IETF Logo Mail Archive

Re: [OPSEC] New Version Notification for draft-yourtchenko-opsec-humansafe-ipv6-00.txt

Fernando Gont <fgont@si6networks.com> Tue, 06 March 2012 12:28 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF1D121F882D for <opsec@ietfa.amsl.com>; Tue, 6 Mar 2012 04:28:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.557
X-Spam-Level:
X-Spam-Status: No, score=-2.557 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fCfat-J2RZg0 for <opsec@ietfa.amsl.com>; Tue, 6 Mar 2012 04:28:23 -0800 (PST)
Received: from srv01.bbserve.nl (unknown [IPv6:2a02:27f8:1025:18::232]) by ietfa.amsl.com (Postfix) with ESMTP id BB10E21F8826 for <opsec@ietf.org>; Tue, 6 Mar 2012 04:28:22 -0800 (PST)
Received: from [2001:5c0:1000:a::6a1] by srv01.bbserve.nl with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <fgont@si6networks.com>) id 1S4tV4-00023o-D5; Tue, 06 Mar 2012 13:28:18 +0100
Message-ID: <4F5602DA.2010806@si6networks.com>
Date: Tue, 06 Mar 2012 09:28:10 -0300
From: Fernando Gont <fgont@si6networks.com>
Organization: SI6 Networks
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.27) Gecko/20120216 Thunderbird/3.1.19
MIME-Version: 1.0
To: Andrew Yourtchenko <ayourtch@cisco.com>
References: <alpine.DEB.2.00.1203051204580.20167@ayourtch-lnx> <4F55B1A2.7000909@gont.com.ar> <alpine.DEB.2.00.1203061046000.2860@ayourtch-lnx>
In-Reply-To: <alpine.DEB.2.00.1203061046000.2860@ayourtch-lnx>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: opsec@ietf.org, mircea.pisica@bt.com, sasad@cisco.com
Subject: Re: [OPSEC] New Version Notification for draft-yourtchenko-opsec-humansafe-ipv6-00.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Mar 2012 12:28:24 -0000

Hi, Andrew,

On 03/06/2012 07:32 AM, Andrew Yourtchenko wrote:
>> I think this one is somewhat incorrect: What's usually deemed as hard to
>> manage is temporary addresses (RFC 4941), rather than the fact that the
>> identifiers are random (see e.g.,
>> <http://tools.ietf.org/id/draft-gont-6man-managing-slaac-policy-00.txt>).
> 
> No, in this case I'm talking about permanently assigned addresses. It's
> just that telling the full IPv6 address over the phone or remembering it
> is a chore.

It wasn't clear to me that you were referring to this problem.



> Example: 2001:db8:d923:297a:2068:d95d:cff5:308a. Make an experiment and
> measure how much it takes to get this address over to someone over the
> phone, without errors. That's the type of problem I had in mind.

I know of quite a few folks that have already established the rule that
"you don't tell IPv6 addresses over the phone"


>> * Section 5 states:
>>   The idea is to exploit the randomness property of the encryption
>>   function output.  The interface identifier, used within the IPv6
>>   address of the host, would be derived from the 64-bit data
>>   corresponding to hostname, encrypted with a site-wide "secret".
>>
>> How would you distribute the secret.
> 
> USB stick, for example. Or write it on the wall in the ops room :-)

BTW, what are the types of systems that you have in mind for using this?
Host? Servers? Routers? All of them?



> I probably should have not named it a "secret" - the idea was to have it
> secret enough so that a random script kiddie does not know it, yet it
> can be easily known by the staff. Any suggestions on how I should rename
> it so there's less confusion ?

Well, as far as the attacker is concerned, the "secret" is secret. So
the term is okay. But I guess it should be more clear to whom the
"secret" is secret, and how you plan to distribute it.


>> That aside: have you read
>> <http://tools.ietf.org/id/draft-gont-6man-stable-privacy-addresses-00.txt>.
>>
>> It solves the scanning problem and the management problem, with no need
>> to distribute secrets.
> 
> It's nice, however it requires changes to host OSes.

Well, yes... but that's what you need to do to fix the underlying
problem of vulnerability to scanning...

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email