Re: [v6ops] SLAAC security concerns
Gert Doering <gert@space.net> Tue, 04 August 2020 19:44 UTC
Return-Path: <gert@space.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86AE73A10C2 for <ipv6@ietfa.amsl.com>; Tue, 4 Aug 2020 12:44:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=space.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gUNp2CB9oXoQ for <ipv6@ietfa.amsl.com>; Tue, 4 Aug 2020 12:44:51 -0700 (PDT)
Received: from gatekeeper1-relay.space.net (gatekeeper1-relay.space.net [IPv6:2001:608:3:85::38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25D9D3A1093 for <ipv6@ietf.org>; Tue, 4 Aug 2020 12:44:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=space.net; i=@space.net; q=dns/txt; s=esa; t=1596570291; x=1628106291; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=f/S0ICrMMA42ZN9D63uMX2A+fUAURoOER3mIgumw79M=; b=H1AUKXZpK6MxllTLnu3y49TXwUbwN8t2hL7YJgQGi+ARXbz0weZqUJ/X UNOu67TB+2hAy7UESAwa7BvNiVMPqdMcOTYkCsq3TWmuA6fmGG+Qh/DMR O/f61KRDmiwkpi6d80XY2AhFFCzgSa4JaR0IVVObPuZBOZiDygxvgWAXE LQmyz8PcaGzEPmUeabY01jccEom88twNBdi1ezz9Tb8jyhbMqJKJADgXq HCkXpmBh3t+ffjjxQL02fzAflPGelEA23bUiR8CsE3fkt+4CkodJ4+Hhl Rf60WgbmYmLxUdsPQxwEF7MoGuNZAVVYFLweCSOyZL9sEnp1Ak6owjuMC A==;
IronPort-SDR: blkMqjSCIWp9CcCbx27mhbmrAMUo3pHz3HxrosN+iQGJCmuRP++AiXeuSS7v/5NcJYTPWkWMmD k8Qy27Kfqiv9XL0liNkBRzauCHOq2UA6Bh5bNIVnY/3bmvRDnCDHCB3bsiAdWprXHGXsWCaYYq kdLOjWFqe+mWWrMVTlqvEATk7zoPWurMwWIPdS4wbKL4xRyntNgGotcp8QvnfWuIVvX88fUks5 bii3NEs7GN6O8NfBSb5f+PTzgqlgHUYcpUzEiAB08X/ZNAbyTGYjvvRXcJVtHjVenhrk2Sw7kv KtA=
X-SpaceNet-SBRS: None
Received: from mobil.space.net ([195.30.115.67]) by gatekeeper1-relay.space.net with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Aug 2020 21:44:48 +0200
X-Original-To: ipv6@ietf.org
Received: from mobil.space.net (localhost [IPv6:::1]) by mobil.space.net (Postfix) with ESMTP id 99D4C41D20 for <ipv6@ietf.org>; Tue, 4 Aug 2020 21:44:48 +0200 (CEST)
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
Received: from moebius4.space.net (moebius4.space.net [IPv6:2001:608:2:2::251]) by mobil.space.net (Postfix) with ESMTP id 5551340B9D; Tue, 4 Aug 2020 21:44:48 +0200 (CEST)
Received: by moebius4.space.net (Postfix, from userid 1007) id 4EAA21C47A; Tue, 4 Aug 2020 21:44:48 +0200 (CEST)
Date: Tue, 04 Aug 2020 21:44:48 +0200
From: Gert Doering <gert@space.net>
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>, 6man <ipv6@ietf.org>, v6ops list <v6ops@ietf.org>
Subject: Re: [v6ops] SLAAC security concerns
Message-ID: <20200804194448.GA2485@Space.Net>
References: <f52c4463862f44b5ba2a9d41db86d231@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <f52c4463862f44b5ba2a9d41db86d231@huawei.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/t_tAncAEP8ayRfnLJyjr6VqYTbg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2020 19:44:54 -0000
Hi,
On Tue, Aug 04, 2020 at 06:00:39PM +0000, Vasilenko Eduard wrote:
> I believe that Multicast is so basic function of SLAAC that it does not make sense to delete it.
Have I heard "delete multicast" here?
Yes, please!
There is too many broken switch vendors out there that show again and
again that "implementing multicast is hard", breaking IPv6 ND in the
process.
The motivation for going to multicast "back in the dark ages" might have
been honorable, but in today's networks, it just adds needless complications.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
- SLAAC security concerns Vasilenko Eduard
- RE: SLAAC security concerns Templin (US), Fred L
- Re: [v6ops] SLAAC security concerns Gert Doering
- Re: [v6ops] SLAAC security concerns Ted Lemon
- Re: [v6ops] SLAAC security concerns Gert Doering
- Re: [v6ops] SLAAC security concerns Pascal Thubert (pthubert)
- Re: [v6ops] SLAAC security concerns Brian E Carpenter
- Re: [v6ops] SLAAC security concerns Mark Smith
- Re: [v6ops] SLAAC security concerns Pascal Thubert (pthubert)
- RE: SLAAC security concerns Vasilenko Eduard
- RE: [v6ops] SLAAC security concerns Vasilenko Eduard
- RE: [v6ops] SLAAC security concerns Vasilenko Eduard
- RE: [v6ops] SLAAC security concerns Vasilenko Eduard
- RE: SLAAC security concerns Templin (US), Fred L
- RE: SLAAC security concerns Vasilenko Eduard
- RE: SLAAC security concerns Templin (US), Fred L
- Re: [v6ops] SLAAC security concerns Gert Doering
- Re: [v6ops] SLAAC security concerns Gert Doering