Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 04 August 2020 00:04 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57FE83A118B; Mon, 3 Aug 2020 17:04:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lxf_cEoN1soo; Mon, 3 Aug 2020 17:04:26 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 078603A0D91; Mon, 3 Aug 2020 17:04:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 75B8738999; Mon, 3 Aug 2020 19:43:47 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id nBcK4hqTz-Ep; Mon, 3 Aug 2020 19:43:41 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 6E5323898E; Mon, 3 Aug 2020 19:43:41 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id A93F163E; Mon, 3 Aug 2020 20:04:18 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Tony Finch <dot@dotat.at>, v6ops list <v6ops@ietf.org>, 6man <ipv6@ietf.org>
In-Reply-To: <alpine.DEB.2.20.2007311707380.16320@grey.csi.cam.ac.uk>
References: <96fa6d80137241dd9b57fcd871c8a897@huawei.com> <CAFU7BARePzdeU5DFgoOWyrF0xZCj67_xkC2t8vMN2nH0d8aUig@mail.gmail.com> <37e2a7110f6b423eba0303811913f533@huawei.com> <CAFU7BATiD8RkiWXjrxGuAJU-BUwRQCErYZivUPZ-Mc_up_qGxQ@mail.gmail.com> <aebc46c9b813477b9ae0db0ef33e7bd9@huawei.com> <CAO42Z2yL7+GbO6QRaNzFYoBXLF-JZ2NfwgTTt2zerKhJLwt2Lw@mail.gmail.com> <3C1ECB6F-E667-4200-964F-AB233A0A56E9@cisco.com> <91D98D51-4045-4331-A711-8387ECE73400@fugue.com> <F56A89D4-0DA3-4A9B-ADC1-FC51ECAB193B@delong.com> <alpine.DEB.2.20.2007311707380.16320@grey.csi.cam.ac.uk>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Mon, 03 Aug 2020 20:04:18 -0400
Message-ID: <16770.1596499458@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/5WUk-cb8YBxOy4YCm0JjeuYE_CE>
Subject: Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2020 00:04:27 -0000

Tony Finch <dot@dotat.at> wrote:
    > Owen DeLong <owen@delong.com> wrote:
    >>
    >> Indeed, as an operator, IMHO, if there’s a place we need to focus on
    >> improving L2 attack surface in v6, it’s in finding better ways for
    >> {routers, hosts, switches} to mitigate/absorb this type of resource
    >> exhaustion attack. Unfortunately, this is a hard problem to solve, so we
    >> focus on moving the deck chairs we can move while ignoring the
    >> elephant-sized hole in the bulkheads that we don’t know how to patch.

    > If GRAND is deployed, would that allow routers to assume their neighbour
    > tables are complete, so they can just drop ND exhaustion attacks?

As said elsewhere in the thread, in general no.

Could a router develop heuristic in this direction that would help it protect
traffic during ND exhaustion attacks?  I think so.

Perhaps a signal from host to router in the ND that it does grand would be in order.

--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-