[secdir] secdir re-review of draft-krishnan-v6ops-teredo-update-07

Tom Yu <tlyu@MIT.EDU> Tue, 01 June 2010 22:22 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0070728C1D6; Tue, 1 Jun 2010 15:22:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ho8uKajqdZZ; Tue, 1 Jun 2010 15:22:44 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (DMZ-MAILSEC-SCANNER-7.MIT.EDU [18.7.68.36]) by core3.amsl.com (Postfix) with ESMTP id 10D5228C1D4; Tue, 1 Jun 2010 15:22:43 -0700 (PDT)
X-AuditID: 12074424-b7b9dae000002832-1b-4c058827a161
Received: from mailhub-auth-3.mit.edu (MAILHUB-AUTH-3.MIT.EDU [18.9.21.43]) by dmz-mailsec-scanner-7.mit.edu (Symantec Brightmail Gateway) with SMTP id 4A.42.10290.728850C4; Tue, 1 Jun 2010 18:22:31 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id o51MMTuD006728; Tue, 1 Jun 2010 18:22:30 -0400
Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id o51MMQ68004580 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 1 Jun 2010 18:22:27 -0400 (EDT)
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id o51MMQd7002732; Tue, 1 Jun 2010 18:22:26 -0400 (EDT)
To: secdir@ietf.org, iesg@ietf.org, v6ops-chairs@tools.ietf.org, draft-krishnan-v6ops-teredo-update.all@tools.ietf.org
From: Tom Yu <tlyu@MIT.EDU>
Date: Tue, 01 Jun 2010 18:22:26 -0400
Message-ID: <ldvhblmmlzx.fsf@cathode-dark-space.mit.edu>
Lines: 14
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Brightmail-Tracker: AAAAAA==
Subject: [secdir] secdir re-review of draft-krishnan-v6ops-teredo-update-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jun 2010 22:22:45 -0000

This is a re-review of draft-krishnan-v6ops-teredo-update-07, which I
previously reviewed in its -03 version.  Most of my concerns from the
previous review have been adequately addressed.

I concur with the ballot comment by Russ Housley about quantifying the
resistance of this randomization scheme to address scanning in
relation to the general IPv6 address scanning risk.  For example, if
the attacker knows the Teredo server's IPv4 address and client's
external IPv4 address but the client's Teredo UDP port number, the
effective search space after the flag randomization is 28 bits.
Effective address search spaces for similar scenarios can be computed
easily.  Explicitly comparing the values in section 2.3 of RFC 5157
with the search space sizes resulting from implementing the technique
in this update may be helpful to the reader.