IETF Logo Mail Archive

Giving up security & privacy when manually configuring addresses - rfc4291bis text (Re: draft-bourbaki-6man-classless-ipv6-00)

Mark Smith <markzzzsmith@gmail.com> Wed, 07 June 2017 01:23 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85571129557 for <ipv6@ietfa.amsl.com>; Tue, 6 Jun 2017 18:23:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.197
X-Spam-Level:
X-Spam-Status: No, score=-2.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gKCJ9o4OiM9J for <ipv6@ietfa.amsl.com>; Tue, 6 Jun 2017 18:23:31 -0700 (PDT)
Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B83A412953F for <ipv6@ietf.org>; Tue, 6 Jun 2017 18:23:31 -0700 (PDT)
Received: by mail-vk0-x233.google.com with SMTP id g66so29877907vki.1 for <ipv6@ietf.org>; Tue, 06 Jun 2017 18:23:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=H072A26gE2LcCJQ2S+geCJrzX2Ddmqr+UhpN4/nqOjw=; b=FkHTX489FQOiDT6xOqAUbclOkGIneOfor7HGoJY5n6xJ808jRBbJEIXLK23oRIy37F wpEQ+hHerjkrORAzGSBIK00rT9K/9qJpsYhFfbkbUN0RAjzJBqIJwShShcyyo/BWCVRr k8AuFmOGOjteAlTA/VJPLUj1V4w6U9tFNe9gNx0dYeLdctmYOiwsYd4aIwqS6iQz7PUM 7U1xaeXkQvBj6uDayKTBMfUy/QNGds7bGuguRjHwqlT7N/D9kP5kMbG3dcXE3COHcloK lehtU1vC3zasSnOBtQT5R4XfgEjM/tKjjHWigl3cRi1QH8EH7o1MgNB4R1PjKVFe7VPg FmUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=H072A26gE2LcCJQ2S+geCJrzX2Ddmqr+UhpN4/nqOjw=; b=cDG1qLd3Ob9Af17ZflkGssQDaRgQMixxE8DVoSOiLNFbup4NUmFJoLH5+RBYMDS+OX YVfZZj5m8L77/z1YsT50VcZy3U15EQpb4wN2MZ57ayvIcrow3tBYePs+u7ghlL7ndHdD Y9E5tb8jUDZDyP8e2VSFiy1kXNMMqyq+tH29okj+RQex3q9eCyKCAWDwZpFjhifvSlPO FZbViX7JD5DzlFJfLOMcLonj8t9/G1xtCBWZ4k/3dMiNudNmwFptXFjeJE36JRHbLkeB FnaFkYfrEt5zckpkFsRShKB3w4LpVmpwe5QpZ03AAcaSuI1f+LGbOXdmpxQWVlLSUdtw mmnQ==
X-Gm-Message-State: AODbwcCwTfSFj41pdZQ/wwRVhEZtYmsqcQIk4YQ7n96KNDHTQbJjA4My MwP6nz3WxYh9B+o0scEI0ClVPijGuA==
X-Received: by 10.31.132.74 with SMTP id g71mr15163712vkd.93.1496798610601; Tue, 06 Jun 2017 18:23:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.86.29 with HTTP; Tue, 6 Jun 2017 18:23:00 -0700 (PDT)
From: Mark Smith <markzzzsmith@gmail.com>
Date: Wed, 07 Jun 2017 11:23:00 +1000
Message-ID: <CAO42Z2ziUZnK+n2f9N_Xvb5TZBppApXgNSmDsRLxaT1_taLvFw@mail.gmail.com>
Subject: Giving up security & privacy when manually configuring addresses - rfc4291bis text (Re: draft-bourbaki-6man-classless-ipv6-00)
To: Job Snijders <job@instituut.net>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Ole Troan <otroan@employees.org>, Erik Kline <ek@google.com>, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/zkcqrKr0NyjvXF_d3gHJ6cLBYMo>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 01:23:33 -0000

On 7 June 2017 at 09:30, Job Snijders <job@instituut.net> wrote:
> On Tue, 6 Jun 2017 at 16:28, Brian E Carpenter <brian.e.carpenter@gmail.com>
> wrote:
>>

<snip>

>> >
>> > is this draft exactly:
>> >
>> >    IPv6 unicast routing is based on prefixes of any valid length up to
>> >    128 [BCP198].  Interface Identifiers should be 64 bit long except
>> >    when the addresses are manually configured, or by exceptions defined
>> >    in standards track documents.  For example, [RFC6164] standardises
>> >    127 bit prefixes on inter-router point-to-point links.  The rationale
>> >    for using 64 bit Interface Identifiers can be found in [RFC7421]
>> >
>> > ?
>>
>> Yes. Put those words in 4291bis and I will be very happy. Oh ;-).
>


"Interface Identifiers should be 64 bit long except when the addresses
are manually configured, or by exceptions defined in standards track
documents."

That doesn't mention that security and privacy properties of addresses
will be compromised if the manually configured addresses are from a
small prefix.

Security and privacy properties of addresses are independent of the
method used to configure them. Addresses configured via SLAAC, DHCPv6
or manual configuration from within a small prefix/address range all
lose privacy and security properties and value.


Job and others might say those privacy and security properties of
large addresses is only useful to hosts, not infrastructure such as
routers. I disagree.

Large addresses can be of value in infrastructure addressing too. If a
network operator wants to significantly mitigate if not prevent an
attack such as a BGP listener TCP SYN attack from the Internet, they
can hide the router's interface address somewhere inside a /64 so that
the attacker can't find it via unsolicited inbound probing. If the
attacker decides to persist, they'll have to resort to other methods
to discover the device that are or can be made more costly.

If a network operator's router vendor supports RFC7217 for interface
addresses, they get that security advantage of large addresses by
default when they add the /64 to the interface. Router interfaces are
one of the motivations for RFC7217 being able to use the interface
ifIndex value for the Net_Iface parameter (Appendix A) - the comment
about ifIndexes being enabled to be consistent across network
interface changes was my suggestion, and the use case in my mind was
router interface module swaps.


It is self evident that a packet that cannot reach a device cannot be
used to attack the device.


Perhaps those who commented during rfc4291bis last call and who may
not have seen the WG's addressing privacy and security discussions
over the last 4 years haven't realised that many more addressing bits
can provide more capability and value than just the ability to connect
more hosts.

Regards,
Mark.

v2.23.0 | Report a Bug | By Email