IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-6man-addr-select-opt

Arifumi Matsumoto <arifumi@nttv6.net> Mon, 17 June 2013 11:28 UTC

Return-Path: <n@arifumi.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 923AC21F9B95 for <secdir@ietfa.amsl.com>; Mon, 17 Jun 2013 04:28:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.977
X-Spam-Level:
X-Spam-Status: No, score=-101.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9xkUqGIoAt7s for <secdir@ietfa.amsl.com>; Mon, 17 Jun 2013 04:28:02 -0700 (PDT)
Received: from mail-pb0-x22b.google.com (mail-pb0-x22b.google.com [IPv6:2607:f8b0:400e:c01::22b]) by ietfa.amsl.com (Postfix) with ESMTP id A6AE421F9B99 for <secdir@ietf.org>; Mon, 17 Jun 2013 04:27:41 -0700 (PDT)
Received: by mail-pb0-f43.google.com with SMTP id md12so2707280pbc.16 for <secdir@ietf.org>; Mon, 17 Jun 2013 04:27:39 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :x-gm-message-state; bh=TSJNrp7LuBFqbvKsU7zGKtMaAhYH5oJ7iDM1WpYy1Iw=; b=fihz2rc/fE84wPNzcen2pRTHoxjBuwFMifJv78ggSDbPYrnzd5txlw0FqmjgoKfQic q4JQUZ+6lhq0ceRE7BcMO3h7XbV9cH9+rRAWYcIktfXS8+hPDbJ5y283L+j8tR19D8ft 7vkE7ZOFPutbuuXsGWqcrInq/Pr+dVP9zRZdwtz2T9xPSVrmQNlg/SyuNnjIhdQ2yWM2 gw0VKjNkdSbxL5WLYwwHh51oKjzGfEGxcSvHziVPwwkxvffuvVSa49rbwIh1Q6Hn2GXq rPbyplRcotBnR8ADYairC+8RpvG9QdgKKaMHatfUlUrhv+VHOqeFVZm1IssxZiOtmLlI 0P4w==
MIME-Version: 1.0
X-Received: by 10.68.28.232 with SMTP id e8mr12374604pbh.94.1371468459848; Mon, 17 Jun 2013 04:27:39 -0700 (PDT)
Sender: n@arifumi.net
Received: by 10.68.194.198 with HTTP; Mon, 17 Jun 2013 04:27:39 -0700 (PDT)
X-Originating-IP: [2001:fa8:1010:0:e52f:f328:9ea2:e45d]
In-Reply-To: <2B1856F1-537D-4268-A104-BDC180A4EC54@employees.org>
References: <3dc2e7cf8e11e1928d71c08895be5c68.squirrel@www.trepanning.net> <14984CD7-6EDD-49E6-A3C2-4775E80041AC@employees.org> <fb61afaa7d78273cb257bab766d03bcc.squirrel@www.trepanning.net> <5F8FAF51-833A-4C75-9FFC-BE17ADF27994@employees.org> <5ffd0e5973e67c773b8ce3d345010c8f.squirrel@www.trepanning.net> <2B1856F1-537D-4268-A104-BDC180A4EC54@employees.org>
Date: Mon, 17 Jun 2013 20:27:39 +0900
X-Google-Sender-Auth: CF-ZfNopjv1ZLSCoPKAMqQrjsYE
Message-ID: <CABTuw1BqJH8uHkm=73oARWMd1wNkC+5FjJ+819zjcr_c+hT=kQ@mail.gmail.com>
From: Arifumi Matsumoto <arifumi@nttv6.net>
To: Ole Troan <otroan@employees.org>
Content-Type: multipart/mixed; boundary="bcaec520eacd5ec59604df57e280"
X-Gm-Message-State: ALoCoQkZwTwaT9bnQzpGXkUpRw84cJKEeiXNGzF4tSlrEr6SG2zE7j1u3pVT+Jwp4aFwMJ8/ZPt5
Cc: "draft-ietf-6man-addr-select-opt.all@tools.ietf.org" <draft-ietf-6man-addr-select-opt.all@tools.ietf.org>, secdir@ietf.org, draft-ietf-6man-rfc3484bis@tools.ietf.org, iesg@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-6man-addr-select-opt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2013 11:28:05 -0000

I attached a rev candidate.
Hope this solves the issues pointed by Dan.

Thank you very much.


2013/6/13 Ole Troan <otroan@employees.org>

> Dan,
>
> >  Yes, I am fine with Arifumi's clarification. Thanks.
>
> splendid, thanks for the help!
>
> Best regards,
> Ole
>
> >> Dan,
> >>
> >> apologies for the delay, I discussed this directly with Arifumi, and I
> >> hope his latest message clarifies the issue.
> >>
> >> to rephrase in my words;
> >> OPTION_ADDRSEL is used to carry the A-flag (the hint to a host to
> disable
> >> automatic row addition)
> >> and to carry policy table options.
> >> the A-flag is a hint to the host to disable automatic row addition.
> >> if OPTION_ADDRSEL contains policy table options the A-flag is redundant.
> >> (as policy table options and the A-flag are incompatible).
> >>
> >> if you are fine with this, I will ask the authors to update the draft to
> >> make this behaviour explicit.
> >>
> >> Best regards,
> >> Ole
> >>
> >>>> let me chime in as the document shepherd.
> >>>> (thank you very much for the thorough comments by the way).
> >>>>
> >>>>> For instance, while I think I understand the policy override of RFC
> >>>>> 6724, having the Automatic Row Additions Flag be part of the address
> >>>>> selection options seems problematic. If it is set to zero, then what
> >>>>> are
> >>>>> the semantics of such a message? "Here's an address selection option
> >>>>> but don't you dare use it!"? What is the point? Me, as a node, can
> >>>>> have
> >>>>> this as part of my policy state which would allow me to ignore such
> >>>>> an update but to have the bit be part of the option to update does
> >>>>> not seem to make much sense. The semantics of the message needs
> >>>>> to be explained much more clearly, or the bit needs to be removed
> >>>>> from the message.
> >>>>
> >>>> my reading of the meaning of the A flag is a little different. (I have
> >>>> cc'ed the authors of rfc6724 for confirmation.)
> >>>>
> >>>> an implementation of RFC6724 may automatically add entries in the
> >>>> policy
> >>>> table based on addresses configured on the node.
> >>>> e.g. the node has an interface with a ULA address.
> >>>>
> >>>> RFC6724 also says:
> >>>>  An implementation SHOULD provide a means (the Automatic Row Additions
> >>>> flag) for an administrator to disable
> >>>>  automatic row additions.
> >>>
> >>> That makes perfect sense. A client implementation SHOULD provide a
> >>> means to disable automatic row additions. So it has some knob that can
> >>> be turned on or off locally that would allow for update of its policy
> >>> table
> >>> by receiving policy options (enable) or forbid received policy options
> >>> from
> >>> updating the policy table (disable).
> >>>
> >>>> the A-flag in draft-ietf-6man-addr-select-opt provides the means.
> >>>
> >>> So this is where I'm confused. The sender of the policy option should
> >>> not have the ability to control the knob that an implementation added
> >>> locally to satisfy RFC 6724. If a client implementation sets its knob
> to
> >>> "disable" then it forbids policy option updates to its policy table. It
> >>> shouldn't inspect the received option update to decide whether it
> >>> should override the setting of its local knob.
> >>>
> >>> This seems like a security issue to me. There's a reason why an
> >>> implementation would choose to disable updates of its policy table
> >>> and allowing the sender of policy updates to override that seems
> >>> wrong.
> >>>
> >>>> it does not affect the policy entries that is contained in the DHCP
> >>>> option.
> >>>> the A-flag only affects the RFC6724 behaviour of adding entries based
> >>>> on
> >>>> address configuration on the node.
> >>>
> >>> Again, according to the draft a message can be received by a client
> >>> implementation that provides policy update options to its policy table
> >>> with semantics of "you SHOULD NOT use these!" So what is the point
> >>> of sending that message? Why not just refrain from sending the message
> >>> if that's what the message is?
> >>>
> >>> Would you ever tell someone, "disregard what I am about to tell you"? I
> >>> can't see why. And that's what the semantics of this message seem to
> be.
> >>
> >>
> >>
> >>
> >
>
>

v2.23.0 | Report a Bug | By Email