Re: [v6ops] [EXTERNAL] Improving ND security

"Templin (US), Fred L" <Fred.L.Templin@boeing.com> Fri, 31 July 2020 19:21 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE1123A0895; Fri, 31 Jul 2020 12:21:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=boeing.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EFQXnpG7HHY9; Fri, 31 Jul 2020 12:21:08 -0700 (PDT)
Received: from clt-mbsout-01.mbs.boeing.net (clt-mbsout-01.mbs.boeing.net [130.76.144.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EC663A090B; Fri, 31 Jul 2020 12:21:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-01.mbs.boeing.net (8.15.2/8.15.2/DOWNSTREAM_MBSOUT) with SMTP id 06VJL38n008195; Fri, 31 Jul 2020 15:21:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boeing.com; s=boeing-s1912; t=1596223264; bh=/ljDi5/CxBKW3bQtKtOqcAXPOVshKm6RVnuGuHWLthw=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=m+v6JTFgMbM17q3o0RHdjS242Hq4X8WgcWMcWqofJNjk/hH0dYyGBGDiwbI8PAa6h A1JSbLUVxKPALtB62cY0d+3+uY4OmiHFOmGMQzci+pmhlzAQzdo7vCpPebrm2UMGH0 8OuRRaR4ZmBHQFEkb+MOqyx82lqCGzgP6rdEOhgp2h12g0/nZuDD6JSR4B80ULwZmi xP+5deAPWSj0xrgPKrDhViRWELBk2tk747iqhEcBsj8LQUTYKdrDhxam0QCLt+YwVP ry9sPBzY3Tb1ekXf3re4OrXaIdpagwSsOrN4d0GohBJveBJu7eozyTqsP+Rg3MlfXV Pj4GYztRHhijw==
Received: from XCH16-07-12.nos.boeing.com (xch16-07-12.nos.boeing.com [144.115.66.114]) by clt-mbsout-01.mbs.boeing.net (8.15.2/8.15.2/8.15.2/UPSTREAM_MBSOUT) with ESMTPS id 06VJKvok007069 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=OK); Fri, 31 Jul 2020 15:20:58 -0400
Received: from XCH16-07-10.nos.boeing.com (144.115.66.112) by XCH16-07-12.nos.boeing.com (144.115.66.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1979.3; Fri, 31 Jul 2020 12:20:56 -0700
Received: from XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5]) by XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5%2]) with mapi id 15.01.1979.003; Fri, 31 Jul 2020 12:20:56 -0700
From: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
To: Fernando Gont <fernando@gont.com.ar>, Ted Lemon <mellon@fugue.com>
CC: "Pascal Thubert (pthubert)" <pthubert=40cisco.com@dmarc.ietf.org>, "v6ops list" <v6ops@ietf.org>, 6man <ipv6@ietf.org>
Thread-Topic: [v6ops] [EXTERNAL] Improving ND security
Thread-Index: AQHWZ1UXpJjqh6zAPESbZadyenD7WakiCyMEgAAE7IA=
Date: Fri, 31 Jul 2020 19:20:56 +0000
Message-ID: <c6517736bb8a4367b8222406ed2c4472@boeing.com>
References: <96fa6d80137241dd9b57fcd871c8a897@huawei.com> <CAFU7BARePzdeU5DFgoOWyrF0xZCj67_xkC2t8vMN2nH0d8aUig@mail.gmail.com> <37e2a7110f6b423eba0303811913f533@huawei.com> <CAFU7BATiD8RkiWXjrxGuAJU-BUwRQCErYZivUPZ-Mc_up_qGxQ@mail.gmail.com> <aebc46c9b813477b9ae0db0ef33e7bd9@huawei.com> <CAO42Z2yL7+GbO6QRaNzFYoBXLF-JZ2NfwgTTt2zerKhJLwt2Lw@mail.gmail.com> <3C1ECB6F-E667-4200-964F-AB233A0A56E9@cisco.com> <91D98D51-4045-4331-A711-8387ECE73400@fugue.com> <a43ffd94d6364a0f869cd4c694ab7432@boeing.com> <5FB3E98B-6CEE-458C-90B7-E6FD73C7AFDE@fugue.com> <caa62d8d93594f7ea445a403fac8c140@boeing.com> <25FAEE9A-3D14-4428-A573-5EFE863219D2@fugue.com> <483c9813-4a19-cb0b-b054-ef6b65202d4a@gont.com.ar>
In-Reply-To: <483c9813-4a19-cb0b-b054-ef6b65202d4a@gont.com.ar>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [137.137.12.6]
x-tm-snts-smtp: 59057C42C0DBDF620C3728EE1CEA5A0B26EC0F84CB81A7B8CA8FD2122BE88A792000:8
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/GDXubqsiBQfvtqLw0Yd5KC6q0Jc>
Subject: Re: [v6ops] [EXTERNAL] Improving ND security
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 19:21:16 -0000

Fernando,

> -----Original Message-----
> From: Fernando Gont [mailto:fernando@gont.com.ar]
> Sent: Friday, July 31, 2020 9:58 AM
> To: Ted Lemon <mellon@fugue.com>om>; Templin (US), Fred L <Fred.L.Templin@boeing.com>
> Cc: Pascal Thubert (pthubert) <pthubert=40cisco.com@dmarc.ietf.org>rg>; v6ops list <v6ops@ietf.org>rg>; 6man <ipv6@ietf.org>
> Subject: Re: [v6ops] [EXTERNAL] Improving ND security
> 
> This message was sent from outside of Boeing. Please do not click links or open attachments unless you recognize the sender and
> know that the content is safe.
> On 31/7/20 13:12, Ted Lemon wrote:
> > On Jul 31, 2020, at 12:10 PM, Templin (US), Fred L
> > <Fred.L.Templin@boeing.com <mailto:Fred.L.Templin@boeing.com>> wrote:
> >> */I like SEND, and it is written into my documents – is that enough of
> >> a push, or do I need/*
> >> */to do more aggressive marketing? Interested in helping?/*
> >
> > The push would have to be from somebody producing software that has
> > broad reach. And it would have to solve a real problem or nobody with
> > that reach would try to do it.
> >
> > Does it solve the problem Owen was talking about (overloading neighbor
> > tables as an attack)?
> 
> No, it doesn't.
> 
> 
> > Is there agreement that this is a serious problem in any case?
> 
> It is a problem... which seems to be more cost-effective solved with
> smaller prefixes for P2P links and/or better management of the neighbor
> cache (e.g. be more aggressive flushing/policing NC entries in the
> incomplete state).
[>] 


That is not the case we are meaning to address in the OMNI spec; the
OMNI spec looks at P2MP links with many prospective neighbors. We
like SEND for this use case.

[>] 
> SEND seems to me like a nice idea, but overly complex for the problem
> it's trying to address.
[>] 

It is more than a nice idea; it is a key element to the next-generation
(mobile) Internet architecture.

Thanks - Fred

> Thanks,
> --
> Fernando Gont
> e-mail: fernando@gont.com.ar || fgont@si6networks.com
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
> 
>