Re: [v6ops] SLAAC security concerns

Gert Doering <gert@space.net> Tue, 04 August 2020 19:44 UTC

Return-Path: <gert@space.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59B6F3A10C2 for <v6ops@ietfa.amsl.com>; Tue, 4 Aug 2020 12:44:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=space.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zmrwLPt-dSEA for <v6ops@ietfa.amsl.com>; Tue, 4 Aug 2020 12:44:52 -0700 (PDT)
Received: from gatekeeper1-relay.space.net (gatekeeper1-relay.space.net [IPv6:2001:608:3:85::38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CEF33A10E1 for <v6ops@ietf.org>; Tue, 4 Aug 2020 12:44:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=space.net; i=@space.net; q=dns/txt; s=esa; t=1596570292; x=1628106292; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=f/S0ICrMMA42ZN9D63uMX2A+fUAURoOER3mIgumw79M=; b=auYRuun0hNThXF1dbGWAxiLc2fNEyLkwo/gXEz+Lfy/KrXWcGPWw6GH+ /6+WboamDNRkY9VVgKkOTynXPFROPVif4F+Cwl8H3n8b2y/PwAr001oqb gBiMW/aCXIaUi8ESgUfGBO5gQKexT5OaOCEkA5SJmmlRBgX7zR56kYvGm +mVq8sJ8Hjv66z3x6hR+VMyaRPZE0XUzZJhkh3HChnGP0ySPqun2DAwpK y29IM1GGknyNKx+s1v3d4GExEDteb32+UnaFX9UqHSyprvGBTTC/CZ31T rrBGidoVDyzB0Smj2IJUFfZFXXQgRrmP3/qeXsu+DJgUlL1r7EEbuThpy w==;
IronPort-SDR: RB71m96nqLCFZexM35eBp1rlKNhaCS4By7T6nKcFZwvyEJwi6oCvGJ/+jsvFn8yqFwhnuWsKZR FKdmLxdCCdoWvQuwwiWc2JIiyNLHojNhQs5vIaY+4gR2N2AodWp2L+zTW0OJLWJDoUwljhAESB 1+Zk8QUx1bKv+GYST9fegEsntqYX8IhgJZLsnNAmWTyqgN7so0XTwpXEv2hQpW5l1OiLPAqSXd XCfLlt4I+ffEKTNIpxO6rz4DYkpLoN6vTXMy7PTxtabCL30Mq/J7fZ6WFrSo87NsH4aoa8q068 PHM=
X-SpaceNet-SBRS: None
Received: from mobil.space.net ([195.30.115.67]) by gatekeeper1-relay.space.net with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Aug 2020 21:44:48 +0200
X-Original-To: v6ops@ietf.org
Received: from mobil.space.net (localhost [IPv6:::1]) by mobil.space.net (Postfix) with ESMTP id CE86041D20 for <v6ops@ietf.org>; Tue, 4 Aug 2020 21:44:48 +0200 (CEST)
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
Received: from moebius4.space.net (moebius4.space.net [IPv6:2001:608:2:2::251]) by mobil.space.net (Postfix) with ESMTP id 5551340B9D; Tue, 4 Aug 2020 21:44:48 +0200 (CEST)
Received: by moebius4.space.net (Postfix, from userid 1007) id 4EAA21C47A; Tue, 4 Aug 2020 21:44:48 +0200 (CEST)
Date: Tue, 4 Aug 2020 21:44:48 +0200
From: Gert Doering <gert@space.net>
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>, 6man <ipv6@ietf.org>, v6ops list <v6ops@ietf.org>
Message-ID: <20200804194448.GA2485@Space.Net>
References: <f52c4463862f44b5ba2a9d41db86d231@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <f52c4463862f44b5ba2a9d41db86d231@huawei.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/lVOdt1GHBmdIhCXX0L3YP8KG8kM>
Subject: Re: [v6ops] SLAAC security concerns
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2020 19:44:54 -0000

Hi,

On Tue, Aug 04, 2020 at 06:00:39PM +0000, Vasilenko Eduard wrote:
> I believe that Multicast is so basic function of SLAAC that it does not make sense to delete it.

Have I heard "delete multicast" here?

Yes, please!

There is too many broken switch vendors out there that show again and
again that "implementing multicast is hard", breaking IPv6 ND in the 
process.

The motivation for going to multicast "back in the dark ages" might have
been honorable, but in today's networks, it just adds needless complications.

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279