IETF Logo Mail Archive

Re: 6MAN WG Last Call: draft-ietf-6man-predictable-fragment-id-01

神明達哉 <jinmei@wide.ad.jp> Mon, 08 December 2014 21:40 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22FA11A90AE for <ipv6@ietfa.amsl.com>; Mon, 8 Dec 2014 13:40:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NI2PBm0ajMcr for <ipv6@ietfa.amsl.com>; Mon, 8 Dec 2014 13:40:11 -0800 (PST)
Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9675E1A897E for <ipv6@ietf.org>; Mon, 8 Dec 2014 13:40:11 -0800 (PST)
Received: by mail-wi0-f175.google.com with SMTP id l15so6025035wiw.2 for <ipv6@ietf.org>; Mon, 08 Dec 2014 13:40:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=cNmtIhoy1zNvGtpngopxIvZ+mpymlChHzEEleLO7VfM=; b=fbDWG79YJeqaZTkk3HIh2UCHIWX4v+9xW/QKahAaxneEbRr2XciWu0qRC7VngFXV61 hREthNK6dkd4XMtZy2VFjUpemRSc7FA9uqm9qGkzPjAYo2kF9AWzvCYVo0HXsAnACOhD 3oabUtll2Jz8qc2hjAxXvqdYbiZEQLLTzWnNjQPTzwrya7VJ1ofla6H/3U+VfaIShrdr AX2S1GJEEpmtUsKiUGyCn6XCbaHrZHI0a/02WziDHRT7PKjmtDexE1u5Nhh4bOHnfJWV CgDHUSLdQzpI2Cq9p1LFYwS3DwcfgXPBT7jBhARGI/7tqVyexuba5pvlGAa1umSjLhVw qGkg==
MIME-Version: 1.0
X-Received: by 10.194.179.166 with SMTP id dh6mr44431638wjc.87.1418074810419; Mon, 08 Dec 2014 13:40:10 -0800 (PST)
Sender: jinmei.tatuya@gmail.com
Received: by 10.194.19.136 with HTTP; Mon, 8 Dec 2014 13:40:10 -0800 (PST)
In-Reply-To: <CC2EE99E-475C-4DB5-9E7F-ED00B4D48561@employees.org>
References: <CC2EE99E-475C-4DB5-9E7F-ED00B4D48561@employees.org>
Date: Mon, 08 Dec 2014 13:40:10 -0800
X-Google-Sender-Auth: hCv8XssLSTueqa9J5AF4-3i5QJI
Message-ID: <CAJE_bqdwrG6nGvJCQG4gpYR6hSpVBe-Pi=+XozCv4L-RJ1=URg@mail.gmail.com>
Subject: Re: 6MAN WG Last Call: draft-ietf-6man-predictable-fragment-id-01
From: 神明達哉 <jinmei@wide.ad.jp>
To: Ole Troan <otroan@employees.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/zro1IKbiKdrQoWRKV_zr5y_OZrs
Cc: 6man Chairs <6man-chairs@tools.ietf.org>, 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Dec 2014 21:40:13 -0000

At Thu, 4 Dec 2014 09:07:18 +0100,
Ole Troan <otroan@employees.org> wrote:

> This message starts a two week 6MAN Working Group Last Call on advancing:
>
>      Title           : Security Implications of Predictable Fragment Identification Values
>      Authors     : Fernando Gont
>      Filename   : draft-ietf-6man-predictable-fragment-id-01.txt
>      Pages        : 16
>      Date           : 2014-04-30
>
>       http://tools.ietf.org/html/draft-ietf-6man-predictable-fragment-id-01
>
> as a Best Current Practice Document.  Substantive comments and statements of support for publishing this document should be directed to the mailing list.  Editorial suggestions can be sent to the authors.  This last call will end on December 18, 2014.

I wouldn't be opposed to publishing this document; it certainly
contains useful information and I've not found anything obviously
wrong.  But I also think Ole made some valid point.  If I were to
choose, I'm a bit inclined to NOT publish it as a separate document at
this time. (But, again, if many others want to see it published, I
have no problem with it either).

I have some comments on the latest versions of the draft, all pretty
minor and mostly editorial:

- Abstract: s/simple a/a smple/

   Address.  Some implementations use simple a global counter for

- Section 3: s/the the/the/
   learn the the Identification value currently in use by Host A,

- Section 3: s/ICCPMv6/ICMPv6/
   response (e.g., an ICCPMv6 echo request with a large payload).  The

- Section 4:

   The Identification value of the Fragment Header MUST NOT be
   predictable by an off-path attacker.

  'MUST NOT be predictable' sounds vague to me, especially with the
  RFC2119 keyword.  I'm not sure if there's a precedent of the use of
  this word with a normative keyword, but even if there's, I would
  personally still like to see a clearer term here.  (If, of course,
  we'd like to publish it as an RFC in the end).

- Section 6.3:
   secret1:
      Secret data unknown to the attacker
  (The latter one: this should be "secret2")

- Section 10.1: Not a big deal, but I'm not sure why this has to be a
  "normative reference".

   [RFC6946]  Gont, F., "Processing of IPv6 "Atomic" Fragments", RFC
              6946, May 2013.

--
JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email