Re: [v6ops] Improving ND security
"Templin (US), Fred L" <Fred.L.Templin@boeing.com> Fri, 31 July 2020 17:35 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 534483A0C50; Fri, 31 Jul 2020 10:35:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=boeing.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EWuQAPM96vus; Fri, 31 Jul 2020 10:35:47 -0700 (PDT)
Received: from clt-mbsout-02.mbs.boeing.net (clt-mbsout-02.mbs.boeing.net [130.76.144.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 377C03A0C8E; Fri, 31 Jul 2020 10:35:45 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-02.mbs.boeing.net (8.15.2/8.15.2/DOWNSTREAM_MBSOUT) with SMTP id 06VHZf58005314; Fri, 31 Jul 2020 13:35:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boeing.com; s=boeing-s1912; t=1596216943; bh=DUo7ww1w/pv0NZ4byUp+8C9ofUkcKdC9ID8ydkZwfiU=; h=From:To:CC:Subject:Date:From; b=EYxYgq4rAfdjiMaB96a0d1vOt9v0zLJCbIzWupTUaZyv6qG4OtR+ZsrBHirnNwHM7 91RGaJTeGvT664WPgRCeoRavX06mLR3T98iAUeD3k4ibT8NGSoYvYtxeqFbdAirXar KE+Y3ku5w8Thpj3azV+bqewmg2wy1KR6NPQO45cM64aggNs90vxtEf48QtSVclzlY2 7EsR1UyOstCh1RCzNwp6v9/Y0KNA+qRBivOFozBo5DmKBXtEAveHO7WiwOag0weHax cOEpcjYpep7cEzztSyC67tciVdFHpRQxYeciHUUlxYPggxqYmzWNlkLCQWSiDSjqEb lvrMVken7iNtw==
Received: from XCH16-07-09.nos.boeing.com (xch16-07-09.nos.boeing.com [144.115.66.111]) by clt-mbsout-02.mbs.boeing.net (8.15.2/8.15.2/8.15.2/UPSTREAM_MBSOUT) with ESMTPS id 06VHZWrC004749 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=OK); Fri, 31 Jul 2020 13:35:32 -0400
Received: from XCH16-07-10.nos.boeing.com (144.115.66.112) by XCH16-07-09.nos.boeing.com (144.115.66.111) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1979.3; Fri, 31 Jul 2020 10:35:31 -0700
Received: from XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5]) by XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5%2]) with mapi id 15.01.1979.003; Fri, 31 Jul 2020 10:35:31 -0700
From: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
To: Ted Lemon <mellon@fugue.com>
CC: "Pascal Thubert (pthubert)" <pthubert=40cisco.com@dmarc.ietf.org>, v6ops list <v6ops@ietf.org>, 6man <ipv6@ietf.org>
Thread-Topic: Improving ND security
Thread-Index: AdZnYGykJNK1kk2zSneWe05yLDtm6g==
Date: Fri, 31 Jul 2020 17:35:31 +0000
Message-ID: <d5c245f216c3409f826f8132e532a882@boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [137.137.12.6]
x-tm-snts-smtp: 987A15763C39FB47C81163C67172A664484305430C429B3FB5955EE3A62918892000:8
Content-Type: multipart/alternative; boundary="_000_d5c245f216c3409f826f8132e532a882boeingcom_"
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/s48diomLTRgGnOfaLo5fjsu7c1E>
Subject: Re: [v6ops] Improving ND security
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 17:35:53 -0000
On Jul 31, 2020, at 1:17 PM, Templin (US), Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote: Ted, I think SEND would solve the neighbor cache resource exhaustion attack since a NCE is only created on receipt of an authentic (SEND-protected) IPv6 ND message. OK, but an attacker can just generate a bazillion key pairs, right? So it can still exhaust the cache, at the cost of some computation work. [>] I think as long as the network has a way of associating the key pair with another piece of information that accompanies the IPv6 ND message then the network would be able to know when the mobile node is using its (single) authorized key. So, for example, if the IPv6 ND message included an identity for the MN (sort of like a DHCPv6 DUID), the network would know when the MN is using the correct key pair – right? (BTW, I am not saying to use DHCPv6 DUID – that is just one example of a MN identity…) Thanks - Fred
- [v6ops] I-D Action: draft-ietf-6man-grand-01 - ad… Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Jen Linkova
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Jen Linkova
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Nick Hilliard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Nick Hilliard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Mark Smith
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … joel jaeggli
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Mark Smith
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Pascal Thubert (pthubert)
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Ted Lemon
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Owen DeLong
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Ted Lemon
- Re: [v6ops] [EXTERNAL] Re: I-D Action: draft-ietf… Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Bob Hinden
- [v6ops] Improving ND security Ted Lemon
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Improving ND security Ted Lemon
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Tony Finch
- [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Improving ND security Ted Lemon
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Ted Lemon
- Re: [v6ops] Improving ND security Templin (US), Fred L
- Re: [v6ops] Improving ND security Ted Lemon
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Improving ND security Bjoern A. Zeeb
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] Improving ND security Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Owen DeLong
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Philip Homburg
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Christian Huitema
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- [v6ops] Off topic: Teredo sunset -- Re: [EXTERNAL… Lencse Gábor
- Re: [v6ops] Off topic: Teredo sunset -- Re: [EXTE… Templin (US), Fred L
- Re: [v6ops] Off topic: Teredo sunset -- Re: [EXTE… Joseph Touch
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Michael Richardson
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Michael Richardson
- Re: [v6ops] [EXTERNAL] Re: I-D Action: draft-ietf… Michael Richardson
- Re: [v6ops] [EXTERNAL] Improving ND security Michael Richardson
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Pascal Thubert (pthubert)
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Mark Smith
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Mark Smith
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Bob Hinden
- [v6ops] distributed vs centralized approaches to … Michael Richardson
- Re: [v6ops] distributed vs centralized approaches… Nick Hilliard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Mark Smith
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Bob Hinden
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Nick Hilliard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Bob Hinden
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Michael Richardson
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] [EXTERNAL] Re: draft-ietf-6man-grand … Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] [EXTERNAL] Re: draft-ietf-6man-grand … Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Warren Kumari
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Manfredi (US), Albert E
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Fred Baker
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Lorenzo Colitti
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Gyan Mishra
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L