[secdir] secdir review of draft-ietf-6man-why64-05
Melinda Shore <melinda.shore@gmail.com> Sun, 28 September 2014 19:47 UTC
Return-Path: <melinda.shore@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18E341A1BC8; Sun, 28 Sep 2014 12:47:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MYE-ivFWErSB; Sun, 28 Sep 2014 12:47:00 -0700 (PDT)
Received: from mail-pd0-x233.google.com (mail-pd0-x233.google.com [IPv6:2607:f8b0:400e:c02::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81AE41A1B91; Sun, 28 Sep 2014 12:47:00 -0700 (PDT)
Received: by mail-pd0-f179.google.com with SMTP id r10so1360132pdi.38 for <multiple recipients>; Sun, 28 Sep 2014 12:47:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=Qt6XJpyYNdp8CZXWWTZLWogGxgFw4SclhHifLqFVwOE=; b=G9MBdzkY8NIYbbG5Zr0nUPBdmGzbt9J64N40zs3PLEtigz/FT81yVoZRlvJR1luBSU D2qYEu9xn0A2ooH31Rd+MjHDCmjaVYb1Jvq07UdQRWkl6U5mgX0uDmy7zY9ONh+G73PC 6KYxoGykri/V/8xxgJRcLznLAgGyRx8IHm8VxYE0r3IM3H6MUwIbUVFx9QlxkBygHo9U IxKfi9xoT7mJezkOCFE4UA6Er1goiz26UM01ZT+9rL+XO4sJCJkP2wjYlRpIDb1AH0UK MZJBkJoet1aQi4tBTfbB16734aFtVS1U+dBquQdGtGXKpsWvS8d0Eu4TbapHbdbSH3px K7Tw==
X-Received: by 10.67.24.8 with SMTP id ie8mr52941225pad.21.1411933620138; Sun, 28 Sep 2014 12:47:00 -0700 (PDT)
Received: from spandex.local (209-112-214-211-rb1.nwc.dsl.dynamic.acsalaska.net. [209.112.214.211]) by mx.google.com with ESMTPSA id cf4sm10319967pbb.87.2014.09.28.12.46.58 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 28 Sep 2014 12:46:59 -0700 (PDT)
Message-ID: <542865B1.6070004@gmail.com>
Date: Sun, 28 Sep 2014 11:46:57 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: secdir@ietf.org, IESG <iesg@ietf.org>, draft-ietf-6man-why64.all@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/hKlf--oX7qx-8MF2FNMyBZrDsCc
Subject: [secdir] secdir review of draft-ietf-6man-why64-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Sep 2014 19:47:02 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: This document is clearly written, appears to be comprehensive with respect to the problem being considered, and is ready for publication. This draft is intended for publication as an informational document describing the possible implications of allowing a variable-length interface ID in IPv6 addresses. Basically, it is addressing and dismantling arguments against a fixed-length 64-bit IID, and describing the introduction of new failure modes should the IID length be allowed to vary. There are also results from various popular operating systems from processing neighbor discovery options when the prefixes are shorter than /64 and longer than /64, as well as a discussion of potential impacts on other published IETF specifications should the IID length be allowed to vary or be changed. The draft includes a privacy issues subsection: Big ups for that. Specific security concerns: there may be situations in which the IID is intended to be hard to guess, and a 64-bit length increases the cost of finding the identifier: It is hard to state in general how many bits are enough to protect privacy, since this depends on the resources available to the attacker, but it seems clear that a privacy solution needs to resist an attack requiring billions rather than millions of guesses. Trillions would be better, suggesting that at least 40 bits should be available. Thus we can argue that subnet prefixes longer than say /80 might raise privacy concerns by making the IID guessable. Security considerations are largely operational, with very clear discussion of implications of address formats for resistance to scanning attacks and DOS attacks, acknowledging that there may be other resource exhaustion attacks available that could possibly be exacerbated by sparsely populated subnets. A nits check picked up an outdated reference (draft-templin-aerolink is now at version -40), and choked on the '+' in "draft-odell-8+8.00" (bug in the nits checker draft name parser). Melinda
- [secdir] secdir review of draft-ietf-6man-why64-05 Melinda Shore
- Re: [secdir] secdir review of draft-ietf-6man-why… Brian E Carpenter