Re: [secdir] secdir review of draft-ietf-6man-addr-select-opt
"Dan Harkins" <dharkins@lounge.org> Thu, 13 June 2013 03:17 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3103321F9921; Wed, 12 Jun 2013 20:17:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lcJQorLJlNwt; Wed, 12 Jun 2013 20:17:31 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id AD18A21F9814; Wed, 12 Jun 2013 20:17:31 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id E203E1022400A; Wed, 12 Jun 2013 20:17:30 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Wed, 12 Jun 2013 20:17:31 -0700 (PDT)
Message-ID: <5ffd0e5973e67c773b8ce3d345010c8f.squirrel@www.trepanning.net>
In-Reply-To: <5F8FAF51-833A-4C75-9FFC-BE17ADF27994@employees.org>
References: <3dc2e7cf8e11e1928d71c08895be5c68.squirrel@www.trepanning.net> <14984CD7-6EDD-49E6-A3C2-4775E80041AC@employees.org> <fb61afaa7d78273cb257bab766d03bcc.squirrel@www.trepanning.net> <5F8FAF51-833A-4C75-9FFC-BE17ADF27994@employees.org>
Date: Wed, 12 Jun 2013 20:17:31 -0700
From: Dan Harkins <dharkins@lounge.org>
To: Ole Troan <otroan@employees.org>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: draft-ietf-6man-addr-select-opt.all@tools.ietf.org, secdir@ietf.org, draft-ietf-6man-rfc3484bis@tools.ietf.org, iesg@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-6man-addr-select-opt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2013 03:17:37 -0000
Hi Ole, Yes, I am fine with Arifumi's clarification. Thanks. regards, Dan. On Wed, June 12, 2013 3:06 am, Ole Troan wrote: > Dan, > > apologies for the delay, I discussed this directly with Arifumi, and I > hope his latest message clarifies the issue. > > to rephrase in my words; > OPTION_ADDRSEL is used to carry the A-flag (the hint to a host to disable > automatic row addition) > and to carry policy table options. > the A-flag is a hint to the host to disable automatic row addition. > if OPTION_ADDRSEL contains policy table options the A-flag is redundant. > (as policy table options and the A-flag are incompatible). > > if you are fine with this, I will ask the authors to update the draft to > make this behaviour explicit. > > Best regards, > Ole > >>> let me chime in as the document shepherd. >>> (thank you very much for the thorough comments by the way). >>> >>>> For instance, while I think I understand the policy override of RFC >>>> 6724, having the Automatic Row Additions Flag be part of the address >>>> selection options seems problematic. If it is set to zero, then what >>>> are >>>> the semantics of such a message? "Here's an address selection option >>>> but don't you dare use it!"? What is the point? Me, as a node, can >>>> have >>>> this as part of my policy state which would allow me to ignore such >>>> an update but to have the bit be part of the option to update does >>>> not seem to make much sense. The semantics of the message needs >>>> to be explained much more clearly, or the bit needs to be removed >>>> from the message. >>> >>> my reading of the meaning of the A flag is a little different. (I have >>> cc'ed the authors of rfc6724 for confirmation.) >>> >>> an implementation of RFC6724 may automatically add entries in the >>> policy >>> table based on addresses configured on the node. >>> e.g. the node has an interface with a ULA address. >>> >>> RFC6724 also says: >>> An implementation SHOULD provide a means (the Automatic Row Additions >>> flag) for an administrator to disable >>> automatic row additions. >> >> That makes perfect sense. A client implementation SHOULD provide a >> means to disable automatic row additions. So it has some knob that can >> be turned on or off locally that would allow for update of its policy >> table >> by receiving policy options (enable) or forbid received policy options >> from >> updating the policy table (disable). >> >>> the A-flag in draft-ietf-6man-addr-select-opt provides the means. >> >> So this is where I'm confused. The sender of the policy option should >> not have the ability to control the knob that an implementation added >> locally to satisfy RFC 6724. If a client implementation sets its knob to >> "disable" then it forbids policy option updates to its policy table. It >> shouldn't inspect the received option update to decide whether it >> should override the setting of its local knob. >> >> This seems like a security issue to me. There's a reason why an >> implementation would choose to disable updates of its policy table >> and allowing the sender of policy updates to override that seems >> wrong. >> >>> it does not affect the policy entries that is contained in the DHCP >>> option. >>> the A-flag only affects the RFC6724 behaviour of adding entries based >>> on >>> address configuration on the node. >> >> Again, according to the draft a message can be received by a client >> implementation that provides policy update options to its policy table >> with semantics of "you SHOULD NOT use these!" So what is the point >> of sending that message? Why not just refrain from sending the message >> if that's what the message is? >> >> Would you ever tell someone, "disregard what I am about to tell you"? I >> can't see why. And that's what the semantics of this message seem to be. > > > >
- [secdir] secdir review of draft-ietf-6man-addr-se… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Ole Troan
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Ole Troan
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-6man-add… Ole Troan
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Arifumi Matsumoto
- Re: [secdir] secdir review of draft-ietf-6man-add… Dan Harkins