Re: [v6ops] Security issues in RFC8754 and related/subsequent drafts?
Andrew Alston <Andrew.Alston@liquidtelecom.com> Fri, 22 October 2021 07:14 UTC
Return-Path: <andrew.alston@liquidtelecom.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 586E13A0821 for <v6ops@ietfa.amsl.com>; Fri, 22 Oct 2021 00:14:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=liquidtelecom.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uXMk5YXr3Wa1 for <v6ops@ietfa.amsl.com>; Fri, 22 Oct 2021 00:14:52 -0700 (PDT)
Received: from eu-smtp-delivery-182.mimecast.com (eu-smtp-delivery-182.mimecast.com [185.58.85.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E41A3A07BC for <v6ops@ietf.org>; Fri, 22 Oct 2021 00:14:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=liquidtelecom.com; s=mimecast20210406; t=1634886890; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=iMEohictjYHHSWfJC0bh3tEv5BhcRpnqD3LA2isJJps=; b=cipRpbRq1w1wrCE0iv/GKdM8KumrlYGF/pG/ivjq5wqfEUA6ij8OdqROMdv/879ofByL8j Ufx5aEzE6cMRlHJKIzHfFSFr4DFkUA8rCcxb2DQcr8KCfq+x5SFGXjJaAj2aJoTXQc3vDB R8JlZnE3q0YFbN1NSlRddVCLYijL7vU=
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-he1eur02lp2054.outbound.protection.outlook.com [104.47.5.54]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-248-AZtT7bBgO3uRljG9yy_FaA-1; Fri, 22 Oct 2021 08:14:47 +0100
X-MC-Unique: AZtT7bBgO3uRljG9yy_FaA-1
Received: from AS8PR03MB7622.eurprd03.prod.outlook.com (2603:10a6:20b:346::6) by AS8PR03MB7873.eurprd03.prod.outlook.com (2603:10a6:20b:420::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.16; Fri, 22 Oct 2021 07:14:45 +0000
Received: from AS8PR03MB7622.eurprd03.prod.outlook.com ([fe80::90ec:90d5:59c4:fef9]) by AS8PR03MB7622.eurprd03.prod.outlook.com ([fe80::90ec:90d5:59c4:fef9%6]) with mapi id 15.20.4628.018; Fri, 22 Oct 2021 07:14:45 +0000
From: Andrew Alston <Andrew.Alston@liquidtelecom.com>
To: Gert Doering <gert@space.net>, Andrew Alston <Andrew.Alston=40liquidtelecom.com@dmarc.ietf.org>
CC: "v6ops@ietf.org" <v6ops@ietf.org>
Thread-Topic: [v6ops] Security issues in RFC8754 and related/subsequent drafts?
Thread-Index: AQHXxp4zP+qugBEUYEKpNlrZT9uUPqvel/aAgAADWKA=
Date: Fri, 22 Oct 2021 07:14:45 +0000
Message-ID: <AS8PR03MB762224019731D4016C188821EE809@AS8PR03MB7622.eurprd03.prod.outlook.com>
References: <CB45220A-ECE6-492A-8A37-D189A71CDA2B@liquidtelecom.com> <YXJhucp93W5WltX2@Space.Net>
In-Reply-To: <YXJhucp93W5WltX2@Space.Net>
Accept-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1efbbfa0-fa2a-4340-30d0-08d9952ba014
x-ms-traffictypediagnostic: AS8PR03MB7873:
x-microsoft-antispam-prvs: <AS8PR03MB7873ACEBF970844AFFDD9181EE809@AS8PR03MB7873.eurprd03.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: Ox2aeoLN1lmQXJvlLbDAVpRbW/pQl43XuMqeDXqqv4gjqTkuXWztUy+bv1CpLbUhdg002u8HE87Tr3nHw2ZuHwjUfRX/MEIaOB/I/ccAjI8EHA+5MyQzk6+Zi2F08rwkLU5we0mLq5xkL0KS9XpnF/I2wx/CEu031juuZuPSfpNSfs2HVfeilSb2hpq50uLg45RuU+qLrOe2IVi/D9MfHgUhYDOTy0LTUr+xQXevk1e7ErP6mmJW/HNgJ65xrrI+yZYnXAlAvX2ICI2U35qKr9tiCSB0pocyNQiLFku6y3u3LvyLpzAcchA88OZ/2rtM5TcWouxHV49N6U05b+aWCrcR08SVVsy2a1FueFnFyjATtCAGUYasuA1AmzoTYGK+nDnzcLcdMwKXTGnf1PWXy+cNAqIGVXp19Th10NWmFjkztiljW2zy/YaR2BGrTC+jy5E4zYtzH7bl0RaNV5ZEIoYBdED4HIFYRb2ATTEVVT1RlpXPrri50LEIwWHbP+whHVxUFLWw9eJc/P4fht4+R01Bu/uob8tWyzOBs/+J3Ue/wDAyXdDxOUEpvCmOxzXH2tBtqiQMQz5YNwmB9o3ke2bbPUOFKOgZyhw2LO/gKoQxNe56imFx3UT+GJ9tChrGbnzCMCA0zfhubydOq3YQrZY/zYDBHYSAf0PYIG0vbQY7FYcb441DBXk/u2retKP+ot6D5kYB6UeXLxUGKNizLuj8YqzgLOr8oBQ7b4XKCRZHppfnP/2tLmZl7+3jEhKjIFxHbZE3NLC4qMvpJsdIqTqf/xlbBoBBWNlgd2Xj+KI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR03MB7622.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(38100700002)(508600001)(122000001)(966005)(6506007)(186003)(33656002)(38070700005)(5660300002)(53546011)(110136005)(2906002)(71200400001)(316002)(76116006)(8936002)(4326008)(66946007)(83380400001)(9686003)(55016002)(7696005)(166002)(66446008)(66476007)(66556008)(64756008)(52536014)(86362001)(15650500001)(8676002); DIR:OUT; SFP:1102
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: HQ/pTYQ0CoRuWephLxcZ+3ZiSwoVwFSoIQSnR+h1W2sigaAv7d/rFaTpRjOsEa3Pv/00euNSpTQ9opNFQNNvUsk1sHdY6Y1D+ihSTkdOZc5wEpJQ76QkdfyDOjQ6TOes4LYmKWlyzZAKSy63a87GklUQAl3V6dLkPhxSHp/VQoUIUe+RAHfe4kmiyRVci5aFAj5xdbXQ759yThGlb5oTA0NRxuhMsmrVDgGsc/VwjMnPiR4jNjVaUM8ptPvnfarMGqeJNa/BetEAWn6in9CQcuYnOZZEtT1s7qOIUQtHWijpxslOsyIzYe9838naHhGWJoGaO2ya3QxrdFaEnYXnMyhHBEVnufjy38V/QN2WApgA2GB4Ll3uKR53B0y8f2BOwZUhvWyHfdzsKDsRHdajNuLqAqCYQMABS4tY448jb/GHKF8rBLLQCdH7efIbSdJUDiv25PQ9apbU50h+OQUZ2CJj81o8Z0i7kZbvw9/6nA+yYbGR11a1NNWT8HEq7xoloIV5gI85QndM2kDQ188u6oLyw6mEDHoG9L4JzrB4SxBI6ZMNFhY2jKtHsTsaLP4UJq+EjUEvUy2guaw9A0Zt85N2jR1VSfhINXiq3gIiuCUKT2Gd0Hl/HLUx4C5FBaI3MUUUrp0t24/1k7Z3XSUkmZo29YxnBDf3ruJcux6cUsYFTvlJUpdm+pm7ocu54GzjpgOOZypJNysZaNrdzl4mhXOoisU0NLnGKkuaHJ0oFQ/g72xSqC1uTLf7Aqbin9+JJajDXuQmu3SYVowSPsmvqh902t+duWuxJIsjoz8QRQvH9qOcE7gbR64jQR0IhaCwj4jhU3KoWhWfHZU31jAYQJ6/MA0Rpk/Ic8Q6EXdTFs3e/bRQEhccAGwz4oa13lfujdyPnkYHanOnxs1TrswAa5ypOuNZm49YgSDmKI9j2kel9rtBuoe3QghpofbzSkmJ9vVM+PYZskfA2ZVjXNnsn7KUGMwZmpcZzrXtOcU96MpE/nqObCyB3xlDDo+gEqa/JegSiipn303ThiqigqOXnxh1xDOPQ8ekpsT/oBWP+Ol9zxIvfoVCUjIh2qVXVGxKWJvapsz6K3f3JgoNmk45bd2vKEMsOpCDboKBHpe9jzB9b3LNssy87RPC73QJnPvs3C5dJ6+oUBz0beY8cgSWt23algdWQJnDF1NyxinaxN6rwY2VKkVxNlPpHRXWe4H/KCHT0G/SlBpBJCoRQ5TdqbQBVvb+If4nMCozkczP2YFTdPCj+DsrN5whIkXdFO4fDTBiUdNXGEQ+LqXn3gTW+xqhxW7o6F+aDQzmnxOgMgnwGAqVV5RoC1FoK9wamGQSGgfmuhKN3Cny14moYVjlmOseSgj973K6snjQ6BxNJHpPZht56gvuAHHTiT77sNwiI5mQ6uNmhXvfKEUso79csVBkn81cYRoCEzUiuKESxjQzJPJLoB9I6LJ8rCLhBFnziXo1jVFOD0LJgK0AyPvpvK24FQ0OBh749zJj0muLIuC1eEN0NbmZQttwILdvwTvK
MIME-Version: 1.0
X-OriginatorOrg: liquidtelecom.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS8PR03MB7622.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1efbbfa0-fa2a-4340-30d0-08d9952ba014
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Oct 2021 07:14:45.0908 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68792612-0f0e-46cb-b16a-fcb82fd80cb1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Andrew.Alston@liquidtelecom.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB7873
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=C82A168 smtp.mailfrom=andrew.alston@liquidtelecom.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: liquidtelecom.com
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_AS8PR03MB762224019731D4016C188821EE809AS8PR03MB7622eurp_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/n6R4wGouwlYFqkWgLpJ7mMwqzHs>
Subject: Re: [v6ops] Security issues in RFC8754 and related/subsequent drafts?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Oct 2021 07:14:59 -0000
Gert, I don't disagree with your sentiments - however - be that as it may - if this stuff is going to exist, do we not have a responsibility to ensure that its not creating a situation that allows for wholesale security issues and the potential creation of some very nasty denial of service exploits that could affect us all? (See original email in this thread regarding smurf-v2 enabled by SRv6) Andrew From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Gert Doering Sent: Friday, October 22, 2021 10:01 AM To: Andrew Alston <Andrew.Alston=40liquidtelecom.com@dmarc.ietf.org> Cc: v6ops@ietf.org Subject: Re: [v6ops] Security issues in RFC8754 and related/subsequent drafts? Hi, On Thu, Oct 21, 2021 at 05:08:00PM +0000, Andrew Alston wrote: > As an operator that runs extensive IPv6 ??? I???d really like to hear thoughts and comments and potentially we can find a way to address these issues. We've decided long ago that we see no value in SRv6. MPLS-SR makes sense, SRv6 seems to just bring heaps of complications. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 _______________________________________________ v6ops mailing list v6ops@ietf.org<mailto:v6ops@ietf.org> https://www.ietf.org/mailman/listinfo/v6ops<https://www.ietf.org/mailman/listinfo/v6ops>
- [v6ops] Security issues in RFC8754 and related/su… Andrew Alston
- Re: [v6ops] Security issues in RFC8754 and relate… Vasilenko Eduard
- Re: [v6ops] Security issues in RFC8754 and relate… Andrew Alston
- Re: [v6ops] Security issues in RFC8754 and relate… Vasilenko Eduard
- Re: [v6ops] Security issues in RFC8754 and relate… Ron Bonica
- Re: [v6ops] Security issues in RFC8754 and relate… Alexandre Petrescu
- Re: [v6ops] Security issues in RFC8754 and relate… Andrew Alston
- Re: [v6ops] Security issues in RFC8754 and relate… Gert Doering
- Re: [v6ops] Security issues in RFC8754 and relate… Andrew Alston
- Re: [v6ops] Security issues in RFC8754 and relate… Gert Doering
- Re: [v6ops] Security issues in RFC8754 and relate… Warren Kumari
- Re: [v6ops] Security issues in RFC8754 and relate… Eric Vyncke (evyncke)
- Re: [v6ops] Security issues in RFC8754 and relate… Gert Doering
- Re: [v6ops] Security issues in RFC8754 and relate… Andrew Alston
- Re: [v6ops] Security issues in RFC8754 and relate… otroan
- Re: [v6ops] Security issues in RFC8754 and relate… Andrew Alston
- Re: [v6ops] Security issues in RFC8754 and relate… Brian Carpenter
- Re: [v6ops] Security issues in RFC8754 and relate… Andrew Alston
- Re: [v6ops] Security issues in RFC8754 and relate… Eric Vyncke (evyncke)
- Re: [v6ops] Security issues in RFC8754 and relate… Warren Kumari
- Re: [v6ops] Security issues in RFC8754 and relate… Gert Doering
- Re: [v6ops] Security issues in RFC8754 and relate… Brian E Carpenter
- Re: [v6ops] Security issues in RFC8754 and relate… Brian E Carpenter
- Re: [v6ops] Security issues in RFC8754 and relate… Gert Doering
- Re: [v6ops] Security issues in RFC8754 and relate… Andrew Alston
- Re: [v6ops] Security issues in RFC8754 and relate… Brian E Carpenter
- Re: [v6ops] Security issues in RFC8754 and relate… Andrew Alston
- Re: [v6ops] Security issues in RFC8754 and relate… Warren Kumari
- Re: [v6ops] Security issues in RFC8754 and relate… Andrew Alston
- Re: [v6ops] Security issues in RFC8754 and relate… Warren Kumari
- Re: [v6ops] Security issues in RFC8754 and relate… Warren Kumari
- Re: [v6ops] Security issues in RFC8754 and relate… Andrew Alston
- Re: [v6ops] Security issues in RFC8754 and relate… Mark Smith
- Re: [v6ops] Security issues in RFC8754 and relate… Gert Doering
- Re: [v6ops] Security issues in RFC8754 and relate… otroan