Re: [secdir] secdir review of draft-ietf-6man-addr-select-opt
Ole Troan <otroan@employees.org> Wed, 12 June 2013 10:06 UTC
Return-Path: <otroan@employees.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C650E21F9A6F; Wed, 12 Jun 2013 03:06:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XCuzausLVR9e; Wed, 12 Jun 2013 03:06:44 -0700 (PDT)
Received: from banjo.employees.org (banjo.employees.org [198.137.202.19]) by ietfa.amsl.com (Postfix) with ESMTP id 896E421F9A63; Wed, 12 Jun 2013 03:06:40 -0700 (PDT)
Received: from dhcp-10-61-98-253.cisco.com (64-103-25-233.cisco.com [64.103.25.233]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: otroan) by banjo.employees.org (Postfix) with ESMTPSA id D60EA5E85; Wed, 12 Jun 2013 03:06:36 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Content-Type: text/plain; charset="iso-8859-1"
From: Ole Troan <otroan@employees.org>
X-Priority: 3 (Normal)
In-Reply-To: <fb61afaa7d78273cb257bab766d03bcc.squirrel@www.trepanning.net>
Date: Wed, 12 Jun 2013 12:06:34 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <5F8FAF51-833A-4C75-9FFC-BE17ADF27994@employees.org>
References: <3dc2e7cf8e11e1928d71c08895be5c68.squirrel@www.trepanning.net> <14984CD7-6EDD-49E6-A3C2-4775E80041AC@employees.org> <fb61afaa7d78273cb257bab766d03bcc.squirrel@www.trepanning.net>
To: Dan Harkins <dharkins@lounge.org>
X-Mailer: Apple Mail (2.1508)
Cc: draft-ietf-6man-addr-select-opt.all@tools.ietf.org, draft-ietf-6man-rfc3484bis@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-6man-addr-select-opt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2013 10:06:51 -0000
Dan, apologies for the delay, I discussed this directly with Arifumi, and I hope his latest message clarifies the issue. to rephrase in my words; OPTION_ADDRSEL is used to carry the A-flag (the hint to a host to disable automatic row addition) and to carry policy table options. the A-flag is a hint to the host to disable automatic row addition. if OPTION_ADDRSEL contains policy table options the A-flag is redundant. (as policy table options and the A-flag are incompatible). if you are fine with this, I will ask the authors to update the draft to make this behaviour explicit. Best regards, Ole >> let me chime in as the document shepherd. >> (thank you very much for the thorough comments by the way). >> >>> For instance, while I think I understand the policy override of RFC >>> 6724, having the Automatic Row Additions Flag be part of the address >>> selection options seems problematic. If it is set to zero, then what are >>> the semantics of such a message? "Here's an address selection option >>> but don't you dare use it!"? What is the point? Me, as a node, can have >>> this as part of my policy state which would allow me to ignore such >>> an update but to have the bit be part of the option to update does >>> not seem to make much sense. The semantics of the message needs >>> to be explained much more clearly, or the bit needs to be removed >>> from the message. >> >> my reading of the meaning of the A flag is a little different. (I have >> cc'ed the authors of rfc6724 for confirmation.) >> >> an implementation of RFC6724 may automatically add entries in the policy >> table based on addresses configured on the node. >> e.g. the node has an interface with a ULA address. >> >> RFC6724 also says: >> An implementation SHOULD provide a means (the Automatic Row Additions >> flag) for an administrator to disable >> automatic row additions. > > That makes perfect sense. A client implementation SHOULD provide a > means to disable automatic row additions. So it has some knob that can > be turned on or off locally that would allow for update of its policy table > by receiving policy options (enable) or forbid received policy options from > updating the policy table (disable). > >> the A-flag in draft-ietf-6man-addr-select-opt provides the means. > > So this is where I'm confused. The sender of the policy option should > not have the ability to control the knob that an implementation added > locally to satisfy RFC 6724. If a client implementation sets its knob to > "disable" then it forbids policy option updates to its policy table. It > shouldn't inspect the received option update to decide whether it > should override the setting of its local knob. > > This seems like a security issue to me. There's a reason why an > implementation would choose to disable updates of its policy table > and allowing the sender of policy updates to override that seems > wrong. > >> it does not affect the policy entries that is contained in the DHCP >> option. >> the A-flag only affects the RFC6724 behaviour of adding entries based on >> address configuration on the node. > > Again, according to the draft a message can be received by a client > implementation that provides policy update options to its policy table > with semantics of "you SHOULD NOT use these!" So what is the point > of sending that message? Why not just refrain from sending the message > if that's what the message is? > > Would you ever tell someone, "disregard what I am about to tell you"? I > can't see why. And that's what the semantics of this message seem to be.
- [secdir] secdir review of draft-ietf-6man-addr-se… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Ole Troan
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Ole Troan
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Ole Troan
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins