IETF Logo Mail Archive

Re: Scripting attacks [was Next step for draft-ietf-6man-rfc6874bis]

Ted Lemon <mellon@fugue.com> Thu, 30 June 2022 00:03 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5725CC14CF00 for <ipv6@ietfa.amsl.com>; Wed, 29 Jun 2022 17:03:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pTq-hJ277biz for <ipv6@ietfa.amsl.com>; Wed, 29 Jun 2022 17:03:40 -0700 (PDT)
Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C068C14F6E7 for <ipv6@ietf.org>; Wed, 29 Jun 2022 17:03:39 -0700 (PDT)
Received: by mail-oi1-x22f.google.com with SMTP id w193so23845063oie.5 for <ipv6@ietf.org>; Wed, 29 Jun 2022 17:03:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9d9XblHnUpVjDaoOdyQJJ3WmniFClzliUexx+ouQjzU=; b=o8mrkjW6h3iULIu8mgefi8usM4kH3XvebWmdBjHTdD7dpg/pmF5MmKUnI1qjJLQPET 62xF2P5EknlI3/CCYeAZxgeR07YDZr8aNDCKGYiT8NO9Pj6N3mOa2ai0rv0uQbZFEqKh 0Lmcveu/1Opbaw8XRAsmBtoGK6dnZwQPPyVsuocgEGMfYjwqfwFUmrO1g7YyjiWPlnfg Dmya8d+f7TOc3up9F11jKoWjNmm9U5QSU7vOhVVfvO8ri9YeZp2Yo9rceCB/59o5twYf jwlbAPDRT5i53ivp6+iuHShAZbhzVLE25DDN2TXyWTj15qG+h7ip+4X9t7YErEn0vbGW wB9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9d9XblHnUpVjDaoOdyQJJ3WmniFClzliUexx+ouQjzU=; b=LaAePbvoAEvrdq1H3mIkMkdSTIsO96oHrcEh/Nc4p05J63wvEqw25jAjkcGAQQmcy2 oNNhQEBBHIyq9yNLYfYWbqFBekcYF2T4iwk0mcFo1+zF1LM90I2Ha8R7exUuz0MOLBNM JjmEpoa57qvQ5sL+lcmvMdzvp+O88477hE1Rvrp6D3wF7X2pIP9iq4go4NYguI/bh4bL S8TJd3Atf01NUR4vYq/IF9PmhJ7H5+ymp1nViSvvbwGntI7sUnl7O/i5Xn+c4J9ZYTON 1dORqNuB2fdQRt135LJxnN8/61d/lncEm7Bv/w+PoLlEgFTFTW9O5FjrUR+5RVF0O6Fw /ksQ==
X-Gm-Message-State: AJIora8K6HgPnTAgbgsSSvTMFjEUQhc7t3NzGaGb4UJCwAkX4asuIVhl aY6+aXv+CKN5Gm3nfWIUnPayK7SEJOoDt3S3qFgEaA==
X-Google-Smtp-Source: AGRyM1vi1zDkmzQ1zTVn+82a8cCpoANm4VnswPANocRCyq4DY6enLsjd5htwdJOmKoEWQoA/x1yLDGXoHD1JW+HDgFc=
X-Received: by 2002:a05:6808:1595:b0:335:6294:788a with SMTP id t21-20020a056808159500b003356294788amr3642519oiw.12.1656547418852; Wed, 29 Jun 2022 17:03:38 -0700 (PDT)
MIME-Version: 1.0
References: <164938402532.17740.11717866110301931501@ietfa.amsl.com> <b1780128-2069-b32e-7ca5-86977c119f0c@gmail.com> <11d4e419-11a9-8768-abf2-1335e5f1c3d8@gmail.com> <149924f9-da30-fa79-0509-c01c439d1796@gmail.com> <5BEFA97B-CF09-44D7-8C10-017FEAE4C3A8@tiesel.net> <e6ff75e7-b6c6-ea03-2e10-b1ad95d650f0@gmail.com> <98D15BD9-A631-4D09-AE9E-9D4C750714C9@tiesel.net> <95c82ad3-2138-ab2a-7ba5-57ad80472964@gmail.com> <E5C368C5-9DAE-4C61-ADDE-B881EA11EDA0@tiesel.net> <6968ca7b-dac3-b192-41ed-a193adab7eb4@gmail.com> <529B863C-BCC9-40C1-A5B8-B0598E7DF17C@tzi.org> <bf8c5c54-d548-a40a-0381-0583ef946f26@gmail.com>
In-Reply-To: <bf8c5c54-d548-a40a-0381-0583ef946f26@gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Wed, 29 Jun 2022 17:03:03 -0700
Message-ID: <CAPt1N1=4wbqrrzvwdr4FD7awa6pkyffhwRZC3zAWLs7uzY3BJQ@mail.gmail.com>
Subject: Re: Scripting attacks [was Next step for draft-ietf-6man-rfc6874bis]
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Carsten Bormann <cabo@tzi.org>, Stuart Cheshire <cheshire@apple.com>, Bob Hinden <bob.hinden@gmail.com>, 6man <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000074632b05e29f0075"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/xixaQhVrR_ROY9z06XTbUdxhEtk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2022 00:03:42 -0000

Of course, many browsers will, at this point, notify the user that "a tab
is consuming a lot of power".

On Wed, Jun 29, 2022 at 4:24 PM Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> On 30-Jun-22 11:09, Carsten Bormann wrote:
> > On 30. Jun 2022, at 01:02, Brian E Carpenter <
> brian.e.carpenter@gmail.com> wrote:
> >>
> >> Even a full search of the 24-bit low order bits of a Modified EUI
> >> identifier would take 2^24 x 3500 ms, or about 1.9 years.
> >
> > No way to parallelize the attack?
>
> I am not enough of an expert on Javascript and browsers to answer that.
> I suspect that the answer is yes, some degree of overlap between
> attempts is possible, in which case we might get it down to weeks
> or months rather than years.
>
>    Brian
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email