparent decision to write these documents 
> in a manner intended to legislate reasonable security measures 
> (if applicable only in selected deployments) out of existence.
> This seems to be a case of the IETF levying deployment
> constraints upon users/operators, which is something that the
> IETF generally tries to avoid.
> 
> Yours,
> 
> Ran Atkinson
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email