IETF Logo Mail Archive

Re: [Softwires] [dhcwg] WGLC for draft-ietf-dhc-dhcp4o6-saddr-opt - EXTENDED - Respond by April 17, 2018

ianfarrer@gmx.com Wed, 09 May 2018 07:53 UTC

Return-Path: <ianfarrer@gmx.com>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A3E71270A7; Wed, 9 May 2018 00:53:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0WhfEbS6rIO7; Wed, 9 May 2018 00:53:16 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A52A12E036; Wed, 9 May 2018 00:53:15 -0700 (PDT)
Received: from ians-mbp.lan ([80.159.240.8]) by mail.gmx.com (mrgmx103 [212.227.17.174]) with ESMTPSA (Nemesis) id 0MZD0K-1f25LW1NjI-00L18P; Wed, 09 May 2018 09:53:10 +0200
From: ianfarrer@gmx.com
Message-Id: <492AB927-9AC6-4B83-9E61-C38E5D0F028E@gmx.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FB8B625C-286A-46EA-95CF-2C6BA2C17757"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Wed, 09 May 2018 09:53:09 +0200
In-Reply-To: <C6EBAF19-D0B9-4E83-B1A3-298F7160120F@cisco.com>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-dhc-dhcp4o6-saddr-opt@ietf.org" <draft-ietf-dhc-dhcp4o6-saddr-opt@ietf.org>, "softwires@ietf.org" <softwires@ietf.org>
To: "Bernie Volz (volz)" <volz@cisco.com>
References: <35d79f1b7eba44ebbd1166abdec3f75e@XCH-ALN-003.cisco.com> <6101fb2ad0f94af9a87be709056cdaeb@XCH-ALN-003.cisco.com> <290a895002ca49929fa0b3f7c7fa77ca@XCH-ALN-003.cisco.com> <5AC34DC3-5F29-4A2D-9DE0-B50CFE92E040@gmx.com> <C6EBAF19-D0B9-4E83-B1A3-298F7160120F@cisco.com>
X-Mailer: Apple Mail (2.3445.6.18)
X-Provags-ID: V03:K1:u2YoF4+4wyd367i0jOpqdv6fLhy7JQHE56uT502sncCqH5fZPZg ihP+fO0JooHz+c3X0ESqKls0WoKNLdptknFxX5ugBbhQkLUTJ0HstcPZnrU8ZQ1rhvzKFRz Ui2G8tZHxYLfymRPo54t76t+XZH2Pf5EyfBZbTqiER7EDBgUXHqrxm33UYxCom4J0Nhxhaf dOqhnudSFJ7cUVrKuWwnA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:hJ2ZA2K3Yws=:o1okt4FUNQgxHX0brNyNeZ G/54VXSwGL4C+7LWu5Zhvr7DI2N1/sroOci8zVMvoqPBQop5BttNYmNREJXz4qWpjGXNApS3o 624WBffPvuohI6XxmFmTN9LVkYUe7H26F1dmA3HLBl2oAS1edVe/km55VwuSWFIPsAb7pPADQ eupdVGSP9PqAUsNdfto2erzM6OofxEarVt7Dbp2XQ1BvaRuOTrFzW/Npxbalvt+c/vY9c50VA tYbKwz62StZ4fCwiV+UdGWZAkotSGLGg4o3Pai4rfJQTLP7RwXncqVi9Mpbw2BOhyKcqtexhh fGTaiDsQ7L6jnphlFMQlDvYo1K4tMoezCef7kbXzzWaeO6rODHieGDyj07RTsoOl0F0tJGzbv Sa1b28DA88EAJdmMQXWO1rcCaejp16qNWuy2z3Ds4hj5V+o6xQfJnFLWj2orC1MJBL+8d7Nig kJNzm5TSa3JAtYTZ6nyo7/t5JtVk39IgVeL2sFBvERpgLi/z+gaMo+YjpVL8/5ZUEdNNSKmmG zkxPJzEqriXo22W+H1IMaQEVtZbH26LUUkKi3xDGnM8e+pKxLTbUIAKn5xWJSWhVW/Lt8Ykho bL2q2sNv4qJVOd13g0tBxCuOfcnCiOspkAFPYMqbjW9W46EPP9OJ1ON7b26OEv0SxpXHhGqUW 2QrPJ+JnJgHbq/HW7E9eFXl6Jh5b9b1Cm9IBPM6P58Y2qyB1BnAh7cWjLIIJaVy6vW8GYdZtI jyrokOBLBzQdYXuY24svjSbeM6iaQGah24G8blZo63kxJytRybdLsobkm4TfbqrzlouBETgqV DfB8iiS
Archived-At: <https://mailarchive.ietf.org/arch/msg/softwires/U7YhJLnUU1fedCfiCk0OMIF_hKI>
Subject: Re: [Softwires] [dhcwg] WGLC for draft-ietf-dhc-dhcp4o6-saddr-opt - EXTENDED - Respond by April 17, 2018
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/softwires/>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 07:53:18 -0000

Hi Bernie,

Thanks. I’ll still with 3315bis for now then.

BTW - I’ve added another paragraph to the Sec. Considerations section reading:

   A client may attempt to overload the server by sending multiple
   source address update messages (see Section 7.2.1) in a short time
   frame.  This risk can be reduced by implementing a server policy
   enforcing a minimum time interval between client address changes as
   described in Section 8.1.

DOS prevention was the reason for including the minimum time in the first place, so I think it makes sense to list it here.

Cheers,
Ian

> On 8. May 2018, at 16:39, Bernie Volz (volz) <volz@cisco.com> wrote:
> 
> Hi Ian:
>  
> Thanks … suggested text changes look good. I would think it best to reference 3315bis … hopefully it won’t hold up publication of this draft since it may take RFC Editor a bit longer to process the 3315bis document, but they also will have a head start. (If it does hold it up and we need to expedite release of this draft as an RFC, we can always ask for reference to change to 3315.)
>  
> Bernie
>  
> From: Ian Farrer <ianfarrer@gmx.com>
> Date: Tuesday, May 8, 2018 at 10:10 AM
> To: Bernie Volz <volz@cisco.com>
> Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-dhc-dhcp4o6-saddr-opt@ietf.org" <draft-ietf-dhc-dhcp4o6-saddr-opt@ietf.org>, "softwires@ietf.org" <softwires@ietf.org>
> Subject: Re: [Softwires] [dhcwg] WGLC for draft-ietf-dhc-dhcp4o6-saddr-opt - EXTENDED - Respond by April 17, 2018
>  
> Hi Bernie,
>  
> Many thanks for the review. I’ve had a look through your comments and they all look straightforward enough. They will be in the next version with Tomek’s comments.
>  
> Here’s my suggestions in response to a couple of your comments:
>  
> SECTION 9:
>  
> -          More of a question – do the new options or procedures add any new or different considerations? If not, great.
>  
> There is one case that I think is missed. I’ve update the Security Considerations section to add the following text:
>  
>       A rogue client could attempt to use the mechanism described
>       in "Changing the Bound IPv6 Softwire Source Address” to redirect IPv4 traffic
>       intended for another client to itself. This would be performed by
>       sending a DHCPREQUEST message for another client's active IPv4
>       lease containing the attacker's softwire IPv6 address in
>       OPTION_DHCP4O6_S46_SADDR.
> 
>       For such an attack to be effective, the attacker would
>       need to know both the client identifier and active IPv4
>       address lease currently in use by another client. The risk
>       of this can be reduced by using a client identifier format 
>       which is not easily guessable, e.g. by including a time 
>       component for when the client identifier was generated
>       (see [I-D.ietf-dhc-rfc3315bis] Section 11.2).
>  
>  
>> -          And, it is rather odd that DHCPv4 (RFC2131) and DHCPv6 (draft-ietf-dhc-rfc3315bis) aren’t referenced in the document. They are implicit because RFC7341 is referenced, but not always clear that this is the best way to go. But I didn’t find any easy way to incorporate these references directly.
>  
> I’ve added the following to Section 4. Solution Overview:
>  
> In order to provision a softwire, both IPv6 and IPv4 configuration
> needs to be passed to the client. To map this to the DHCP 4o6
> configuration process, the IPv6 configuration is carried in
> DHCPv6 options [I-D.ietf-dhc-rfc3315bis], carried
> inside the DHCPv6 message DHCPV4-RESPONSE (21) 
> sent by the server.
>  
> And:
>  
> IPv4 configuration is carried in DHCPv4 messages <xref target="RFC2131"/>,
> (inside the DHCP 4o6 option OPTION_DHCPV4_MSG (87)) using the mechanism
> described in <xref target="RFC7341"/>.
>  
> The normative refs. are updated with these as well.
>  
> BTW, should I be referencing RFC3315 or the -bis version as normative at this stage?
>  
> Thanks,
> Ian
>

v2.23.0 | Report a Bug | By Email