IETF Logo Mail Archive

Re: [v6ops] Please review the No IPv4 draft

Lorenzo Colitti <lorenzo@google.com> Wed, 30 April 2014 05:36 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF48E1A6EDE for <v6ops@ietfa.amsl.com>; Tue, 29 Apr 2014 22:36:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.029
X-Spam-Level:
X-Spam-Status: No, score=-2.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BgdcuKo5zznF for <v6ops@ietfa.amsl.com>; Tue, 29 Apr 2014 22:36:25 -0700 (PDT)
Received: from mail-ig0-x230.google.com (mail-ig0-x230.google.com [IPv6:2607:f8b0:4001:c05::230]) by ietfa.amsl.com (Postfix) with ESMTP id 7DD201A6EDC for <v6ops@ietf.org>; Tue, 29 Apr 2014 22:36:25 -0700 (PDT)
Received: by mail-ig0-f176.google.com with SMTP id r10so1178536igi.9 for <v6ops@ietf.org>; Tue, 29 Apr 2014 22:36:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=E4x6AvBGkH54JkOjEFgenf95jcy5IILU9UhGWOwlVZg=; b=mNWd+/0TKAqVPxaRpe0683Sbnzv4ZhEuX7oBLA3LwiHWZHT979ovWZnKMvUe0n+PIw HH/8fV5MNV99S81WV1Z4l+MPKPdbE8+fpFcF//wRyTu0mTSiBlohUQAenk+iZSGPfAPY DZ0qSMWVY22Dfs+SC8I2wrdWr4B9ONqDOETnTsG9lN+WH/tpSJJW/zHLRJsevETTDKyF xMB7mLSIxMKYrgTbKHtCPAYKStdT5t7Nl39PpsBkLcOHvjfi9SaPZxBBifo2tPlMySPA RqtwAMH7gIjJV/EdWwfXMkHBOwYK8MhM/jsALI/jSMk0V/8I0HLeRfS9WKA018VRhCyZ pdKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=E4x6AvBGkH54JkOjEFgenf95jcy5IILU9UhGWOwlVZg=; b=SCDIsx3eQanue6J0uZx4bU2e2NXKcSNAshf8EP46E2GGWKRARmrAlfMZIdmZ1Ms3Rn CUq6makEmreJLRVL4AkdvTIMnh9s4KkeG/oxTmhcx3ar8lkeoF6ov9fks9QT7/29rUkm BWk0U7XrvY9g7WKj1ovoSLk9IqBcywul+47yQToFw3g27qf88c2+Pbq+XNsxmQ25vIt2 Dz8FlbolW1mtJTadT7roaSsxjce6++o86EbM+53lDhYT6bJuMSFTP1s3R7QMGnHEjHov KLt6+G/Z/8Gi9ArDgr5PbR+lePYLnKep9hXkGVVwR9T6xhcUodnpOvf9DHN/Z2nouisY /lEg==
X-Gm-Message-State: ALoCoQmpSk6Mb3lQhHa2OPBDd3A4Y314OI0+lqEZQPpReWaj3UXMMHnJ5wVjM+ukKlLwPCo2KH+VjmleOjS2X8CRhkrQsJ6P59k1ST6g3A2qJQO2+v6BLaGgAQBuOErmLp4gKeVVfzxMQPPXCkq2AJHcbPGTe0iqtgY0gYyiS5Y9qB35C8INghz/6CDb9AXBS+ov+Y6jmjbp
X-Received: by 10.50.79.227 with SMTP id m3mr2008061igx.47.1398836183890; Tue, 29 Apr 2014 22:36:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.18.136 with HTTP; Tue, 29 Apr 2014 22:36:03 -0700 (PDT)
In-Reply-To: <alpine.DEB.2.02.1404300607110.29282@uplift.swm.pp.se>
References: <9B4139A3-77F7-4109-93AD-A822395E5007@nominum.com> <m238gxpgrt.wl%Niall.oReilly@ucd.ie> <73221D87-5F50-4689-AA42-553AF757ABF5@nominum.com> <m2mwf59uht.wl%Niall.oReilly@ucd.ie> <7310412C-64E9-4A11-9812-92A969082131@nominum.com> <20140428190804.GK43641@Space.Net> <446A720E-1128-4FFF-BB3B-780EACA9610B@nominum.com> <535EBC20.10900@foobar.org> <20140428213045.GL511@havarti.local> <19B5B5AB-FF86-408B-8E73-D5350853965B@foobar.org> <3563D9EE-CD40-4E75-A1CB-C3FB50EEEBC4@nominum.com> <535F3624.4020801@foobar.org> <alpine.DEB.2.02.1404290726011.29282@uplift.swm.pp.se> <535F3A8C.2050902@foobar.org> <E68028C1-2E6D-4D07-A113-60757457E286@nominum.com> <535F99A9.3030402@foobar.org> <0C03200E-B349-44D4-BE3F-512AD6A7A417@nominum.com> <535FCB2C.3030502@foobar.org> <8DB83B3D-D09C-4977-9B4F-75EA2DD3B71D@nominum.com> <53601BED.4050200@foobar.org> <37DC9152-EEE3-4EEF-81C7-AD5B6D0E9892@nominum.com> <536033DD.8020800@foobar.org> <alpine.DEB.2.02.1404300607110.29282@uplift.swm.pp.se>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Wed, 30 Apr 2014 14:36:03 +0900
Message-ID: <CAKD1Yr3o1vEzCQz086KZzUemmsYopDHijZbXivW1+bCGPcPpiQ@mail.gmail.com>
To: Mikael Abrahamsson <swmike@swm.pp.se>
Content-Type: multipart/alternative; boundary="089e01175f5dd7269504f83bed10"
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/6NAWAxbqgc7E-kUABr-uXkbV-DM
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>
Subject: Re: [v6ops] Please review the No IPv4 draft
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2014 05:36:27 -0000

On Wed, Apr 30, 2014 at 1:09 PM, Mikael Abrahamsson <swmike@swm.pp.se>wrote:

> Nick, if you're not doing this today you're exposing your customers to
> MITM attacks and all kinds of other bad things. What this proposal is doing
> is adding one more reason to implement proper L2 security. You're already
> screwed, this mechanism just adds one more way you're screwed.
>

Today, you're not too badly screwed if your first-hop security supports
IPv4 and your network only provides IPv4.

Yes, it's true that a rogue RA can still blackhole or MITM your traffic,
but happy eyeballs will protect you to some degree against blackholing, and
SSL will protect you (to some degree :-)) against MITM.

If this draft is published and people implement it, you are completely
screwed, because all it takes is one packet to shut down all the machines
on the network.

v2.23.0 | Report a Bug | By Email