Re: [v6ops] [EXTERNAL] Re: Improving ND security
Christian Huitema <huitema@huitema.net> Mon, 03 August 2020 17:03 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 332423A0F72
for <v6ops@ietfa.amsl.com>; Mon, 3 Aug 2020 10:03:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5
tests=[SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id rR4_tkVvWngI for <v6ops@ietfa.amsl.com>;
Mon, 3 Aug 2020 10:03:20 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com
[138.201.61.189])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 0C4093A073D
for <v6ops@ietf.org>; Mon, 3 Aug 2020 10:03:15 -0700 (PDT)
Received: from xse353.mail2web.com ([66.113.197.99] helo=xse.mail2web.com)
by mx36.antispamcloud.com with esmtp (Exim 4.92)
(envelope-from <huitema@huitema.net>) id 1k2drQ-0001sq-A9
for v6ops@ietf.org; Mon, 03 Aug 2020 19:03:02 +0200
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61])
by xse.mail2web.com (Postfix) with ESMTPS id 4BL41F5gLxzNrK
for <v6ops@ietf.org>; Mon, 3 Aug 2020 10:01:53 -0700 (PDT)
Received: from [10.5.2.49] (helo=xmail11.myhosting.com)
by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256)
(Exim 4.92) (envelope-from <huitema@huitema.net>) id 1k2dqT-0003jB-MX
for v6ops@ietf.org; Mon, 03 Aug 2020 10:01:53 -0700
Received: (qmail 3832 invoked from network); 3 Aug 2020 17:01:53 -0000
Received: from unknown (HELO [192.168.1.104])
(Authenticated-user:_huitema@huitema.net@[172.58.43.61])
(envelope-sender <huitema@huitema.net>)
by xmail11.myhosting.com (qmail-ldap-1.03) with ESMTPA
for <pthubert@cisco.com>; 3 Aug 2020 17:01:53 -0000
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Christian Huitema <huitema@huitema.net>
Mime-Version: 1.0 (1.0)
Date: Mon, 3 Aug 2020 10:01:52 -0700
Message-Id: <AA568F39-3733-4F73-872E-2E84EDA2F077@huitema.net>
References: <3978163f-8815-1bd4-0fda-d84df9cbe684@gont.com.ar>
Cc: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>,
"Pascal Thubert (pthubert)" <pthubert@cisco.com>,
v6ops list <v6ops@ietf.org>, 6man <ipv6@ietf.org>
In-Reply-To: <3978163f-8815-1bd4-0fda-d84df9cbe684@gont.com.ar>
To: Fernando Gont <fernando@gont.com.ar>
X-Mailer: iPhone Mail (17F80)
X-Originating-IP: 66.113.197.99
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass
smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: ham
X-Spampanel-Outgoing-Evidence: Combined (0.08)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0fni+3cnVNNYyS96zEouVZ2pSDasLI4SayDByyq9LIhVNc5mNvODGjeU
2nbPWOdyQUTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDfdTU6Eee5z1rO+RpJLT+hJj9
EvBvwu01uVCaGVBWGqu1aBM27N5dJZmBWDSp5Ek22rBNMmEsKEibQwSU1xBeOHButNDpi1WUXRkr
He1vFsYm1aGKgRFqmjZjxZofiz4rgKKlg5rRfJw9pxA0+9OX6byme9ldZJ7uNXfg/GfS8fXOC4kn
OJkMS8NGDKsP9r3Khy7LI0kfFnXdPP6btp4oBeJDeKRq5oPj2hFJhLx+qI3HlR3ootg7OlA3N5WN
re/oppAGOX5cHTu1yz4pRT/9FGrxEaaKeSxe0Wrx6M4G5/WoLsdfEoJI0BNUQ4KpaNyNCwGqOUcw
rXf55E8Tb8bmXq4yH8StrboPphDtmrtUkwkDMc9xayd+oZJo2heFY+g6kVWClPVvbW5lVyQanRxw
5rdY2rW50fd1ekaDpmIWc1Vmt3mnxMTQMQWbvBqEXskTQn6USYs98Imn+lZXe3dwYfgVB1xo6dCf
BaU/iegBU8ZonAyCrFuSEmRFyS+0x47b4nuZrRf7bMi0WRR6pZ+nWezee/+BgtOydTbSiiEBGRZX
0SU68ek9wyYNR7nSKrZbQsAM8hGlAkv+YXlQiOyIRazNjLvclnGzlTC8ZgkR3laIWqvAxiBHuIuS
y5fCAlEkm3xMJTBKIWbp41V1hrEnGFACVO3tx78u0bG7If2TCVS9WRS/sHv/i+pa5WOiIZruMcQY
8VWcluooNQQvGrrXJlffncYFDRVcOLM39ai6q8sR25hAoclepJn2+X3/xugvJOYIJd4MvQ0Nf4Ec
bvHO1diDanHV9KirFAIIecsyj+YNTo81GR+jDXFsz/ZQnbbTizvwlZsrbltGiZoUh+c+5pFVgpT1
b21uZVckGp0ccOa2XhkGbmsUNPNkere1WheNsVXmhO8BzADiszcWR9bz/SDtF09JpSbuuCeiIDK0
C/0=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ZFoSCMTrgVmx_OhpFiBWkO6GXRU>
Subject: Re: [v6ops] [EXTERNAL] Re: Improving ND security
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>,
<mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>,
<mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2020 17:03:21 -0000
> On Aug 3, 2020, at 9:35 AM, Fernando Gont <fernando@gont.com.ar> wrote: > > On 3/8/20 11:22, Templin (US), Fred L wrote: >> ... > > > >> But then, RFC4380 offers a “poor-man’s” alternative to SEND/CGA. It places a message authentication code in the encapsulation headers of IPv6 ND messages so that the messages can pass a rudimentary authentication check. > > You mean the Teredo spec? If so, I don't think it includes any sort of poor-man's SEND-CGA. Configuration mistakes were a big concern during the design of Teredo, and that's a reason why Teredo embeds continuity tests. But these tests will not resist an on-path attacker, let alone an on-link attacker. > > >> ... -- Christian Huitema
- [v6ops] I-D Action: draft-ietf-6man-grand-01 - ad… Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Jen Linkova
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Jen Linkova
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Nick Hilliard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Nick Hilliard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Mark Smith
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … joel jaeggli
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Mark Smith
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Pascal Thubert (pthubert)
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Ted Lemon
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Owen DeLong
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Ted Lemon
- Re: [v6ops] [EXTERNAL] Re: I-D Action: draft-ietf… Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Bob Hinden
- [v6ops] Improving ND security Ted Lemon
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Improving ND security Ted Lemon
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Tony Finch
- [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Improving ND security Ted Lemon
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Ted Lemon
- Re: [v6ops] Improving ND security Templin (US), Fred L
- Re: [v6ops] Improving ND security Ted Lemon
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Improving ND security Bjoern A. Zeeb
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] Improving ND security Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Owen DeLong
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Philip Homburg
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Christian Huitema
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- [v6ops] Off topic: Teredo sunset -- Re: [EXTERNAL… Lencse Gábor
- Re: [v6ops] Off topic: Teredo sunset -- Re: [EXTE… Templin (US), Fred L
- Re: [v6ops] Off topic: Teredo sunset -- Re: [EXTE… Joseph Touch
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Michael Richardson
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Michael Richardson
- Re: [v6ops] [EXTERNAL] Re: I-D Action: draft-ietf… Michael Richardson
- Re: [v6ops] [EXTERNAL] Improving ND security Michael Richardson
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Pascal Thubert (pthubert)
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Mark Smith
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Mark Smith
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Bob Hinden
- [v6ops] distributed vs centralized approaches to … Michael Richardson
- Re: [v6ops] distributed vs centralized approaches… Nick Hilliard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Mark Smith
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Bob Hinden
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Nick Hilliard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Bob Hinden
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Michael Richardson
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] [EXTERNAL] Re: draft-ietf-6man-grand … Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] [EXTERNAL] Re: draft-ietf-6man-grand … Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Warren Kumari
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Manfredi (US), Albert E
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Fred Baker
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Lorenzo Colitti
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Gyan Mishra
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L