Re: [secdir] secdir review of draft-ietf-6man-addr-select-opt
Arifumi Matsumoto <arifumi@nttv6.net> Mon, 17 June 2013 11:28 UTC
Return-Path: <n@arifumi.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 923AC21F9B95 for <secdir@ietfa.amsl.com>; Mon, 17 Jun 2013 04:28:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.977
X-Spam-Level:
X-Spam-Status: No, score=-101.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9xkUqGIoAt7s for <secdir@ietfa.amsl.com>; Mon, 17 Jun 2013 04:28:02 -0700 (PDT)
Received: from mail-pb0-x22b.google.com (mail-pb0-x22b.google.com [IPv6:2607:f8b0:400e:c01::22b]) by ietfa.amsl.com (Postfix) with ESMTP id A6AE421F9B99 for <secdir@ietf.org>; Mon, 17 Jun 2013 04:27:41 -0700 (PDT)
Received: by mail-pb0-f43.google.com with SMTP id md12so2707280pbc.16 for <secdir@ietf.org>; Mon, 17 Jun 2013 04:27:39 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :x-gm-message-state; bh=TSJNrp7LuBFqbvKsU7zGKtMaAhYH5oJ7iDM1WpYy1Iw=; b=fihz2rc/fE84wPNzcen2pRTHoxjBuwFMifJv78ggSDbPYrnzd5txlw0FqmjgoKfQic q4JQUZ+6lhq0ceRE7BcMO3h7XbV9cH9+rRAWYcIktfXS8+hPDbJ5y283L+j8tR19D8ft 7vkE7ZOFPutbuuXsGWqcrInq/Pr+dVP9zRZdwtz2T9xPSVrmQNlg/SyuNnjIhdQ2yWM2 gw0VKjNkdSbxL5WLYwwHh51oKjzGfEGxcSvHziVPwwkxvffuvVSa49rbwIh1Q6Hn2GXq rPbyplRcotBnR8ADYairC+8RpvG9QdgKKaMHatfUlUrhv+VHOqeFVZm1IssxZiOtmLlI 0P4w==
MIME-Version: 1.0
X-Received: by 10.68.28.232 with SMTP id e8mr12374604pbh.94.1371468459848; Mon, 17 Jun 2013 04:27:39 -0700 (PDT)
Sender: n@arifumi.net
Received: by 10.68.194.198 with HTTP; Mon, 17 Jun 2013 04:27:39 -0700 (PDT)
X-Originating-IP: [2001:fa8:1010:0:e52f:f328:9ea2:e45d]
In-Reply-To: <2B1856F1-537D-4268-A104-BDC180A4EC54@employees.org>
References: <3dc2e7cf8e11e1928d71c08895be5c68.squirrel@www.trepanning.net> <14984CD7-6EDD-49E6-A3C2-4775E80041AC@employees.org> <fb61afaa7d78273cb257bab766d03bcc.squirrel@www.trepanning.net> <5F8FAF51-833A-4C75-9FFC-BE17ADF27994@employees.org> <5ffd0e5973e67c773b8ce3d345010c8f.squirrel@www.trepanning.net> <2B1856F1-537D-4268-A104-BDC180A4EC54@employees.org>
Date: Mon, 17 Jun 2013 20:27:39 +0900
X-Google-Sender-Auth: CF-ZfNopjv1ZLSCoPKAMqQrjsYE
Message-ID: <CABTuw1BqJH8uHkm=73oARWMd1wNkC+5FjJ+819zjcr_c+hT=kQ@mail.gmail.com>
From: Arifumi Matsumoto <arifumi@nttv6.net>
To: Ole Troan <otroan@employees.org>
Content-Type: multipart/mixed; boundary="bcaec520eacd5ec59604df57e280"
X-Gm-Message-State: ALoCoQkZwTwaT9bnQzpGXkUpRw84cJKEeiXNGzF4tSlrEr6SG2zE7j1u3pVT+Jwp4aFwMJ8/ZPt5
Cc: "draft-ietf-6man-addr-select-opt.all@tools.ietf.org" <draft-ietf-6man-addr-select-opt.all@tools.ietf.org>, secdir@ietf.org, draft-ietf-6man-rfc3484bis@tools.ietf.org, iesg@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-6man-addr-select-opt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2013 11:28:05 -0000
I attached a rev candidate. Hope this solves the issues pointed by Dan. Thank you very much. 2013/6/13 Ole Troan <otroan@employees.org> > Dan, > > > Yes, I am fine with Arifumi's clarification. Thanks. > > splendid, thanks for the help! > > Best regards, > Ole > > >> Dan, > >> > >> apologies for the delay, I discussed this directly with Arifumi, and I > >> hope his latest message clarifies the issue. > >> > >> to rephrase in my words; > >> OPTION_ADDRSEL is used to carry the A-flag (the hint to a host to > disable > >> automatic row addition) > >> and to carry policy table options. > >> the A-flag is a hint to the host to disable automatic row addition. > >> if OPTION_ADDRSEL contains policy table options the A-flag is redundant. > >> (as policy table options and the A-flag are incompatible). > >> > >> if you are fine with this, I will ask the authors to update the draft to > >> make this behaviour explicit. > >> > >> Best regards, > >> Ole > >> > >>>> let me chime in as the document shepherd. > >>>> (thank you very much for the thorough comments by the way). > >>>> > >>>>> For instance, while I think I understand the policy override of RFC > >>>>> 6724, having the Automatic Row Additions Flag be part of the address > >>>>> selection options seems problematic. If it is set to zero, then what > >>>>> are > >>>>> the semantics of such a message? "Here's an address selection option > >>>>> but don't you dare use it!"? What is the point? Me, as a node, can > >>>>> have > >>>>> this as part of my policy state which would allow me to ignore such > >>>>> an update but to have the bit be part of the option to update does > >>>>> not seem to make much sense. The semantics of the message needs > >>>>> to be explained much more clearly, or the bit needs to be removed > >>>>> from the message. > >>>> > >>>> my reading of the meaning of the A flag is a little different. (I have > >>>> cc'ed the authors of rfc6724 for confirmation.) > >>>> > >>>> an implementation of RFC6724 may automatically add entries in the > >>>> policy > >>>> table based on addresses configured on the node. > >>>> e.g. the node has an interface with a ULA address. > >>>> > >>>> RFC6724 also says: > >>>> An implementation SHOULD provide a means (the Automatic Row Additions > >>>> flag) for an administrator to disable > >>>> automatic row additions. > >>> > >>> That makes perfect sense. A client implementation SHOULD provide a > >>> means to disable automatic row additions. So it has some knob that can > >>> be turned on or off locally that would allow for update of its policy > >>> table > >>> by receiving policy options (enable) or forbid received policy options > >>> from > >>> updating the policy table (disable). > >>> > >>>> the A-flag in draft-ietf-6man-addr-select-opt provides the means. > >>> > >>> So this is where I'm confused. The sender of the policy option should > >>> not have the ability to control the knob that an implementation added > >>> locally to satisfy RFC 6724. If a client implementation sets its knob > to > >>> "disable" then it forbids policy option updates to its policy table. It > >>> shouldn't inspect the received option update to decide whether it > >>> should override the setting of its local knob. > >>> > >>> This seems like a security issue to me. There's a reason why an > >>> implementation would choose to disable updates of its policy table > >>> and allowing the sender of policy updates to override that seems > >>> wrong. > >>> > >>>> it does not affect the policy entries that is contained in the DHCP > >>>> option. > >>>> the A-flag only affects the RFC6724 behaviour of adding entries based > >>>> on > >>>> address configuration on the node. > >>> > >>> Again, according to the draft a message can be received by a client > >>> implementation that provides policy update options to its policy table > >>> with semantics of "you SHOULD NOT use these!" So what is the point > >>> of sending that message? Why not just refrain from sending the message > >>> if that's what the message is? > >>> > >>> Would you ever tell someone, "disregard what I am about to tell you"? I > >>> can't see why. And that's what the semantics of this message seem to > be. > >> > >> > >> > >> > > > >
- [secdir] secdir review of draft-ietf-6man-addr-se… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Ole Troan
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Ole Troan
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Ole Troan
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins