Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns

Nick Hilliard <> Thu, 30 July 2020 11:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 362F43A1088; Thu, 30 Jul 2020 04:01:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7SYLSjJXGney; Thu, 30 Jul 2020 04:01:41 -0700 (PDT)
Received: from ( [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 67C463A081D; Thu, 30 Jul 2020 04:01:41 -0700 (PDT)
Received: from cupcake.local ( [] (may be forged)) (authenticated bits=0) by (8.15.2/8.15.2) with ESMTPSA id 06UB1Pea001188 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 30 Jul 2020 12:01:26 +0100 (IST) (envelope-from
X-Authentication-Warning: Host [] (may be forged) claimed to be cupcake.local
To: Lorenzo Colitti <>
Cc: Vasilenko Eduard <>, 6man <>, "" <>
References: <> <> <> <>
From: Nick Hilliard <>
Autocrypt:; keydata= mQENBE5XyVsBCADeRjKMYehEt/qzcWEHVCg0OMY+wVM5wSrym1OpknH1YeIe5vaObSAID9ck ig676gCZ2YG4CHTmWb0tu7cMzf1Mx+K3FmRbTbk/6W4XXEJq1M4aiNY4BLbLqikMiXHY/pX/ LFj1SPjP+LWz0GLFm6LvijVBPs0P0ID6FW8BrKUqbOgzifHURKBQAwgAPvw1zjEzCNRf1B3y kCfTsnKI9HLwcjhdM49nrTYXAwQVHlxjQgIbX9zEH4j/pCb05UfygPi6+4gBLj6IsUiJJG2H eqN+P/w82IIN4WkU+akS5bAvVaytTbckABLTO8wSuc6I8RjpnNYCjSHQiHG/iei4QNS1ABEB AAG0H05pY2sgSGlsbGlhcmQgPG5pY2tAZm9vYmFyLm9yZz6JAT4EEwECACgFAk5XyVsCGwMF CQlmAYAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECOxk/MZgyq9cnEH/iB2NY5DuNjN dO7qbakE8s2LCNRUGKcJ5Dhofw8StJUf6/IxldlLye3rAJCbkUS0amU6EBJM3g2rfStshPV8 FYDEzRYBRJstg/glyo58g65V0L5/nxkCBhXw8tgnVZbUQYITsoJj09cKmQCjZQqbG43dS0nQ 6tdPrb1A5IPjkIqBrTC9UOjZdTeAqwMxDZf1AEwKgqfC+V9ySlWTWyt8AhV69Rl7vVr91NT5 ssGC5p8ftsVYjz8zj9T2oMc8lGAiny/PpmveqsrCP5MOU4ljSFikwJxSQEJS71BRetsZ/1up dujliK7fCkJKlWGtsuoBOutN+IoBryZQ7T9EIKAlGbg=
Message-ID: <>
Date: Thu, 30 Jul 2020 12:01:24 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:52.0) Gecko/20100101 PostboxApp/7.0.24
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 30 Jul 2020 11:01:44 -0000

Lorenzo Colitti wrote on 30/07/2020 11:36:
> I think the fact is that ND is inherently insecure from on-link attacks.
> If security is desired, then it needs to be provided in other ways, such
> as via SEND or SAVI. But it's also not particularly desirable to provide
> security at this layer.

ND is particularly weak from a security point of view due to its
approach to signalling, i.e. some bits use unicast udp with no token
exchange and/or no acknowledgement.  Without significant incompatible
changes to the protocol, it's difficult to see how this can be improved.

SEND has never been deployed widely and has bootstrap problems which are
difficult to resolve.  Most vendors never bothered implementing it.

SAVI moves the complexity into the L2 forwarding device.  This comes at
a cost, and the more complexity that's thrown into the ND protocol, the
more difficult this becomes.  The ND assigned codepoint registry gives
some clue as to the scale of this complexity:

> Traffic snooping is not very useful (not zero
> utility, but difficult to use well) when all traffic is encrypted, and
> on-link DoS attacks just aren't very useful these days given that many
> devices have a variety of connectivity options.

Surely you're joking?