IETF Logo Mail Archive

Re: [v6ops] FW: New Version Notification for draft-ipversion6-loopback-prefix-00.txt

Falcon Darkstar Momot <falcon@iridiumlinux.org> Wed, 18 February 2015 00:33 UTC

Return-Path: <falcon@iridiumlinux.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BCB91A8867 for <v6ops@ietfa.amsl.com>; Tue, 17 Feb 2015 16:33:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JPvVuzhjymWf for <v6ops@ietfa.amsl.com>; Tue, 17 Feb 2015 16:33:16 -0800 (PST)
Received: from smtp.iridiumlinux.org (akira.iridiumlinux.org [184.70.203.174]) by ietfa.amsl.com (Postfix) with ESMTP id 8E2381A1B0A for <v6ops@ietf.org>; Tue, 17 Feb 2015 16:33:16 -0800 (PST)
Received: by smtp.iridiumlinux.org (Postfix, from userid 65534) id E725613F41FD; Tue, 17 Feb 2015 17:33:15 -0700 (MST)
X-Spam-ASN:
Received: from [192.168.1.135] (unknown [96.53.15.166]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.iridiumlinux.org (Postfix) with ESMTPSA id 3F85C13F41F8 for <v6ops@ietf.org>; Tue, 17 Feb 2015 17:33:14 -0700 (MST)
Message-ID: <54E3DDC7.7070806@iridiumlinux.org>
Date: Tue, 17 Feb 2015 17:33:11 -0700
From: Falcon Darkstar Momot <falcon@iridiumlinux.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: "v6ops@ietf.org WG" <v6ops@ietf.org>
References: <D1076758.8F7D%edward.lewis@icann.org> <419285087.7936915.1424128613951.JavaMail.yahoo@mail.yahoo.com> <54E2A454.3080908@iridiumlinux.org> <CAKD1Yr0oR78UWubp4ZfWQgua5SEw1cFiKJbidDbCqxKWquKGew@mail.gmail.com> <54E2A721.7010106@iridiumlinux.org> <CAKD1Yr0JZ735RWO=yvrQ9PRHkfnX4juMgugQ1XODgU7+K9Cm4g@mail.gmail.com> <54E2A879.2010201@iridiumlinux.org> <D108B631.8FEA%edward.lewis@icann.org>
In-Reply-To: <D108B631.8FEA%edward.lewis@icann.org>
Content-Type: multipart/alternative; boundary="------------050309090707010402080901"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/AaryxnX9UEONknrmcCCc9U73NpE>
Subject: Re: [v6ops] FW: New Version Notification for draft-ipversion6-loopback-prefix-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Feb 2015 00:33:22 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
On 17/02/2015 07:33, Edward Lewis wrote:
> On 2/16/15, 21:33, "Falcon Darkstar Momot" <falcon@iridiumlinux.org
<mailto:falcon@iridiumlinux.org>> wrote:
>
>     On 16/02/2015 19:30, Lorenzo Colitti wrote:
>>     On Tue, Feb 17, 2015 at 11:27 AM, Falcon Darkstar Momot
<falcon@iridiumlinux.org <mailto:falcon@iridiumlinux.org>> wrote:
>>
>>         The point is that they're addresses, not tags.  Why would you
allocate addresses that have absolutely no purpose in relation to routing?
>>
>>
>>     Pointing network  at addresses inside 127.0.0.0/8
<http://127.0.0.0/8> is a very reliable way to cause said applications
to fail fast without emitting any packets. We don't have a way to do
that in IPv6 except pointing them at ::1.
>     How about discard, 0100::/64 as per RFC6666?  This seems rather
more explicit than using loopback as discard.
>
>
> I’ve carved up this thread a bit because it contains a case of
protocol engineering vs. protocol operations conflict.
>
> Yes, architecturally, I find the use of encoding messages in addresses
rather appalling.  What I called “overt covert” channels are cute tricks
that are just that, tricks.  The more of these one tries to support in
an architecture, the more difficult it is to fully exercise innovation
in the architecture.  (My background is tied to DNS, and this is pretty
evident there.)
>
> OTOH, operationally, the Internet Protocol stack is a challenge to
manage.  The basic definition of Internet Protocols haven’t left a lot
of hooks for management and operations, having been born in the days
before there was a lot of experience upon which to draw lessons and thus
requirements.  (Again, very evident in DNS.)  Operators have over time
had to work with what they have, some of their choices present
challenges to architectural models.
>
> I’d be out of my depth to rationalize why DNSBL’s do what they do.  I
can imagine a few reasons (or excuses depending on one’s perspective)
and I am tempted to add some conjecture.  But that would be wrong on the
list.
>
> For controlled interruption, the uphill battle was passively coercing
the installed base to be caught in the trap (as systems errantly sending
unintended queries).  The way to do this is to tap into the address
record lookups.  The backchannel is the operations use of logs - where
the ‘connection to 127.0.53.53 failed’ would appear.  Controlled
interruption includes other record types, including a TXT record which
has a short message.
>
> The goal is two fold.  One is to get a message back.  Two is to have
the node not leak anymore than it already has.  (IMHO, the idea of
wanting a loopback is a bit overreaching, the goal is not to have the
node successfully send anything within itself.)
>
> Way back (1998+/-) when DNSSEC was being developed, I wanted to ‘get a
message back’ and thought I’d be able to depend on SNMP - a nice
architectural thing to, but that wasn’t achievable.  (There’s no real
good back channel for DNSSEC detection of failures - it’s still actively
discussed on mailing lists.)  That’s just an example of the challenge of
getting ‘a message back.’  (The analogy here is a bit weak, DNSSEC
wanted to reach the administrator of the node with the failure, for
controlled interruption and DNSBL’s have different relationships.)
>
> The suggestion to use the discard block is an interesting one, but it
doesn’t quite attain the goal of preventing leakage.  The goal is to
have the node not even generate the datagram, as opposed to having a
recipient know to discard it.  It’s not a bad suggestion, but the mere
fact the action is taken at the recipient means there’s that much
leakage.  (Of course, I don’t know what existing implementations would
do with the address block I’ll propose to mean ‘don’t even make this
datagram’.)
>

While it is possible to envision a DNSBL being queried for relay
addresses to use internally to a host as part of mail routing, what I
understand is that the DNSBL is not necessarily dispositive (in
spamassassin it certainly isn't), and so the MTA or its spam filter
makes the query but processes the returned A record as a tag in nearly
every case.  Certainly, using a DNSBL to get a next hop is operationally
disadvantageous if the DNSBL is not working correctly, and could even be
used to man-in-the-middle mails.

So, while someone might be using DNSBL queries to route mail, it doesn't
seem like either the normal or correct thing to do.  It would be
interesting to hear from a DNSBL operator on this topic, if for no other
reason than to ask why they do as they do with 127.0.0.0/8 addresses.

This quandary is not illuminated in RFC5782, the DNSBL RFC.  However, we
do there specify (perhaps inelegantly) in section 2.4 that DNSBLs are to
return A records for queries against IPv6 addresses just as they would
for IPv4.  The TXT record is used only for a comment (perhaps this is
why it is not used as a tag).  Why a new RRtype is not requested I could
not say.

On a different topic, I may have misspoke when recommending ipv6 discard
for this purpose - since it is intended for RTBH, it doesn't prevent
leakage at all (quite the opposite).  Nor does link-local, since the
traffic may be leaked across a link.  The documentation prefix would,
but it is not appropriate to apply non-documentation semantics to
documentation addresses.

Loopback does not prevent leakage.  A local listener could still receive
the traffic, and that local process may be running with whatever
credentials.  It is as weak for this purpose as link-local.

::/128 would definitely prevent leakage.  This is only one address, and
it does have the meaning "unspecified" if memory serves, which seems
exactly what one might want if they would rather the packet not even be
generated.

If someone needs a set of addresses, we'd need to assign a prefix
(perhaps 100:1::/64?) for that, since nothing else fills that role, but
it's difficult to find a use case that isn't architecturally abhorrent. 
Then again, if that is what it takes to prevent people from using other
things (such as loopback) for this purpose, that's exactly what we
should do.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
 
iQIcBAEBAgAGBQJU493GAAoJEM2g2ken2JPs5pEQAJdze1aEKvdPJC95lCYAZfZl
24uvM/6aAsX86A14vmPR59OIhH6d8B+732QSOBGrITfEDGMRrcMHDNUXaPqK0S3O
GnbbHnaHB+dy4ZI/am24SFnBGpj55Vw+NmB2akVmpIJQcYuP5aMCURWpSVv3ogny
78zutlmXODGcZ785YKkebs86uTMWK0AE12Gil/PCJNAKG8lbx///+RO1SZOX9+wS
nzkrnHBpvOy3rk56ppBa9xWBnnoWMj/qMmFxTRT1Z75VAWgO489QECSOI8uSJ7JO
MndJ4Dq4dVTyeEBD+ppHmMfHj4Sv9NlWoodxmPphjEWhDjxCYQMan2OuF/Gt1LEd
YEdDRPeAd945XHfcb/UZCfIJp+e8+zBEGr3l5qd25knIVY9G1eCAS9DrSixdVqO/
RL9L3nqzMFlTBAwcObHDh4hEafk/lroD+vdV8pEeOTFjUlqlQp2gAteSKisspYIQ
uEJvNsVaPnuQFxw0mtOQ5qii8R6/qRWCQri7MPnHLL09cNE+CMxHvYn8puq7C9XE
XMAfkrR6oPPqxUt0DqjAMu3A1bNzPNgB9bjbaE6bJGwG39jnUovET/vzyaFV6Z4G
wOXs/6oWJcvX3XXPHMPiXR/PqCaYPqukNV5ygyIrjphRNEx4SUyXGwoK2JQzC1xb
Sv7FcDFH9flG1tTb9VGc
=Nqlh
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email