Re: [secdir] sec-dir review of draft-ietf-6man-reserved-iids-01
Bob Hinden <bob.hinden@nokia.com> Mon, 01 December 2008 18:35 UTC
Return-Path: <secdir-bounces@ietf.org>
X-Original-To: secdir-archive@ietf.org
Delivered-To: ietfarch-secdir-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 29D983A6951; Mon, 1 Dec 2008 10:35:54 -0800 (PST)
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD5E63A6B66; Mon, 1 Dec 2008 10:11:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.448
X-Spam-Level:
X-Spam-Status: No, score=-6.448 tagged_above=-999 required=5 tests=[AWL=0.151, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A+nRm8OffEXc; Mon, 1 Dec 2008 10:11:14 -0800 (PST)
Received: from mgw-mx03.nokia.com (smtp.nokia.com [192.100.122.230]) by core3.amsl.com (Postfix) with ESMTP id CF4F63A67FF; Mon, 1 Dec 2008 10:10:50 -0800 (PST)
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-mx03.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id mB1IAhMY029546; Mon, 1 Dec 2008 20:10:44 +0200
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 1 Dec 2008 20:10:42 +0200
Received: from mgw-int02.ntc.nokia.com ([172.21.143.97]) by esebh102.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Mon, 1 Dec 2008 20:10:42 +0200
Received: from dadhcp-172019074159.americas.nokia.com (dadhcp-172019074159.americas.nokia.com [172.19.74.159]) by mgw-int02.ntc.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id mB1IAdam029160; Mon, 1 Dec 2008 20:10:40 +0200
From: Bob Hinden <bob.hinden@nokia.com>
To: Derek Atkins <derek@ihtfp.com>
In-Reply-To: <sjm1vwvwrbm.fsf@pgpdev.ihtfp.org>
References: <sjm1vwvwrbm.fsf@pgpdev.ihtfp.org>
Message-Id: <FDCF890E-8394-4323-86FC-FF0065C7FFBE@nokia.com>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Mon, 01 Dec 2008 10:10:38 -0800
X-Mailer: Apple Mail (2.929.2)
X-OriginalArrivalTime: 01 Dec 2008 18:10:42.0722 (UTC) FILETIME=[1FBFE820:01C953E0]
X-Nokia-AV: Clean
X-Mailman-Approved-At: Mon, 01 Dec 2008 10:35:53 -0800
Cc: 6man-chairs@tools.ietf.org, iesg@ietf.org, suresh.krishnan@ericsson.com, secdir@ietf.org
Subject: Re: [secdir] sec-dir review of draft-ietf-6man-reserved-iids-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: bob.hinden@nokia.com
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: secdir-bounces@ietf.org
Errors-To: secdir-bounces@ietf.org
Derek, On Nov 28, 2008, at 12:03 PM, ext Derek Atkins wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > While this document itself does not have any security issues (it's > just creating a registry with IANA) it brings up some interesting > points. First, what methods should IANA use to "authenticate and > authorize" entities to create or update changes to the registry? The document says: "future assignments from this registry are discouraged but in exceptional circumstances are to be made through Standards Action [RFC5226]." Only the IETF through a standard action can add entries. I suppose the IANA could use PGP to authenticate email from the IESG. > But > more importantly, what's to stop a rogue system from declaring itself > to use one of the reserved addresses? And what happens to the network > as a whole if a system does this? > Umm, the registry is to reserve them for a particular usage, not to prohibit their use. Nothing is to stop anyone from using them. The propose of the document and registry it creates is to reduce the chance of another standard from creating a new type of IID that conflicts with these. The general form of attack you are describing is one of creating addresses. It's not specific to these or any other type of interface IDs. Bob _______________________________________________ secdir mailing list secdir@ietf.org https://www.ietf.org/mailman/listinfo/secdir