IETF Logo Mail Archive

Re: [Status] SPRING Charter

Mark Townsley <mark@townsley.net> Wed, 16 October 2013 11:15 UTC

Return-Path: <mark@townsley.net>
X-Original-To: status@ietfa.amsl.com
Delivered-To: status@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AA9611E8235 for <status@ietfa.amsl.com>; Wed, 16 Oct 2013 04:15:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oEQeZXMGB67q for <status@ietfa.amsl.com>; Wed, 16 Oct 2013 04:15:00 -0700 (PDT)
Received: from mail-ea0-f170.google.com (mail-ea0-f170.google.com [209.85.215.170]) by ietfa.amsl.com (Postfix) with ESMTP id 2958611E81BC for <status@ietf.org>; Wed, 16 Oct 2013 04:14:58 -0700 (PDT)
Received: by mail-ea0-f170.google.com with SMTP id q10so218654eaj.15 for <status@ietf.org>; Wed, 16 Oct 2013 04:14:58 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:content-type:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=NxquyLu2e3AVvXnsZWnyDSe6w9JvN9sHPWB6LznfznQ=; b=UP17dQAKPo5/9LNOkjZ2AVvC6lyp8W4VFjhSFAzfqnfPTdVQKZNfcxHSfJ7T5+/j9i ErgBCOJGk3/eqBU12HnZMEvKYp/I7TO0U42PFeH7AbjRa2GZk45Gbxy3IdZfZGFkZjhO Ii+CEONa99ES5yfXssUPS/DZWeJuT2u2SAyZQD55GWpCVA5//kt/rx1Nx+yoTeJzDqr2 dtfMZrDBsNlvNY7zt9VR1TGHDs3RgXwtuXQUjU5OflxkwIMMJKaVElnDpmhJTqeZw7qi pSHfcDC5i5PvfoozR8lNQt3ln55NAgz+EmNW6MqzCONyvGa6KyeJ3BEU7VEM7F7Qq4c0 7KLg==
X-Gm-Message-State: ALoCoQn9t3c29oBzOuJUfyxC2oKm0yJU//Jm7kwVu6tbd3MzY3XE4y+mk9sMR4IMCk4gASCUtUOg
X-Received: by 10.15.61.73 with SMTP id h49mr3736331eex.57.1381922098148; Wed, 16 Oct 2013 04:14:58 -0700 (PDT)
Received: from dhcp-10-61-106-25.cisco.com (173-38-208-169.cisco.com. [173.38.208.169]) by mx.google.com with ESMTPSA id z12sm178350265eev.6.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 16 Oct 2013 04:14:56 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="us-ascii"
From: Mark Townsley <mark@townsley.net>
In-Reply-To: <201310151827.r9FIRnEN030512@cichlid.raleigh.ibm.com>
Date: Wed, 16 Oct 2013 14:14:53 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <41EF17D4-92FF-4FB7-9FDE-D8311C44585C@townsley.net>
References: <52584CCA.8000902@cisco.com> <201310151346.r9FDkSIl023262@cichlid.raleigh.ibm.com> <6F483334-A2CB-4775-A3D5-41C7B6F64D41@juniper.net> <201310151827.r9FIRnEN030512@cichlid.raleigh.ibm.com>
To: Thomas Narten <narten@us.ibm.com>
X-Mailer: Apple Mail (2.1283)
Cc: Jari Arkko <jari.arkko@piuha.net>, "iesg@ietf.org" <iesg@ietf.org>, Benoit Claise <bclaise@cisco.com>, "John G. Scudder" <jgs@juniper.net>, "status@ietf.org" <status@ietf.org>, stbryant@cisco.com
Subject: Re: [Status] SPRING Charter
X-BeenThere: status@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Stacked Tunnels for Source Routing \(STATUS\)." <status.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/status>, <mailto:status-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/status>
List-Post: <mailto:status@ietf.org>
List-Help: <mailto:status-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/status>, <mailto:status-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 11:15:05 -0000

Thomas,

On Oct 15, 2013, at 9:27 PM, Thomas Narten wrote:

> Hi John.
> 
>> Thomas,
> 
>> On Oct 15, 2013, at 9:46 AM, Thomas Narten <narten@us.ibm.com> wrote:
> 
>>> When it comes to IPv6, however, the question of who is capable of
>>> adding these "segment routes" becomes very significant. If the
>>> originating end node can add SRs, the attack surface for exploiting
>>> SRs becomes much more complicated
> 
>> Do you think if the document set said "a host SHALL NOT add an
>> explicit route" it would make the attack surface less complicated?
>> Why?
> 
> Not at all. We all know Bad Guys don't follow the rules. If the
> architecture allows for an end host to add stuff to a packet header
> (like an SR) that the other nodes have to deal with, someone wanting
> to exploit the system will use such a capability to do so.

I really don't think banking on an architectural designation of router vs. host is the best approach here. In particular when it comes to anything that resembles tunneling.

> 
> On the other hand, if the architecture didn't make it possible for an
> end host to do this, that would be much better. MPLS effectively
> acheives this because arbitrary end hosts don't have access to the
> MPLS layer. They can only generate IP packets...

If there is demand for SR beyond the traditional boundaries of an MPLS core network, it will find its way. I'd much rather develop this thoughtfully from the get-go than deal with the pressure to expand SR beyond the presumed boundaries of MPLS (as we have already had to do in the past with various MPLS over IP encapsulations). 

> Hence, I'd see a much safer/verifiable way to do this architecturally
> in IPv6 if it was used in conjunction with tunneling, where the tunnel
> entry/exit points were controlled by network admin.

I think Jari's text captures your higher-level point, without presupposing a particular solution:

"attackers will be unable to send source routed packets that get successfully 
processed, without being part of the negotiation for setting up the source routes"

- Mark

> 
> Thomas
> 
> _______________________________________________
> status mailing list
> status@ietf.org
> https://www.ietf.org/mailman/listinfo/status

v2.23.0 | Report a Bug | By Email