Re: [secdir] secdir review of draft-ietf-6man-addr-select-opt
Arifumi Matsumoto <arifumi@nttv6.net> Wed, 12 June 2013 08:17 UTC
Return-Path: <n@arifumi.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCD5C21F9C1F for <secdir@ietfa.amsl.com>; Wed, 12 Jun 2013 01:17:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.976
X-Spam-Level:
X-Spam-Status: No, score=-101.976 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VgrVUOBDOYXL for <secdir@ietfa.amsl.com>; Wed, 12 Jun 2013 01:17:38 -0700 (PDT)
Received: from mail-pd0-f172.google.com (mail-pd0-f172.google.com [209.85.192.172]) by ietfa.amsl.com (Postfix) with ESMTP id DA26521F9C07 for <secdir@ietf.org>; Wed, 12 Jun 2013 01:17:37 -0700 (PDT)
Received: by mail-pd0-f172.google.com with SMTP id z10so6019801pdj.17 for <secdir@ietf.org>; Wed, 12 Jun 2013 01:17:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :x-gm-message-state; bh=LKANy6UzNsySl54YD/0vwK8qR0Loq5JhHgOoe7qyD7A=; b=P3fVQOxZkD6mE2BG/ErN+qTzb5Og5BOobjd7EowOtgdIKqHwSAV0mYShum02FrGipD MR7RxttA3IOHWeF6dFH6JN+ur7hCvR1Y8qfgdHXUqNIesTF5PY6baR541KHCqWsZF3cU PTiWvlh+As4cnHtBjAR5K8g/ViKXRMuOnU8GZlY0N2ogpWUnzGSo5+61LvqBsWAIV6jX Q045zTKwattgUp6+HVufFtiZoKnUPAYb07uHke7WBhT9rWkP3TygvqQnZ1OhymYO/81y 0GL+Jtwr9XKY5I6D60AH7ZeU3BDV5CzQRdz/bBQoVIQjE536jQZEt5eg/+ucQFTG32aV jWvg==
MIME-Version: 1.0
X-Received: by 10.66.145.34 with SMTP id sr2mr15868332pab.94.1371025055494; Wed, 12 Jun 2013 01:17:35 -0700 (PDT)
Sender: n@arifumi.net
Received: by 10.68.194.198 with HTTP; Wed, 12 Jun 2013 01:17:35 -0700 (PDT)
X-Originating-IP: [2001:df0:45:20::61]
In-Reply-To: <e27bbbeef7bc43410bcb85e5ebc1ed07.squirrel@www.trepanning.net>
References: <3dc2e7cf8e11e1928d71c08895be5c68.squirrel@www.trepanning.net> <14984CD7-6EDD-49E6-A3C2-4775E80041AC@employees.org> <fb61afaa7d78273cb257bab766d03bcc.squirrel@www.trepanning.net> <CABTuw1Dag_G2nDt=XsM2EeOvVuUqqRjS_sP6GMsJhdu4-3=KYQ@mail.gmail.com> <e27bbbeef7bc43410bcb85e5ebc1ed07.squirrel@www.trepanning.net>
Date: Wed, 12 Jun 2013 17:17:35 +0900
X-Google-Sender-Auth: xvBkPp6vL5na5M9_SLcsFQf62k8
Message-ID: <CABTuw1ANCto=cbXLHjnZ-Lh=nT+86FWUMNSfrVNvs5L477S88A@mail.gmail.com>
From: Arifumi Matsumoto <arifumi@nttv6.net>
To: Dan Harkins <dharkins@lounge.org>
Content-Type: multipart/alternative; boundary="047d7b6d7e3269479d04def0a586"
X-Gm-Message-State: ALoCoQlsjm5ezga1vt3nKNNmNE9tFOhMypaSFsbnG7nidU25JZ07N1BloIYxmetgaW6zqyG7DwjQ
Cc: secdir@ietf.org, "draft-ietf-6man-addr-select-opt.all@tools.ietf.org" <draft-ietf-6man-addr-select-opt.all@tools.ietf.org>, draft-ietf-6man-rfc3484bis@tools.ietf.org, Ole Troan <otroan@employees.org>, iesg@ietf.org, Arifumi Matsumoto <arifumi@nttv6.net>
Subject: Re: [secdir] secdir review of draft-ietf-6man-addr-select-opt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2013 08:17:47 -0000
Hi, 2013/6/12 Dan Harkins <dharkins@lounge.org> > > Hi, > > On Tue, June 11, 2013 11:55 pm, Arifumi Matsumoto wrote: > > Hi, > > > > 2013/6/12 Dan Harkins <dharkins@lounge.org> > > > >> > >> Hi Ole, > >> > >> On Tue, June 11, 2013 2:24 am, Ole Troan wrote: > >> > Dan, > >> > > >> > let me chime in as the document shepherd. > >> > (thank you very much for the thorough comments by the way). > >> > > >> >> For instance, while I think I understand the policy override of RFC > >> >> 6724, having the Automatic Row Additions Flag be part of the address > >> >> selection options seems problematic. If it is set to zero, then what > >> are > >> >> the semantics of such a message? "Here's an address selection option > >> >> but don't you dare use it!"? What is the point? Me, as a node, can > >> have > >> >> this as part of my policy state which would allow me to ignore such > >> >> an update but to have the bit be part of the option to update does > >> >> not seem to make much sense. The semantics of the message needs > >> >> to be explained much more clearly, or the bit needs to be removed > >> >> from the message. > >> > > >> > my reading of the meaning of the A flag is a little different. (I have > >> > cc'ed the authors of rfc6724 for confirmation.) > >> > > >> > an implementation of RFC6724 may automatically add entries in the > >> policy > >> > table based on addresses configured on the node. > >> > e.g. the node has an interface with a ULA address. > >> > > >> > RFC6724 also says: > >> > An implementation SHOULD provide a means (the Automatic Row > >> Additions > >> > flag) for an administrator to disable > >> > automatic row additions. > >> > >> That makes perfect sense. A client implementation SHOULD provide a > >> means to disable automatic row additions. So it has some knob that can > >> be turned on or off locally that would allow for update of its policy > >> table > >> by receiving policy options (enable) or forbid received policy options > >> from > >> updating the policy table (disable). > >> > >> > the A-flag in draft-ietf-6man-addr-select-opt provides the means. > >> > >> So this is where I'm confused. The sender of the policy option should > >> not have the ability to control the knob that an implementation added > >> locally to satisfy RFC 6724. If a client implementation sets its knob to > >> "disable" then it forbids policy option updates to its policy table. It > >> shouldn't inspect the received option update to decide whether it > >> should override the setting of its local knob. > >> > >> This seems like a security issue to me. There's a reason why an > >> implementation would choose to disable updates of its policy table > >> and allowing the sender of policy updates to override that seems > >> wrong. > >> > > > > In my understanding, > > - RFC 6724 defines a knob for switching automatic row addition. > > - addr-select-opt defines a knob for switching whether accepting > automatic > > row addition flag delivered or not. > > > > and, if the second knob is switched to "accept", then the first knob is > > overridden by a delivered flag. > > So you're saying that the local knob can be overridden by the bit in > the message? That begs the question: why would one send a message with > the "delivered flag" set to "don't accept", meaning "don't accept this > update"? > How is that different than omitting this "don't accept" information from > the > message in the first place? > No, these *two* knobs are *local*. So, "don't accept" cannot be delivered over network. I failed to mention about it. Sorry for confusion. This misunderstanding lead to the following further confusions. Sorry about that. Regards, > > > This is common case in moderen user OS settings, such that the DNS server > > configuration can be > > switched to automatic(delivered from network), or to locally configured > to > > some value. > > But why would the network set an option indicating that the recipient > should > not use this configuration"? If the recipient has a knob indicating that > local > policy cannot be updated then the bit has no effect and if the recipient > has a > knob indicating that the policy can be updated then setting the the bit in > the > message should be meaningless. > > >> > >> > it does not affect the policy entries that is contained in the DHCP > >> > option. > >> > the A-flag only affects the RFC6724 behaviour of adding entries based > >> on > >> > address configuration on the node. > >> > >> Again, according to the draft a message can be received by a client > >> implementation that provides policy update options to its policy table > >> with semantics of "you SHOULD NOT use these!" So what is the point > >> of sending that message? Why not just refrain from sending the message > >> if that's what the message is? > >> > >> Would you ever tell someone, "disregard what I am about to tell you"? > >> I > >> can't see why. And that's what the semantics of this message seem to be. > >> > > > > As I mentioned in the previous e-mail, that I sent 10 June, > > when this A flag is turned on, the DHCP option should not carry policy > > table, > > and a receiver should ignore it, which I have to add some text in the > rev. > > But why would a server send an address selection option that said, "don't > use this"? Once again, it makes no sense to have these semantics. > > If you notice, this question seems to be repeated over and over yet I > have > not yet received an answer why or an statement that I don't understand > the semantics of the message. So what is it? Do I not understand (in which > you should explain exactly why) or is this message meaningless (in which > case why is it part of your draft)? > > regards, > > Dan. > > >
- [secdir] secdir review of draft-ietf-6man-addr-se… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Ole Troan
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Ole Troan
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Ole Troan
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins