Re: [v6ops] Security issues in RFC8754 and related/subsequent drafts?

Andrew Alston <Andrew.Alston@liquidtelecom.com> Fri, 22 October 2021 07:14 UTC

Return-Path: <andrew.alston@liquidtelecom.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 586E13A0821 for <v6ops@ietfa.amsl.com>; Fri, 22 Oct 2021 00:14:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=liquidtelecom.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uXMk5YXr3Wa1 for <v6ops@ietfa.amsl.com>; Fri, 22 Oct 2021 00:14:52 -0700 (PDT)
Received: from eu-smtp-delivery-182.mimecast.com (eu-smtp-delivery-182.mimecast.com [185.58.85.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E41A3A07BC for <v6ops@ietf.org>; Fri, 22 Oct 2021 00:14:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=liquidtelecom.com; s=mimecast20210406; t=1634886890; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=iMEohictjYHHSWfJC0bh3tEv5BhcRpnqD3LA2isJJps=; b=cipRpbRq1w1wrCE0iv/GKdM8KumrlYGF/pG/ivjq5wqfEUA6ij8OdqROMdv/879ofByL8j Ufx5aEzE6cMRlHJKIzHfFSFr4DFkUA8rCcxb2DQcr8KCfq+x5SFGXjJaAj2aJoTXQc3vDB R8JlZnE3q0YFbN1NSlRddVCLYijL7vU=
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-he1eur02lp2054.outbound.protection.outlook.com [104.47.5.54]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-248-AZtT7bBgO3uRljG9yy_FaA-1; Fri, 22 Oct 2021 08:14:47 +0100
X-MC-Unique: AZtT7bBgO3uRljG9yy_FaA-1
Received: from AS8PR03MB7622.eurprd03.prod.outlook.com (2603:10a6:20b:346::6) by AS8PR03MB7873.eurprd03.prod.outlook.com (2603:10a6:20b:420::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.16; Fri, 22 Oct 2021 07:14:45 +0000
Received: from AS8PR03MB7622.eurprd03.prod.outlook.com ([fe80::90ec:90d5:59c4:fef9]) by AS8PR03MB7622.eurprd03.prod.outlook.com ([fe80::90ec:90d5:59c4:fef9%6]) with mapi id 15.20.4628.018; Fri, 22 Oct 2021 07:14:45 +0000
From: Andrew Alston <Andrew.Alston@liquidtelecom.com>
To: Gert Doering <gert@space.net>, Andrew Alston <Andrew.Alston=40liquidtelecom.com@dmarc.ietf.org>
CC: "v6ops@ietf.org" <v6ops@ietf.org>
Thread-Topic: [v6ops] Security issues in RFC8754 and related/subsequent drafts?
Thread-Index: AQHXxp4zP+qugBEUYEKpNlrZT9uUPqvel/aAgAADWKA=
Date: Fri, 22 Oct 2021 07:14:45 +0000
Message-ID: <AS8PR03MB762224019731D4016C188821EE809@AS8PR03MB7622.eurprd03.prod.outlook.com>
References: <CB45220A-ECE6-492A-8A37-D189A71CDA2B@liquidtelecom.com> <YXJhucp93W5WltX2@Space.Net>
In-Reply-To: <YXJhucp93W5WltX2@Space.Net>
Accept-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1efbbfa0-fa2a-4340-30d0-08d9952ba014
x-ms-traffictypediagnostic: AS8PR03MB7873:
x-microsoft-antispam-prvs: <AS8PR03MB7873ACEBF970844AFFDD9181EE809@AS8PR03MB7873.eurprd03.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: Ox2aeoLN1lmQXJvlLbDAVpRbW/pQl43XuMqeDXqqv4gjqTkuXWztUy+bv1CpLbUhdg002u8HE87Tr3nHw2ZuHwjUfRX/MEIaOB/I/ccAjI8EHA+5MyQzk6+Zi2F08rwkLU5we0mLq5xkL0KS9XpnF/I2wx/CEu031juuZuPSfpNSfs2HVfeilSb2hpq50uLg45RuU+qLrOe2IVi/D9MfHgUhYDOTy0LTUr+xQXevk1e7ErP6mmJW/HNgJ65xrrI+yZYnXAlAvX2ICI2U35qKr9tiCSB0pocyNQiLFku6y3u3LvyLpzAcchA88OZ/2rtM5TcWouxHV49N6U05b+aWCrcR08SVVsy2a1FueFnFyjATtCAGUYasuA1AmzoTYGK+nDnzcLcdMwKXTGnf1PWXy+cNAqIGVXp19Th10NWmFjkztiljW2zy/YaR2BGrTC+jy5E4zYtzH7bl0RaNV5ZEIoYBdED4HIFYRb2ATTEVVT1RlpXPrri50LEIwWHbP+whHVxUFLWw9eJc/P4fht4+R01Bu/uob8tWyzOBs/+J3Ue/wDAyXdDxOUEpvCmOxzXH2tBtqiQMQz5YNwmB9o3ke2bbPUOFKOgZyhw2LO/gKoQxNe56imFx3UT+GJ9tChrGbnzCMCA0zfhubydOq3YQrZY/zYDBHYSAf0PYIG0vbQY7FYcb441DBXk/u2retKP+ot6D5kYB6UeXLxUGKNizLuj8YqzgLOr8oBQ7b4XKCRZHppfnP/2tLmZl7+3jEhKjIFxHbZE3NLC4qMvpJsdIqTqf/xlbBoBBWNlgd2Xj+KI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR03MB7622.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(38100700002)(508600001)(122000001)(966005)(6506007)(186003)(33656002)(38070700005)(5660300002)(53546011)(110136005)(2906002)(71200400001)(316002)(76116006)(8936002)(4326008)(66946007)(83380400001)(9686003)(55016002)(7696005)(166002)(66446008)(66476007)(66556008)(64756008)(52536014)(86362001)(15650500001)(8676002); DIR:OUT; SFP:1102
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?HQ/pTYQ0CoRuWephLxcZ+3ZiSwoVwFSoIQSnR+h1W2sigaAv7d/rFaTpRjOs?= =?us-ascii?Q?Ea3Pv/00euNSpTQ9opNFQNNvUsk1sHdY6Y1D+ihSTkdOZc5wEpJQ76QkdfyD?= =?us-ascii?Q?OjQ6TOes4LYmKWlyzZAKSy63a87GklUQAl3V6dLkPhxSHp/VQoUIUe+RAHfe?= =?us-ascii?Q?4kmiyRVci5aFAj5xdbXQ759yThGlb5oTA0NRxuhMsmrVDgGsc/VwjMnPiR4j?= =?us-ascii?Q?NjVaUM8ptPvnfarMGqeJNa/BetEAWn6in9CQcuYnOZZEtT1s7qOIUQtHWijp?= =?us-ascii?Q?xslOsyIzYe9838naHhGWJoGaO2ya3QxrdFaEnYXnMyhHBEVnufjy38V/QN2W?= =?us-ascii?Q?ApgA2GB4Ll3uKR53B0y8f2BOwZUhvWyHfdzsKDsRHdajNuLqAqCYQMABS4tY?= =?us-ascii?Q?448jb/GHKF8rBLLQCdH7efIbSdJUDiv25PQ9apbU50h+OQUZ2CJj81o8Z0i7?= =?us-ascii?Q?kZbvw9/6nA+yYbGR11a1NNWT8HEq7xoloIV5gI85QndM2kDQ188u6oLyw6mE?= =?us-ascii?Q?DHoG9L4JzrB4SxBI6ZMNFhY2jKtHsTsaLP4UJq+EjUEvUy2guaw9A0Zt85N2?= =?us-ascii?Q?jR1VSfhINXiq3gIiuCUKT2Gd0Hl/HLUx4C5FBaI3MUUUrp0t24/1k7Z3XSUk?= =?us-ascii?Q?mZo29YxnBDf3ruJcux6cUsYFTvlJUpdm+pm7ocu54GzjpgOOZypJNysZaNrd?= =?us-ascii?Q?zl4mhXOoisU0NLnGKkuaHJ0oFQ/g72xSqC1uTLf7Aqbin9+JJajDXuQmu3SY?= =?us-ascii?Q?VowSPsmvqh902t+duWuxJIsjoz8QRQvH9qOcE7gbR64jQR0IhaCwj4jhU3Ko?= =?us-ascii?Q?WhWfHZU31jAYQJ6/MA0Rpk/Ic8Q6EXdTFs3e/bRQEhccAGwz4oa13lfujdyP?= =?us-ascii?Q?nkYHanOnxs1TrswAa5ypOuNZm49YgSDmKI9j2kel9rtBuoe3QghpofbzSkmJ?= =?us-ascii?Q?9vVM+PYZskfA2ZVjXNnsn7KUGMwZmpcZzrXtOcU96MpE/nqObCyB3xlDDo+g?= =?us-ascii?Q?Eqa/JegSiipn303ThiqigqOXnxh1xDOPQ8ekpsT/oBWP+Ol9zxIvfoVCUjIh?= =?us-ascii?Q?2qVXVGxKWJvapsz6K3f3JgoNmk45bd2vKEMsOpCDboKBHpe9jzB9b3LNssy8?= =?us-ascii?Q?7RPC73QJnPvs3C5dJ6+oUBz0beY8cgSWt23algdWQJnDF1NyxinaxN6rwY2V?= =?us-ascii?Q?KkVxNlPpHRXWe4H/KCHT0G/SlBpBJCoRQ5TdqbQBVvb+If4nMCozkczP2YFT?= =?us-ascii?Q?dPCj+DsrN5whIkXdFO4fDTBiUdNXGEQ+LqXn3gTW+xqhxW7o6F+aDQzmnxOg?= =?us-ascii?Q?MgnwGAqVV5RoC1FoK9wamGQSGgfmuhKN3Cny14moYVjlmOseSgj973K6snjQ?= =?us-ascii?Q?6BxNJHpPZht56gvuAHHTiT77sNwiI5mQ6uNmhXvfKEUso79csVBkn81cYRoC?= =?us-ascii?Q?EzUiuKESxjQzJPJLoB9I6LJ8rCLhBFnziXo1jVFOD0LJgK0AyPvpvK24FQ0O?= =?us-ascii?Q?Bh749zJj0muLIuC1eEN0NbmZQttwILdvwTvK?=
MIME-Version: 1.0
X-OriginatorOrg: liquidtelecom.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS8PR03MB7622.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1efbbfa0-fa2a-4340-30d0-08d9952ba014
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Oct 2021 07:14:45.0908 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68792612-0f0e-46cb-b16a-fcb82fd80cb1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Andrew.Alston@liquidtelecom.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB7873
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=C82A168 smtp.mailfrom=andrew.alston@liquidtelecom.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: liquidtelecom.com
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_AS8PR03MB762224019731D4016C188821EE809AS8PR03MB7622eurp_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/n6R4wGouwlYFqkWgLpJ7mMwqzHs>
Subject: Re: [v6ops] Security issues in RFC8754 and related/subsequent drafts?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Oct 2021 07:14:59 -0000

Gert,

I don't disagree with your sentiments - however - be that as it may - if this stuff is going to exist, do we not have a responsibility to ensure that its not creating a situation that allows for wholesale security issues and the potential creation of some very nasty denial of service exploits that could affect us all? (See original email in this thread regarding smurf-v2 enabled by SRv6)

Andrew


From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Gert Doering
Sent: Friday, October 22, 2021 10:01 AM
To: Andrew Alston <Andrew.Alston=40liquidtelecom.com@dmarc.ietf.org>
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Security issues in RFC8754 and related/subsequent drafts?

Hi,

On Thu, Oct 21, 2021 at 05:08:00PM +0000, Andrew Alston wrote:
> As an operator that runs extensive IPv6 ??? I???d really like to hear thoughts and comments and potentially we can find a way to address these issues.

We've decided long ago that we see no value in SRv6.

MPLS-SR makes sense, SRv6 seems to just bring heaps of complications.

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops<https://www.ietf.org/mailman/listinfo/v6ops>