IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns

Lorenzo Colitti <lorenzo@google.com> Thu, 30 July 2020 11:06 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90B5F3A1088 for <v6ops@ietfa.amsl.com>; Thu, 30 Jul 2020 04:06:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G9g2y5HPVc0z for <v6ops@ietfa.amsl.com>; Thu, 30 Jul 2020 04:06:27 -0700 (PDT)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D244A3A10DB for <v6ops@ietf.org>; Thu, 30 Jul 2020 04:06:24 -0700 (PDT)
Received: by mail-io1-xd29.google.com with SMTP id d18so27791883ion.0 for <v6ops@ietf.org>; Thu, 30 Jul 2020 04:06:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oips88OfXp4kZBO7bWWSDtPhb5jzr4mPCEOqaEd9nGI=; b=uFPMW46yy0KcssFfZXYGvInMOi3JhRrAarTKVV6g4ix9J/Ndl6WJYQPl8lX5ckE87W YY4UuKU2Z2jHbJF8M/dLPrMok9JKGYu0yq2dFq5uHnASjs66jrezSlm4Y5RmSQ0m7sYP wqV76Xs66S5dt5SAwXLr9KyY3rzRFS5ESklre3ivYv7jVB1JUA6oYcpXj219Wb19pkPn ZUR2EqI9j1cvOUPlyF2HG0zMNR3RiSpyrz+aplCmoFSqoN6VLioygTmkb3zpUo59pku7 9TmNN1mzS3XEtSd7Y/PsW+PKWmDUqjINgyTNyHso/U1MPtNDc8xo4/yr/+UKg9oJBHG+ ubNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oips88OfXp4kZBO7bWWSDtPhb5jzr4mPCEOqaEd9nGI=; b=ljDyoX/JZWvS3Ayf+rGTa2yIsPo57NxUQNtA8/Pjir/BQEsV2eRCKSWGorrPoWBxuB a2ymVURI9ajSZJ6b7TnKCuQyzTQmSOedeqfGnYeDYUCEvaGNllNLdmjBWAh5cHGYB6OY eIPUWARhKPVVRURbR0CE1rRzWuiHKvKhy5wQQ/VyBQJTu5Qr3LTNaMPIOzZ6f8jJJ1JS MeLgYnnF4XofGp1Fm6+YvF1piaPVrhG/uoQJn4B1ncIc44XRQ3YYsjyihirrBbDuufGa zF8YWpgmoMO0pifeh6e3h8CsgilidUs0Scu4y/W2++Bn6Tk5tUH+n+mx7A6DNBz8o6VF EghQ==
X-Gm-Message-State: AOAM5329gkKfYS9hY/fMoyOiwEZJq3dD4DtoWBqgyF2Wos7kXkQIzC/2 26JjULG2ADhpgPFawLw2SH4BXz2zK7orXhEu56hsIw==
X-Google-Smtp-Source: ABdhPJz3eh2sRsGtM3rbeQT/yEXJbZ0oTth9ivimD2yCNJhfRWC7UYKyN88q79V21TymMTiv4WyLbJHH8ScZr8Y2OnI=
X-Received: by 2002:a5d:9a97:: with SMTP id c23mr39146912iom.179.1596107183921; Thu, 30 Jul 2020 04:06:23 -0700 (PDT)
MIME-Version: 1.0
References: <96fa6d80137241dd9b57fcd871c8a897@huawei.com> <CAFU7BARePzdeU5DFgoOWyrF0xZCj67_xkC2t8vMN2nH0d8aUig@mail.gmail.com> <37e2a7110f6b423eba0303811913f533@huawei.com> <CAKD1Yr1BJTAfp4PE+DY1yxeMm64kHetqBGYc5iaqZd3u0XrWpA@mail.gmail.com> <1e34f59d-4355-9984-e3e9-8c3e4fffffbd@foobar.org>
In-Reply-To: <1e34f59d-4355-9984-e3e9-8c3e4fffffbd@foobar.org>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 30 Jul 2020 20:06:11 +0900
Message-ID: <CAKD1Yr3iwSzZsfDVnihTc+c0Zs7HioqC2F+fCQ4EqyxqUi66tg@mail.gmail.com>
To: Nick Hilliard <nick@foobar.org>
Cc: Vasilenko Eduard <vasilenko.eduard@huawei.com>, 6man <ipv6@ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b8efa605aba6a95e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/WeN_O3kKslMxduEF343h2zuy7QA>
Subject: Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2020 11:06:31 -0000

On Thu, Jul 30, 2020 at 8:01 PM Nick Hilliard <nick@foobar.org> wrote:

> > Traffic snooping is not very useful (not zero
> > utility, but difficult to use well) when all traffic is encrypted, and
> > on-link DoS attacks just aren't very useful these days given that many
> > devices have a variety of connectivity options.
>
> Surely you're joking?
>

Actually I should say on-link snooping. Defeating on-link snooping doesn't
seem very useful when it's possible for an on-path attacker to snoop the
traffic at any point between the local link and the destination.

v2.23.0 | Report a Bug | By Email