Re: [v6ops] Secdir last call review of draft-ietf-v6ops-cpe-slaac-renum-04
Fernando Gont <fgont@si6networks.com> Thu, 10 September 2020 05:10 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5504F3A0DFE; Wed, 9 Sep 2020 22:10:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.845
X-Spam-Level:
X-Spam-Status: No, score=-2.845 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.948, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rKUxZ3TEy4vU; Wed, 9 Sep 2020 22:10:26 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 570643A0DF9; Wed, 9 Sep 2020 22:10:26 -0700 (PDT)
Received: from [10.0.0.134] (unknown [186.19.8.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id DCEB02800FF; Thu, 10 Sep 2020 05:10:18 +0000 (UTC)
To: Christopher Wood <caw@heapingbits.net>, secdir@ietf.org
Cc: last-call@ietf.org, v6ops@ietf.org, draft-ietf-v6ops-cpe-slaac-renum.all@ietf.org
References: <159969337123.15697.6820068156665930267@ietfa.amsl.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <fe485ff7-193c-e079-05ee-6a3e24362302@si6networks.com>
Date: Thu, 10 Sep 2020 02:09:41 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <159969337123.15697.6820068156665930267@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/uBhDHzUIzroEqRzyvWS764DBnKo>
Subject: Re: [v6ops] Secdir last call review of draft-ietf-v6ops-cpe-slaac-renum-04
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 05:10:30 -0000
Hello, Chris,
Thanks a lot for your comments! In-line....
On 9/9/20 20:16, Christopher Wood via Datatracker wrote:
> Reviewer: Christopher Wood
> Review result: Has Nits
>
> Summary: Has Nits
>
> Comments:
>
> - Section 3: is it possible for an attacker to send DHCPv6 Prefix Delegations
> with lifetime=0 to CE routers that support LAN-side DHCPv6 and amplify
> Reconfigure messages to supporting clients? (I don't know if this is a concern
> or part of the threat model, but this did seem to be a case of possible
> request/response asymmetry.)
Not sure what you mean. PDs with a lifetime of 0 are orthogonal to
Reconfigure messages.
If the client asked for reconfigure support, yes it will be accepting
server reconfigure messages.
However, Reconfigure messages are required to be unicasted (RFC8415,
Section 16.11), so there's no possibility for amplification (i.e.,
single server packet triggering actions on multiple clients).
> - Section 4: rationale for these default values,
> if available, might be worth including. (Why not make them shorter? What are
> the tradeoffs?)
I suggested to add this in response to Dale's comments:
" However, while the aforementioned values represent an improvement
over the default values specified in [RFC4861], they represent a
trade-off among a number of factors, including responsiveness, possible
impact on the battery life of connected devices [RFC7772], etc. Thus,
they may or may not provide sufficient mitigation to the problem
discussed in this document.
"
?
> - Section 6: it might be worth noting what happens if stable
> storage is unavailable or otherwise compromised when trying to store prefix
> information. What happens if the "A" or "L" bits are modified? (I suspect
> nothing dangerous, but it's not clear to me whether or not integrity is
> important.)
Compromised as in "an attacked intentionally caused different bits to be
stored"?
If so, I'd say that's probably the least of your concerns. Since DHCPv6
exchanges are not encrypted or authenticated, your first concern would
be forged packets. If the attacker has essentially hacked the CE Router,
then all bets are off.
> Nits:
>
> - In some places "\"Valid Lifetime\"" is written as "valid-lifetime" -- should
> these be made consistent?
We use "Valid Lifetime" for SLAAC PIOs, and "valid-lifetime" for DHCPv6
options, since that's what the respective specs use. Please do let us
know if you think this should be clarified.
Thanks!
Regards,
--
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- [v6ops] Secdir last call review of draft-ietf-v6o… Christopher Wood via Datatracker
- Re: [v6ops] Secdir last call review of draft-ietf… Ted Lemon
- Re: [v6ops] [secdir] Secdir last call review of d… Uri Blumenthal
- Re: [v6ops] [secdir] Secdir last call review of d… Ted Lemon
- Re: [v6ops] Secdir last call review of draft-ietf… Fernando Gont
- Re: [v6ops] [secdir] Secdir last call review of d… Fernando Gont
- Re: [v6ops] Secdir last call review of draft-ietf… Christopher Wood
- Re: [v6ops] Secdir last call review of draft-ietf… Christopher Wood
- Re: [v6ops] Secdir last call review of draft-ietf… Warren Kumari
- Re: [v6ops] [secdir] Secdir last call review of d… Owen DeLong