IETF Logo Mail Archive

Comments on <draft-gont-6man-stable-privacy-addresses-01>

Bob Hinden <bob.hinden@gmail.com> Tue, 17 April 2012 23:58 UTC

Return-Path: <bob.hinden@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16C9411E80C5 for <ipv6@ietfa.amsl.com>; Tue, 17 Apr 2012 16:58:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.549
X-Spam-Level:
X-Spam-Status: No, score=-103.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5RcO44aFmOiw for <ipv6@ietfa.amsl.com>; Tue, 17 Apr 2012 16:58:38 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 64F6E11E8086 for <ipv6@ietf.org>; Tue, 17 Apr 2012 16:58:38 -0700 (PDT)
Received: by obbwd20 with SMTP id wd20so5041278obb.31 for <ipv6@ietf.org>; Tue, 17 Apr 2012 16:58:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :cc:to:mime-version:x-mailer; bh=7Oq3OqaZEcGoqtVtEbIBcG21V20XRg7wM0VjIk5+txc=; b=g+rmUT051Tc14nL5z/ILyrQ9QMphgG/PTrL0OaH50buykRJ7JXy48KZ5BMNAjZb/TX arjE3Kum0/Ty2WmkOLjyrqo87IslJtIgCMvsDadUtJFqjCD93+Nc5DHzx4kAEYeY1xrY G2CeAjObk4k8qhL5IQEfcdZkLYCHWYdoYRQOFR6tbMMM/+XdWSlnJjoijnRDPLnWnDyH qqZXbeLUAe1aUIPcQurh0etc7sfupxamCNpYlFygoKrJJDIi8u7aNOfNbgtt1DZgyvtz FEIt7pjeMhLumWjrxrPGqGPY62TTfcY6o5ledaz4wud5KHke51He84zWVXI+wgF4ckY0 YtnQ==
Received: by 10.60.1.7 with SMTP id 7mr116233oei.71.1334707118060; Tue, 17 Apr 2012 16:58:38 -0700 (PDT)
Received: from [172.16.224.217] ([209.97.127.34]) by mx.google.com with ESMTPS id i6sm24919423obv.5.2012.04.17.16.58.37 (version=SSLv3 cipher=OTHER); Tue, 17 Apr 2012 16:58:37 -0700 (PDT)
From: Bob Hinden <bob.hinden@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Comments on <draft-gont-6man-stable-privacy-addresses-01>
Date: Tue, 17 Apr 2012 16:58:36 -0700
Message-Id: <295BAD95-B636-4611-B735-4FA13AB0FAB9@gmail.com>
To: Fernando Gont <fgont@si6networks.com>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Cc: IPv6 WG Mailing List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2012 23:58:39 -0000

Fernando,

This is my personal views from reading the draft.

Generally I support the idea in this draft that another type of privacy addresses would be useful to add to IPv6.  For example, to not expose the vendor IDs in IEEE MAC addresses.  I have some comments on the internet draft.

Bob

------

Introduction

In the Introduction the draft mentions that the IEEE MAC based interface identifiers don't eliminate the threat from host scanning.  To justify this the document references two documents [Gont-DEEPSEC2011] [CPNI-IPv6].  The first is a presentation you prepared and the second is also written by you but not publicly available (the reference says "available on request").  I was able to find the presentation online.  It makes an argument that host scanning is possible because (in my words) that there is structure in how Internet IDs are formed.  It lists different type of IIDs found and reported in a paper by Malone.  This paper is primarily about the observed types of address in an operational test.  It includes stats on the percentage of IPv6 address types observed in live traffic (e.g., 50% SLACC based, 20% IPv4 based, etc.).   

The problem I see is that this doesn't justify the claim that there is a problem with host scanning with MAC based interface identifiers.  It would be helpful if you could provide some data or analysis that justifies this to quantify the risk.  In my reading the references don't do that.  

-------

2. Design Goals

Could these types of Interface Identifiers also be generated by DHCPv6 servers.  I would think that it would be useful to generate these hard to predict IIDs when a DHCPv6 server is providing addresses.  This would be much better than assigning them linearly that are easy to predict and scan for.  

That is, the same approach could be used to create IIDs for SLAAC and DHCPv6.  

---------

5. Security Considerations

In the second paragraph the document says 

  "We note that this algorithm is meant to replace Modified EUI-64 format identifiers".  

This is the first time the document says this.  If it intends to do this, it should be in the main part of the document and not first appear in the security considerations.  The document makes a clear argument why it is preferable to MAC based IIDs, but it doesn't justify replacing Modified EUI-64 identifiers.  It's a would be a major change to the IPv6 Address Architecture that I don't think is warranted.

The algorithm in Section 3. even clears the U/L bit to be compatible with the Modified EUI-64 IIDs.   I think document may be confusing IEEE MAC based Modified EUI-64 Interface IDs with the format defined in the IPv6 Address Architecture that can accommodate different types of tokens (MAC based, random number based, manual assignment, etc.) to create IIDs.

Please clarify?

-------

Sections 7.

I don't understand the purpose of this section.  It comes after the Acknowledgement section and before References.  It reads like open issues and says it might be removed.  Is it meant as an appendix?  Perhaps rewriting it to show how addresses based on these IIDs prevent these problems.


----

References:

   [CPNI-IPv6]
              Gont, F., "Security Assessment of the Internet Protocol
              version 6 (IPv6)",  UK Centre for the Protection of
              National Infrastructure, (available on request).

I am not sure this will be acceptable by the RFC-Editor.   There isn't enough information to know who to ask to to get a copy.  It would be better if it was available online.

v2.23.0 | Report a Bug | By Email