Re: [v6ops] new draft: draft-vyncke-v6ops-happy-eyeballs-cookie
"Metzler, Dan J" <dan-metzler@uiowa.edu> Wed, 11 February 2015 16:31 UTC
Return-Path: <dan-metzler@uiowa.edu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9C881A1A0B for <v6ops@ietfa.amsl.com>; Wed, 11 Feb 2015 08:31:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ikw1bP4R25Jk for <v6ops@ietfa.amsl.com>; Wed, 11 Feb 2015 08:31:54 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0103.outbound.protection.outlook.com [65.55.169.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB65D1A1A04 for <v6ops@ietf.org>; Wed, 11 Feb 2015 08:31:53 -0800 (PST)
Received: from CO2PR04MB585.namprd04.prod.outlook.com (10.141.196.139) by CO2PR04MB586.namprd04.prod.outlook.com (10.141.196.145) with Microsoft SMTP Server (TLS) id 15.1.81.19; Wed, 11 Feb 2015 16:31:52 +0000
Received: from CO2PR04MB585.namprd04.prod.outlook.com ([10.141.196.139]) by CO2PR04MB585.namprd04.prod.outlook.com ([10.141.196.139]) with mapi id 15.01.0081.018; Wed, 11 Feb 2015 16:31:52 +0000
From: "Metzler, Dan J" <dan-metzler@uiowa.edu>
To: "fred@cisco.com" <fred@cisco.com>, "v6ops@ietf.org" <v6ops@ietf.org>
Thread-Topic: [v6ops] new draft: draft-vyncke-v6ops-happy-eyeballs-cookie
Thread-Index: AQHQRfkIV1AJCFSpgEGU5Tc0I0UCFpzrjvNg
Date: Wed, 11 Feb 2015 16:31:51 +0000
Message-ID: <CO2PR04MB58594A556272EA22DEF5AB1FE250@CO2PR04MB585.namprd04.prod.outlook.com>
References: <201502111247.t1BCl1Ek003460@irp-lnx1.cisco.com>
In-Reply-To: <201502111247.t1BCl1Ek003460@irp-lnx1.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2620:0:e50:1001:9117:8526:3257:a27e]
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:CO2PR04MB586;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:CO2PR04MB586;
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(13464003)(51704005)(377454003)(89122001)(106116001)(76576001)(2501002)(1720100001)(62966003)(77156002)(75432002)(230783001)(99286002)(90282001)(76176999)(54356999)(50986999)(19580405001)(19580395003)(2656002)(40100003)(87936001)(46102003)(88552001)(33656002)(77096005)(2900100001)(15975445007)(2950100001)(92566002)(86362001)(122556002)(102836002)(74316001)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:CO2PR04MB586; H:CO2PR04MB585.namprd04.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uiowa.edu
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2015 16:31:51.5116 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 1bc44595-9aba-4fc3-b8ec-7b94a5586fdc
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR04MB586
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/qLCx7B20SaSY-a8VbjPivcXSKx8>
Cc: "draft-vyncke-v6ops-happy-eyeballs-cookie@tools.ietf.org" <draft-vyncke-v6ops-happy-eyeballs-cookie@tools.ietf.org>
Subject: Re: [v6ops] new draft: draft-vyncke-v6ops-happy-eyeballs-cookie
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2015 16:31:57 -0000
A few comments on this " 5. Potential Mitgation" - Obviously, correct the spelling of Mitigation. - IMHO, I would remove the word "Potential". (See below) " 7. Security Considerations" - I would qualify the first phrase by rewording somewhat like as follows, (or remove the phrase altogether): The association of the session cookie with the user-agent IP address has some security value as it can help prevent "session cookie stealing" in some limited situations... - It should be understood that the desire to protect a cookie from cookie stealing often implies that a potential attacker has already gained access to the cookie, and is close enough in proximity to the transmission path(s), or endpoints, that any assumptions, about the attacker's address always being different, are no longer valid assumptions; even without a man-in-the-middle attack. NAT, mobile devices, and server hosted client apps are all examples of situations where addresses can be shared and/or swapped between multiple users. I would think that exchange of random keys at the beginning of session establishment, along with some type of validation algorithm, is a much better way to address this type of security consideration than using an address as the key. - Dan > -----Original Message----- > From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of fred@cisco.com > Sent: Wednesday, February 11, 2015 6:47 AM > To: v6ops@ietf.org > Cc: draft-vyncke-v6ops-happy-eyeballs-cookie@tools.ietf.org > Subject: [v6ops] new draft: draft-vyncke-v6ops-happy-eyeballs-cookie > > A new draft has been posted, at http://tools.ietf.org/html/draft-vyncke-v6ops- > happy-eyeballs-cookie. Please take a look at it and comment. > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops
- [v6ops] new draft: draft-vyncke-v6ops-happy-eyeba… fred
- [v6ops] new draft: draft-vyncke-v6ops-happy-eyeba… fred
- Re: [v6ops] new draft: draft-vyncke-v6ops-happy-e… Jeroen Massar
- Re: [v6ops] new draft: draft-vyncke-v6ops-happy-e… Erik Nygren
- Re: [v6ops] new draft: draft-vyncke-v6ops-happy-e… Joe Touch
- Re: [v6ops] new draft: draft-vyncke-v6ops-happy-e… Joe Touch
- [v6ops] new draft: draft-vyncke-v6ops-happy-eyeba… fred
- Re: [v6ops] new draft: draft-vyncke-v6ops-happy-e… Ray Hunter
- Re: [v6ops] new draft: draft-vyncke-v6ops-happy-e… Metzler, Dan J
- Re: [v6ops] new draft: draft-vyncke-v6ops-happy-e… Mark ZZZ Smith
- Re: [v6ops] new draft: draft-vyncke-v6ops-happy-e… Eric Vyncke (evyncke)
- Re: [v6ops] new draft: draft-vyncke-v6ops-happy-e… Mark ZZZ Smith