Re: [v6ops] [Last-Call] Iotdir last call review of draft-ietf-v6ops-nd-cache-init-05

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Wed, 16 September 2020 11:40 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7077B3A111C; Wed, 16 Sep 2020 04:40:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Bhylab+7; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=St8noYea
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hKlm47ZMhKzm; Wed, 16 Sep 2020 04:40:27 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE4E23A10B5; Wed, 16 Sep 2020 04:40:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=806; q=dns/txt; s=iport; t=1600256426; x=1601466026; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=3Ayg0gtdRy3WaCR/hm0UUdl38umNFOANt0AvwSXDYA4=; b=Bhylab+7qlkcHFIoa4It90s+LZftvl9UywCrkHBnLAXLoL0xJQRwgL6h NxoHF9yf241+gbWQOzoAe9tKfKn4noah3hBCtq0QgHlcQOi/crcsV1x6F wd9IuhQTK9yIYfYFRTOcL29bCIq/M80cymOuE6MIl5qmVc1MVhc5WekdD Q=;
IronPort-PHdr: 9a23:VYkFhBFue7gkAQ8FgxAPlZ1GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e401gObQMCCrepEiuHRs+brXmlTqZqCsXVXdptKWldFjMgNhAUvDYaDDlGzN//laSE2XaEgHF9o9n22Kw5ZTcD5YVCBvzjrqyYSGx74NUx+IeGmUoLXht68gua1/ZCbag5UhT27NLV1Khj+rQjYusQMx4V4LaNkwRrSqXwOcONTlm4=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BrAQDf+GFf/4cNJK1fHAEBAQEBAQcBARIBAQQEAQFAgT4EAQELAYFRUQdwWS8sgS4Chk8DjXCFKZNKglMDVQsBAQENAQElCAIEAQEPhDwCgiICJDcGDgIDAQELAQEFAQEBAgEGBG2FXAyFcgEBAQECARIoBgEBNwEECwIBCA4oEDIlAgQBDQ0agwWCSwMOIAEOqhkCgTmIYXSBNIMBAQEFgUdBgwgYghADBoE4AYJwglxLhEmCSxuBQT+BEUOCHy4+glwBAQIBAYFdg0iCLbceCoJliHORcoMJiXiTeJJuil6QZ4QqAgQCBAUCDgEBBYFqJIFXcBWDJFAXAg2OHzeDOoUUhUJ0AjUCBgoBAQMJfI1jAQE
X-IronPort-AV: E=Sophos;i="5.76,432,1592870400"; d="scan'208";a="556089961"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Sep 2020 11:40:25 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 08GBePvS024664 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 16 Sep 2020 11:40:25 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 16 Sep 2020 06:40:25 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 16 Sep 2020 06:40:24 -0500
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 16 Sep 2020 07:40:24 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SF7bytKM0cmWfxaAFzZIdlRtUe7SbJnkyt62j6O2jtdzgfAM3boH7rai7l7k+ukWSJkB69g0foovhuUmUrG8R9zsonyXZY5hsELg+n+01hPq2xyhMu+vxvv13KsFnOaNB1fxV8IKYOX9OKbcyQGcMkETLEJPLnfz9Hf9NBcJz9LWIK1m5bnBPPwgjQRw1uuK78ww6W9QMks+dgBcE/qaSd7GQr2d7zIWRR8aERANcBzW+ZWQ5vNyW81Za5OnESuG61IR2E/3zJamrwbhFY9D2BiHDQ2jZ3kQZhl5n0d2fTgnINk341ND+JY8tmkoXA0NoMpKuaUCKfzt7IBjC7V0MQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3Ayg0gtdRy3WaCR/hm0UUdl38umNFOANt0AvwSXDYA4=; b=gXm146S+6kGqzuZZ6P49N1XBdcTGbKtMe4gqXPmoumWmEcufaaV06jmJv0HPU4N9HwO1UKGmRO0vKAmavSDcROxi0oNy6fKWDFWGRwPIvNWOF3m2hNGFhOuspOrx4x4L7dBTg8UyZhknCM6lSxJ6FCRxRG+6mK1LaYVbfdEOr2+aXwxlGe1117K5h1rWD/45KDey46A2T+N4gzPgf3MgRNCVEpPMe0548G6qOsRD0O7/XdmvFf4qrlZAJWC23SIKgfw5WAdvMysZYBhercE/Homsz3If6fzvq3WCy8KByOMyI1+7CKyQ2jPt03fS1Oowx2vKXlsotk7Tc1UDcfpFgQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3Ayg0gtdRy3WaCR/hm0UUdl38umNFOANt0AvwSXDYA4=; b=St8noYeahDnkSaYmM+LgVqG/j/7v3xK+Z/aQMqk3oGJyBqAH/alUpYKZF2Z/YOzQNEQdFUsJelpsQ57W7xYE9YUZOJbijJFeq8Xrs5RSkQYhFVc6MgbiduVtiZm4KR3p/60oDk74paqZu/Asxbri5BOCOsFrw8ECk2Acr6XZPfs=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (2603:10b6:208:ea::31) by MN2PR11MB3648.namprd11.prod.outlook.com (2603:10b6:208:f0::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16; Wed, 16 Sep 2020 11:40:21 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::119:f851:5860:da95]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::119:f851:5860:da95%4]) with mapi id 15.20.3370.019; Wed, 16 Sep 2020 11:40:21 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Philip Homburg <pch-v6ops-9@u-1.phicoh.com>, "v6ops@ietf.org" <v6ops@ietf.org>
CC: "iot-directorate@ietf.org" <iot-directorate@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: [Last-Call] [v6ops] Iotdir last call review of draft-ietf-v6ops-nd-cache-init-05
Thread-Index: AQHWi0BKGej2Cj4C8kGkBTdtCE3mKKlphjcZgAEGgACAAFIgIIAAMxVugAASFmA=
Date: Wed, 16 Sep 2020 11:40:00 +0000
Deferred-Delivery: Wed, 16 Sep 2020 11:39:24 +0000
Message-ID: <MN2PR11MB35650E694D6D44792D324E22D8210@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <MN2PR11MB35651BFF4671D89D12E7703DD8270@MN2PR11MB3565.namprd11.prod.outlook.com> <CAFU7BATkRYD6m++gb6_is6oU=PGpQDTx8V2vm0gcJEcAnc1Tgg@mail.gmail.com> <3A6E80C9-07FC-4B4E-9A20-D02C8743448F@cisco.com> <CAFU7BATk7k_6Xfis2yXxjEEx+1N6GaKZg5MZTkPXpLrsdU8mzw@mail.gmail.com> <MN2PR11MB3565BF7E140C68AAFFD93849D8210@MN2PR11MB3565.namprd11.prod.outlook.com> <m1kIUgH-0000IaC@stereo.hq.phicoh.net>
In-Reply-To: <m1kIUgH-0000IaC@stereo.hq.phicoh.net>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: u-1.phicoh.com; dkim=none (message not signed) header.d=none;u-1.phicoh.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2a01:cb1d:4ec:2200:cd9c:5e92:9bdb:21ba]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 016b55ab-7917-4c86-06ce-08d85a354b34
x-ms-traffictypediagnostic: MN2PR11MB3648:
x-microsoft-antispam-prvs: <MN2PR11MB364854B1932997472F32E96DD8210@MN2PR11MB3648.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lHS69ztxBpf3aJ4ahY7OPZ1jzE7/irdB1UalsS5frguOv4pq6E5kQZM5hL7Xi8CPzDXwWGZL4HKjxusp8tlqPP4UlYfAGCdx9dnvKOLJHq4LVGtd684JOLNJGdDnIRzBMq2T34QQHwz2F8howOEpEQSNAq0w6WHKqDgW09jI2EQh8qNpBOfsS1Ixu4Ah9gJtoEJ7xNXaTe9Eczza8Wr6VYtNubHXHYgGAg0ICX1AfU3iHZMQ0qjuQhjVnacuRNmJMAF+xghrtuBjoMiYH5foLl3X/a5gIiJEq4ex6LMy7hTeom3POz1wG2ReS1TjSDVPD7f1ziJ7OuEmUy4+eQbwhH9krzcbhBbbRyUxNxUyLVzlBsJLoBl64Pr9NOSo4FBRnf0zmrj42osXJpmTYhGTIw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3565.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(396003)(136003)(346002)(366004)(39860400002)(478600001)(2906002)(316002)(186003)(83380400001)(8676002)(33656002)(4744005)(8936002)(966005)(66446008)(66556008)(54906003)(66946007)(64756008)(71200400001)(55016002)(7696005)(110136005)(86362001)(6506007)(9686003)(66574015)(76116006)(52536014)(66476007)(4743002)(6666004)(4326008)(5660300002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: GwUdBVYReBD4mL+e9h7viYIkjiNPQclpF09uhK05hsqYb8Rpec1VLFiKZGUXivLnnLmsNzse2GTMFGI4A7jDpkNlJmiVw9DBjo48V9zV/akDEIoAWMsLaiTmDv4R1taUVwUe5StjOM+Wr6AfACLyT8hS4GcsU3E9t9Vs+z+fNZ7dUBaBLoiaWTOrRtNmQNS5wyeTYd7rBFVEzOZVxDsYvz4a1sHAea5IsLRuP/8XEVk2eO+uprvzKpP4Y7SMdn3fhrSK08BX89QOTDiD28Ldt3XlBPcLyfNe/8ii4WAH5pEq1/f9GaenKDXFHiaIEAjQouqraoEbNOCdsnr0heQBBRVICshPtYhV7cHumI7uC8HgaB9I5wm4q7wUQdi8lvqGia+ls6+oIFLXXNftUdRkjpn545saHQt8Ro7ftn6l9jEcYtDimWDDWSwJPvoD6A6Bfab+L3N+nCTVzb/+8JBJiQAOwUIwDBHwoGSLFzNS3jS7yS+G7PZDAeU1+/y+ftcfPJkIc3JERYPty+p/Q6ute9M5YzxFpLQWCEzDQY5QeEIHAcSgj/TgEs3PlK1HMPMsfigDXkuYRnCor0TZSCWTZ/cl0nzNW7QMLm7aA+R13F9mT93bP7oIYNoB0JzKyNhXUGXbU03gaX1HYoUQF19IOhMA1eoFSXlL1bWf7cgLWnoWLOP6ssNCOb5EIkC4I8OEeH25PiTDxjBYUHQhaMc/YA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB3565.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 016b55ab-7917-4c86-06ce-08d85a354b34
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Sep 2020 11:40:21.3283 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: m8ox2W78TsDsQYqiWhuQzuFm2g1vzFfHRMag6KiUaFl0Xko/35t9NjhKhPswad43gXvbsAIXM7Sq6txFVyM7kw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3648
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/QS-i8U2Hl_FpIkbM9KUIe-hNCjw>
Subject: Re: [v6ops] [Last-Call] Iotdir last call review of draft-ietf-v6ops-nd-cache-init-05
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2020 11:40:29 -0000

Hello Phil
 
> > - immediately if it is ODAD, or else upon DAD time out, the stack
> > sends a probe outside the subnet that generates an answer
> 
> This has huge privacy and security implications.

This is way, way too vague to be useful in the cons section. 
Can you please elaborate, like an example attack? 
Also, is the current stack behavior exposing the user to that threat as well?

> On the other hand, if the host would do NUD using the new source address and
> the router's (link-local) address then the host can be sure that the router
> learned the host's new address. The host is then also sure that the router
> considers the address on-link.

See https://datatracker.ietf.org/doc/html/draft-ietf-6man-grand-03#section-8.3

Keep safe, 

Pascal