IETF Logo Mail Archive

Re: [v6ops] draft-smith-v6ops-local-only-addressing

Fred Baker <fredbaker.ietf@gmail.com> Mon, 02 December 2019 19:55 UTC

Return-Path: <fredbaker.ietf@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBB1C12003F for <v6ops@ietfa.amsl.com>; Mon, 2 Dec 2019 11:55:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b0aPVh8DJyNC for <v6ops@ietfa.amsl.com>; Mon, 2 Dec 2019 11:55:32 -0800 (PST)
Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF57D120018 for <v6ops@ietf.org>; Mon, 2 Dec 2019 11:55:32 -0800 (PST)
Received: by mail-pl1-x636.google.com with SMTP id s10so398617plp.2 for <v6ops@ietf.org>; Mon, 02 Dec 2019 11:55:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=iFZdC3IB2rWqn5T+meR9cJ6hJMGPSwmBAjz84XLmwbA=; b=Qkq0iLlf/WmfeBNP64hDQhrMUPL1wqD9CN3JhYWqXrL71K08vQPrzOb9VI/JbtxJuM WOR3+L+ivdu/W5wdzhn1LKlD5TkxsjNhV2d0DVuTHFv2Q7r19BeZvoCilx58fBoG7R2T MwcYMZ//bSVF6zg4twvElMbA5pKIEiL0KgueAw4kCXQzt88K4Y5oCQeU2EvJlbOjbh86 0x8LQZMFn1lincht7q5NbfZiA5I0NBdlTqKgLcjbiM9Nf+89hGbACTHkV6RkgxmOZ+nS EHbZeIK8YtYWLrzRzDooisWp9OHc2mBouwN6RNw1EfNaYnMF1gT9e4RX50YWfIdKrhZm 8lNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=iFZdC3IB2rWqn5T+meR9cJ6hJMGPSwmBAjz84XLmwbA=; b=WCkxLE9Geb+oYM1nLP90CrtmCmtm2sl60GZ6cPe7F9/mXV4hk7PfTVHrm3uvkToTZt SNyGyMPeIFpjyZAmjBt82xsskOPC8t2vLyFWJMMDo92fkY3KHUzYKzjn9UxQ3RSVcE7+ ThBeMW/2SQZJIFuvgIXYV6wi+SsvIxrOMU8c9KApt3dPhQ6sA8T0yWZ8XqlYxV6pNPvk EH13l38QTlfzvEjdRtH8yqqwfObTk+cDOstHLi2abMqcgzYhbNO21A9KEsRXXaIBCVB0 RrpFErhkDix5E9ak28L2tFybnRg1f8epxplVSR1s60iHre0wXTVAsVDFkoyRtLLeqOeV v5ww==
X-Gm-Message-State: APjAAAXezC5eZYjZwg5nsnvxphVrxTScHWVu/1VhBuRccqtdxjqft7Or 56sVvj9ViwlzIDP+5roDLVLxrn6D
X-Google-Smtp-Source: APXvYqyKlkYRz0afdh6VD/tai/hYjiZg/LMT1kRwQukvuLjy74oCyeD5DFTgib/81vkx0NP4Mi1j1g==
X-Received: by 2002:a17:90b:4391:: with SMTP id in17mr911519pjb.33.1575316532370; Mon, 02 Dec 2019 11:55:32 -0800 (PST)
Received: from ?IPv6:2600:8802:5900:13c4::100b? ([2600:8802:5900:13c4::100b]) by smtp.gmail.com with ESMTPSA id s11sm390824pgo.85.2019.12.02.11.55.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Dec 2019 11:55:31 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
From: Fred Baker <fredbaker.ietf@gmail.com>
In-Reply-To: <8237CDA6-DF99-43BB-8FFD-FC06179F5C75@employees.org>
Date: Mon, 02 Dec 2019 11:55:30 -0800
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6CF0CF5C-7E72-4E21-A476-3A5A65DBF7FA@gmail.com>
References: <SN6PR05MB57109A5048345A6B2ECD6C5EAE410@SN6PR05MB5710.namprd05.prod.outlook.com> <8237CDA6-DF99-43BB-8FFD-FC06179F5C75@employees.org>
To: Ole Troan <otroan@employees.org>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/37lLGNefUPMyTkuAe1oF0DAuQpo>
Subject: Re: [v6ops] draft-smith-v6ops-local-only-addressing
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Dec 2019 19:55:35 -0000

I think you're thinking of an opec draft by Michael Behringer, https://tools.ietf.org/html/rfc7404. In essence, it suggests that routers only talk with each other and their local hosts using link-layer addressing in the "destination" address. 

To my way of thinking, forcing that for all sessions means that one cannot access a device from a system that it is not directly connected to. Michael's proposal was in essence to prevent attacks on routers, permitting them to white-list network management devices and exclude pretty much everything else. Doing that for hosts would make the network pretty useless, I suspect. 

> On Dec 2, 2019, at 12:14 AM, Ole Troan <otroan@employees.org> wrote:
> 
> 
> 
>> On 30 Nov 2019, at 21:14, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org> wrote:
>> 
>> draft-smith-v6ops-local-only-addressing
> 
> I believe Townsley or was it Vyncke described a security model, where a device by default would only accept incoming connections on link-local or ULA addresses.
> The device would have a global address that could be used for outbound connections, e.g. software updated.
> Can't find or recall exactly where they described this model.
> 
> Best regards,
> Ole
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email