Re: [rrg] Some concerns about ILNP//:Re: Recommendation
Xu Xiaohu <xuxh@huawei.com> Fri, 02 April 2010 03:38 UTC
Return-Path: <xuxh@huawei.com>
X-Original-To: rrg@core3.amsl.com
Delivered-To: rrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 911BC3A6916 for <rrg@core3.amsl.com>; Thu, 1 Apr 2010 20:38:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.42
X-Spam-Level: ****
X-Spam-Status: No, score=4.42 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_50=0.001, CN_BODY_35=0.339, DNS_FROM_OPENWHOIS=1.13, MIME_CHARSET_FARAWAY=2.45, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4WlzhoYkyKKu for <rrg@core3.amsl.com>; Thu, 1 Apr 2010 20:38:34 -0700 (PDT)
Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [119.145.14.66]) by core3.amsl.com (Postfix) with ESMTP id 1FA5D3A67A5 for <rrg@irtf.org>; Thu, 1 Apr 2010 20:38:34 -0700 (PDT)
Received: from huawei.com (szxga03-in [172.24.2.9]) by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0L08001T3CT5ER@szxga03-in.huawei.com> for rrg@irtf.org; Fri, 02 Apr 2010 11:39:06 +0800 (CST)
Received: from huawei.com ([172.24.2.119]) by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0L0800AROCT58A@szxga03-in.huawei.com> for rrg@irtf.org; Fri, 02 Apr 2010 11:39:05 +0800 (CST)
Received: from HUAWEIE75F8F11 ([10.111.13.9]) by szxml04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0L0800AG5CT5IZ@szxml04-in.huawei.com> for rrg@irtf.org; Fri, 02 Apr 2010 11:39:05 +0800 (CST)
Date: Fri, 02 Apr 2010 11:39:05 +0800
From: Xu Xiaohu <xuxh@huawei.com>
In-reply-to: <C7D58FA3.8FEC%tony.li@tony.li>
To: 'Tony Li' <tony.li@tony.li>
Message-id: <004401cad216$0b5e18b0$090d6f0a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset="gb2312"
Content-transfer-encoding: quoted-printable
Thread-index: AcrPBOMT7no3kx5g/kSuNqa6Hs5DkwDA2rFg
Cc: 'Tony Li' <tli@cisco.com>, rrg@irtf.org, 'Scott Brim' <scott.brim@gmail.com>, 'Noel Chiappa' <jnc@mercury.lcs.mit.edu>
Subject: Re: [rrg] Some concerns about ILNP//:Re: Recommendation
X-BeenThere: rrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IRTF Routing Research Group <rrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/rrg>
List-Post: <mailto:rrg@irtf.org>
List-Help: <mailto:rrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Apr 2010 03:38:35 -0000
Hi Tony, > -----邮件原件----- > 发件人: Tony Li [mailto:tony.li@tony.li] > 发送时间: 2010年3月29日 13:59 > 收件人: xuxiaohu 41208 > 抄送: Christopher LILJENSTOLPE; Tony Li; rrg@irtf.org; Scott Brim; Noel > Chiappa > 主题: Re: Some concerns about ILNP//:Re: [rrg] Recommendation > > > Hi Xiaohu, > > > CONCERN #1: Host ID Theft Threat > > Given that the host ID is locally scoped, and ILNP does not claim to provide > any level of security above and beyond what legacy protocols provide today, In the current Internet architecture, uRPF can be used to avoid IP address (acting as host identifier) theft to some extent. In an ID/locator split architecture, without any ID authentication mechanism, it will become much easier for a malicious host to theft other hosts' identifiers. > could you please expound a bit on the threat? What exactly do you expect > an attacker to do with this stolen ID? And how is it an attack that we > wouldn't have today in v6? Some firewalls allow users to configure filters based on IP addresses (acting as host identifier). Similarly, some cell phones allow users to configure a black-list based on phone numbers to block incoming calls. Provided host identifiers were much easy to be stolen, all the above benefits would be lost. Besides, in Section 5.5 of draft-ietf-ipngwg-esd-analysis-05, several denial-of-service attack examples are also mentioned. I wonder whether ILNP has already successfully dealt with them. > > If I understand it correctly, ILNP could also use some CGA like approach to > > deal with this issue. > > > That would certainly be an extension, but is not covered today. > > > > CONCERN #2: Host ID Global Uniqueness Assurance > > > > I know ILNP doesn't require the host identifer to be globally unique. However, > > it has to involve some other tricks (i.e., nounces) to deal with the host > ID > > collision events. > > More precisely, it uses nonces to confirm the association of one (locator, > identifier) pair with another (locator', identifier) pair. By the way, I noticed a statement in draft-rja-ilnp-nonce-02 as follows: "In the deployed Internet, packets sometimes arrive at a destination out of order. A receiving node MUST drop a packet arriving from a correspondent if the Source Locator of the received packet is not in the receiving node's ILNP Session Cache's Set of Correspondent Locator(s) UNLESS that packet contains a Nonce Option with the appropriate nonce value for that Source Identifier and Destination Identifier pair. This is done to reduce the risk of session hijacking or session interference attacks." I wonder what will happen if two hosts owning the same host identifier occasionally communicate with a third party in accordance with the above guidance as " A receiving node MUST drop a packet arriving from a correspondent if the Source Locator of the received packet is not in the receiving node's ILNP Session Cache's Set of Correspondent Locator(s) UNLESS that packet contains a Nonce Option with the appropriate nonce value for that Source Identifier and Destination Identifier pair." If this case has been mentioned somewhere, would you please kindly tell me which section of which draft? > > Without mentioning whether or not this choice has any extra advantage over > the > > choice of global uniqueness ID, can we configure the filering-rule table on > a > > given host based on these non-globally unique host IDs? Or do you have any > > better alternative for us to achieve the same goal as what we did today (e.g., > > IP address (acting as identifier also in today's network) filtering table)? > > One could always filter on remote (locator, identifier) pairs, giving you > the same semantics that you have today with source address filtering. > However, the security of ANY remote source address is of questionable value. > This is already true today. > > Filtering the destination address today for incoming packets is generally > considered much safer, as the address is presumably under the (reasonably > secure) management of the local network. The analogous effect in ILNP is to > filter on incoming destination identifiers. This allows filter rules to be > independent of the locator, thus easing renumbering chores. If mobility is > not permitted within the local domain, then the destination locator can also > be included in a filter rule, in whole or in part. > > > > CONCERN #3: Motivations for Earlier Adoption of ILNP > > > > Considering a scenario where a legacy IPv6 host initiates a session to an > ILNP > > host which is a multi-homed host, the legacy host will obtain several PA > > addresses for that ILNP host in a DNS reponse to its DNS query, then the > > legacy host will use one of the PA addresses of that ILNP host for initiating > > a session. Once the ILNP host is rehomed, can the already established session > > still survive? > > No, since one correspondent is a legacy host, you only have legacy > capabilities. No, IMHO, the ILNP hosts should provide the same connectivity service to the legacy hosts as today. That's to say, once the ILNP host moves from one attachment point to anther due to re-homing (or mobility), the already established sessions should still survive. > This points out that the primary hosts that want to migrate to ILNP are > those that are mobile and those that correspond with mobile hosts. > Therefore, I propose that we start with the smart phones. Is mobility the first object of RRG? > > Maybe somebody will argue that it doesn't matter since the legacy host will > > attempt to use the other PA address once the previous one is failed. However, > > my concern is whether it is acceptable for the earlier adopters of ILNP. I > > roughly believe they will still prefer the PI addresses, rather than ILNP. > > Perhaps, but deploying PI addresses and ILNP is far preferable than doing > nothing and deploying PI addresses without ILNP. ;-) Are these the only choices we have? > > Take IPv6 transition as an example, can the ISPs disable the IPv4 access > > service while providing IPv6 access service to their customers? When the ISPs > > provide their customers some new choices, they can not deprive the interests > > and benefits that the customers has already have when using the current > > choice. > > As Randy Bush would say: I encourage all my competitors to disable IPv4, > immediately. ;-) Perfect! > v4 and v6 will continue to co-exist for some time, and IMHO, there will be > NAT between the different versions to provide continuous service. > > I'm not understanding the relevance of this to RRG. My point is that subscribes would not prefer ILNP to PI addresses if ILNP would degrade the already obtained benefits from PI address usage. E.g., once the ILNP host is re-homed, the already established sessions between this ILNP host and legacy hosts will be interrupted. Best wishes, Xiaohu > > still survive > > Maybe I am totally wrong. > > And maybe not. > > Regards, > Tony
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Tony Li
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Xu Xiaohu
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Tony Li
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Dae Young KIM
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Xu Xiaohu
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Brian E Carpenter
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Tony Li
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Tony Li
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Tony Li
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Tony Li
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Tony Li
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Xu Xiaohu
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Tony Li
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Xu Xiaohu
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Tony Li
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Xu Xiaohu
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Tony Li
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Noel Chiappa
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Tony Li
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Noel Chiappa
- Re: [rrg] Some concerns about ILNP//:Re: Recommen… Tony Li