[secdir] review of draft-ietf-6man-predictable-fragment-id-09

"Klaas Wierenga (kwiereng)" <kwiereng@cisco.com> Wed, 09 September 2015 10:12 UTC

Return-Path: <kwiereng@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 0271D1B3524; Wed, 9 Sep 2015 03:12:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id xKCS5Dl69PpJ; Wed, 9 Sep 2015 03:12:45 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 915751B3140; Wed, 9 Sep 2015 03:12:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2534; q=dns/txt; s=iport; t=1441793565; x=1443003165; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=fMTb3QHSOa5lrHxDJWkCo0vZHloxGpRYsTqzOD2sis8=; b=DVJ4O8+wfAKdb/ZyZND+/PnQxcgnb+tICScrKfEJZmbnlC/VhfN/evEH UcxyC0/4JicV//kuwXZjtr1bkN5reLOoHrew56BEPirvI9aSWWIVbtg1Z V4Uo1kLGsA054A2m9c5tlx+8RxUxEQ23z/Clo0/79/9q3uY2pfPJWsCLb s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.17,496,1437436800"; d="scan'208";a="186103387"
Received: from rcdn-core-4.cisco.com ([]) by alln-iport-4.cisco.com with ESMTP; 09 Sep 2015 10:12:44 +0000
Received: from XCH-RCD-008.cisco.com (xch-rcd-008.cisco.com []) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id t89ACiUn018351 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 9 Sep 2015 10:12:44 GMT
Received: from xch-rcd-008.cisco.com ( by XCH-RCD-008.cisco.com ( with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 9 Sep 2015 05:12:44 -0500
Received: from xhc-aln-x06.cisco.com ( by xch-rcd-008.cisco.com ( with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Frontend Transport; Wed, 9 Sep 2015 05:12:43 -0500
Received: from xmb-aln-x12.cisco.com ([]) by xhc-aln-x06.cisco.com ([]) with mapi id 14.03.0248.002; Wed, 9 Sep 2015 05:12:43 -0500
From: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
To: "draft-ietf-6man-predictable-fragment-id.all@tools.ietf.org" <draft-ietf-6man-predictable-fragment-id.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: review of draft-ietf-6man-predictable-fragment-id-09
Thread-Index: AQHQ6ugR5xYesIJ6aku2acWq+4+kPA==
Date: Wed, 9 Sep 2015 10:12:43 +0000
Message-ID: <4F5FD3E9-B5A3-4AAB-A089-61B674B59ECC@cisco.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <EDBF5E586BB1B945BA60C635B42D046F@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/tNFWaAuESNjmLCP_MxjsMlmQYWk>
Subject: [secdir] review of draft-ietf-6man-predictable-fragment-id-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2015 10:12:47 -0000


I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document describes security implications of predictable values for the identification field in fragment headers for IPv6.

I believe the document has some issues, see below.

The document does an analysis of the security implications of predictable identification fields and I believe (not being an IPv6 expert) that it does a good job at that. The analysis of the potential exploits is convincing.
Where I am struggling a bit is the algorithms for selecting fragment identification values (5).

The intro text states that there are ‘a number of algorithms', but really there are only 3:
1- per destination counter random initialised
2- random value
3- hash over source, destination, secret with a counter

1 and 3 are essentially the same, the hash function in 3 performs the same function as the pseudo random generated initial value in 1 if I am not mistaken.
So really the choice is between a random value for every datagram or a random value at initialisation of a connection and increasing by 1 for every subsequent datagram.

I’d really like to see some quantitative analysis as to the impact of a random value per packet as well as between 1 and 3. Now, as an implementer I will know about the vulnerability but can not really determine what mediation route to follow.

So to sum up, I really liked the analysis part, but I would prefer some work on the solution to the problem part.


Klaas Wierenga
Identity Architect
Cisco Cloud Services