[secdir] secdir review of draft-ietf-v6ops-tunnel-loops-01

Tom Yu <tlyu@MIT.EDU> Thu, 30 December 2010 03:58 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id AF3363A68F8; Wed, 29 Dec 2010 19:58:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.335
X-Spam-Status: No, score=-100.335 tagged_above=-999 required=5 tests=[AWL=0.775, BAYES_05=-1.11, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id bWjgjVXjlPWR; Wed, 29 Dec 2010 19:58:28 -0800 (PST)
Received: from dmz-mailsec-scanner-3.mit.edu (DMZ-MAILSEC-SCANNER-3.MIT.EDU []) by core3.amsl.com (Postfix) with ESMTP id 0FF9A3A63D3; Wed, 29 Dec 2010 19:58:27 -0800 (PST)
X-AuditID: 1209190e-b7b3bae000000a71-9a-4d1c03e04d56
Received: from mailhub-auth-2.mit.edu ( []) by dmz-mailsec-scanner-3.mit.edu (Symantec Brightmail Gateway) with SMTP id 77.52.02673.0E30C1D4; Wed, 29 Dec 2010 23:00:32 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU []) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id oBU40V5i010332; Wed, 29 Dec 2010 23:00:32 -0500
Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU []) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id oBU40OE7026948 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 29 Dec 2010 23:00:28 -0500 (EST)
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu ( id oBU40Os9000640; Wed, 29 Dec 2010 23:00:24 -0500 (EST)
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-v6ops-tunnel-loops.all@tools.ietf.org
From: Tom Yu <tlyu@MIT.EDU>
Date: Wed, 29 Dec 2010 23:00:24 -0500
Message-ID: <ldvhbdv29lz.fsf@cathode-dark-space.mit.edu>
Lines: 27
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Brightmail-Tracker: AAAAAA==
Subject: [secdir] secdir review of draft-ietf-v6ops-tunnel-loops-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Dec 2010 03:58:30 -0000

This document describes routing loop vulnerabilities inherent in the
existing design of IPv6-in-IPv4 tunneling protocols, and suggests
mitigation strategies.

While the Security Considerations section of this document claims that
the recommended checks do not introduce new security threats, Section
3.1 mentions that the additional processing overhead for checking
destination and source addresses may be considerable.  It would be
useful to have measurements or estimates of how this additional
processing overhead compares to the effects of the routing loop attack
that it is intended to mitigate.

This document makes no mention of the Teredo attacks that are
discussed in the USENIX WOOT paper.  The authors may wish to mention
draft-gont-6man-teredo-loops-00 for the sake of completeness.


Section 3 lists three categories of mitigation measures but the
accompanying text states that they fall under two categories.

In Section 3.1, in the sentence "However, this approach has some
inherit limitations", replace "inherit" with "inherent".

In Section 4, in the sentence "...other mitigation measures may be
allowed is specific deployment scenarios", replace "may be allowed is"
with "may be feasible in".