Re: [v6ops] [Last-Call] Iotdir last call review of draft-ietf-v6ops-nd-cache-init-05
Philip Homburg <pch-v6ops-9@u-1.phicoh.com> Wed, 16 September 2020 12:50 UTC
Return-Path: <pch-b9D3CB0F5@u-1.phicoh.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A83ED3A0C82; Wed, 16 Sep 2020 05:50:43 -0700 (PDT)
X-Quarantine-ID: <pkTstMozt7ZG>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "Cc"
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.398, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pkTstMozt7ZG; Wed, 16 Sep 2020 05:50:42 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo6-tun.hq.phicoh.net [IPv6:2001:888:1044:10:2a0:c9ff:fe9f:17a9]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 873C53A0C45; Wed, 16 Sep 2020 05:50:41 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (TLS version=TLSv1.2 cipher=ECDHE-RSA-CHACHA20-POLY1305) (Smail #157) id m1kIWtD-0000GCC; Wed, 16 Sep 2020 14:50:23 +0200
Message-Id: <m1kIWtD-0000GCC@stereo.hq.phicoh.net>
To: v6ops@ietf.org
Cc: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Cc: "iot-directorate@ietf.org" <iot-directorate@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
From: Philip Homburg <pch-v6ops-9@u-1.phicoh.com>
Sender: pch-b9D3CB0F5@u-1.phicoh.com
References: <MN2PR11MB35651BFF4671D89D12E7703DD8270@MN2PR11MB3565.namprd11.prod.outlook.com> <CAFU7BATkRYD6m++gb6_is6oU=PGpQDTx8V2vm0gcJEcAnc1Tgg@mail.gmail.com> <3A6E80C9-07FC-4B4E-9A20-D02C8743448F@cisco.com> <CAFU7BATk7k_6Xfis2yXxjEEx+1N6GaKZg5MZTkPXpLrsdU8mzw@mail.gmail.com> <MN2PR11MB3565BF7E140C68AAFFD93849D8210@MN2PR11MB3565.namprd11.prod.outlook.com> <m1kIUgH-0000IaC@stereo.hq.phicoh.net> <MN2PR11MB35650E694D6D44792D324E22D8210@MN2PR11MB3565.namprd11.prod.outlook.com>
In-reply-to: Your message of "Wed, 16 Sep 2020 11:40:00 +0000 ." <MN2PR11MB35650E694D6D44792D324E22D8210@MN2PR11MB3565.namprd11.prod.outlook.com>
Date: Wed, 16 Sep 2020 14:50:22 +0200
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ZgQUt4Et8SA11rPuS5hz5u8yuRM>
Subject: Re: [v6ops] [Last-Call] Iotdir last call review of draft-ietf-v6ops-nd-cache-init-05
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2020 12:50:44 -0000
> > This has huge privacy and security implications. > > This is way, way too vague to be useful in the cons section. Can > you please elaborate, like an example attack? Also, is the current > stack behavior exposing the user to that threat as well? Suppose every device basics pings $vendor.com when it gets a new address as part of a very low level function of the stack. So basically we spend a lot of time worrying about tracking devices. We have randomized MACs. We avoid embedding MAC addresses in IPv6 addresses and then we have all devices advertise what their vendor is and their current addresses. Anybody who wants to do monitoring will have a field day. I know that mobile devices do some weird stuff, but not all devices are mobile devices. And the whole captive portal discovery seems to be mostly a flight between device vendors and captive portals. There is no technical reason it has to be this ugly for mobile devices. The situation would be better if there were a well-known anycast address. However that has operational implications (pinging $vendor as well, because it has happened often enough that vendors stopped renewing the DNS registrary after they stopped supporting a particular brand of devices). Even the well-known address may cause operational problems for disconnected operation. > See > https://datatracker.ietf.org/doc/html/draft-ietf-6man-grand-03#section-8.3 Of the disadvantages: - The first point can be solved by pinging the first hop router - The second point also applies to pinging an off-link destination - There can always be broken middle boxes. I.e., if a wireless device does ND proxying then it is up to the network admin to make sure that the router has enough capacity to perfom ND. In any case, the existance of weird middle boxes should not be a reason to start pinging off-link destinations.
- [v6ops] Iotdir last call review of draft-ietf-v6o… Pascal Thubert (pthubert)
- Re: [v6ops] Iotdir last call review of draft-ietf… Jen Linkova
- Re: [v6ops] Iotdir last call review of draft-ietf… Pascal Thubert (pthubert)
- Re: [v6ops] Iotdir last call review of draft-ietf… Jen Linkova
- Re: [v6ops] Iotdir last call review of draft-ietf… Pascal Thubert (pthubert)
- Re: [v6ops] [Last-Call] Iotdir last call review o… Philip Homburg
- Re: [v6ops] Iotdir last call review of draft-ietf… Vasilenko Eduard
- Re: [v6ops] [Last-Call] Iotdir last call review o… Pascal Thubert (pthubert)
- Re: [v6ops] [Last-Call] Iotdir last call review o… Philip Homburg
- Re: [v6ops] [Last-Call] Iotdir last call review o… Pascal Thubert (pthubert)
- Re: [v6ops] [Last-Call] Iotdir last call review o… Philip Homburg
- Re: [v6ops] [Last-Call] Iotdir last call review o… Pascal Thubert (pthubert)
- Re: [v6ops] [Last-Call] Iotdir last call review o… Michael Richardson
- Re: [v6ops] [Iot-directorate] Iotdir last call re… Michael Richardson
- Re: [v6ops] [Iot-directorate] Iotdir last call re… Michael Richardson
- Re: [v6ops] [Iot-directorate] [Last-Call] Iotdir … Michael Richardson
- Re: [v6ops] [Iot-directorate] Iotdir last call re… Michael Richardson
- Re: [v6ops] [Iot-directorate] Iotdir last call re… Pascal Thubert (pthubert)