Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns
Owen DeLong <owen@delong.com> Fri, 31 July 2020 20:53 UTC
Return-Path: <owen@delong.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2460F3A0BD7; Fri, 31 Jul 2020 13:53:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=delong.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IyhmkAc12TSJ; Fri, 31 Jul 2020 13:53:37 -0700 (PDT)
Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id B7C213A0BCE; Fri, 31 Jul 2020 13:53:36 -0700 (PDT)
Received: from [IPv6:2620::930:0:11e4:d8eb:346c:c2b8] ([IPv6:2620:0:930:0:11e4:d8eb:346c:c2b8]) (authenticated bits=0) by owen.delong.com (8.15.2/8.15.2) with ESMTPSA id 06VKrSTo3063342 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 31 Jul 2020 13:53:28 -0700
DKIM-Filter: OpenDKIM Filter v2.11.0 owen.delong.com 06VKrSTo3063342
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delong.com; s=mail; t=1596228811; bh=8XEVuV0+mkm0tzpUnyZYWioW8douCkmddhFRH2nLaPc=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=o+kBh5CbzF+hM6KOUYdTtl/RXXS4d0gZ4DWB+ZsJyPReFfhzplqdyEmpmBzvKFWIM qaNF0FahHAysFoxa0geKIGW2dQxyw2D/5X2mllnsfdy1heez4N7ct/tQ6Ozv6RBGsm LdiG4SRbPt2NTLOAQquswex2R3Gal1ap9B+N8WBU=
From: Owen DeLong <owen@delong.com>
Message-Id: <F7A2BE3D-07F4-4FA9-8765-8B247B80C93E@delong.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_99086095-4D45-4A67-A75A-0F3BD7991C2A"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Fri, 31 Jul 2020 13:53:28 -0700
In-Reply-To: <94D12FD5-3A0A-4278-A229-F0D88EC906D6@fugue.com>
Cc: "Pascal Thubert (pthubert)" <pthubert=40cisco.com@dmarc.ietf.org>, v6ops list <v6ops@ietf.org>, 6man <ipv6@ietf.org>
To: Ted Lemon <mellon@fugue.com>
References: <96fa6d80137241dd9b57fcd871c8a897@huawei.com> <CAFU7BARePzdeU5DFgoOWyrF0xZCj67_xkC2t8vMN2nH0d8aUig@mail.gmail.com> <37e2a7110f6b423eba0303811913f533@huawei.com> <CAFU7BATiD8RkiWXjrxGuAJU-BUwRQCErYZivUPZ-Mc_up_qGxQ@mail.gmail.com> <aebc46c9b813477b9ae0db0ef33e7bd9@huawei.com> <CAO42Z2yL7+GbO6QRaNzFYoBXLF-JZ2NfwgTTt2zerKhJLwt2Lw@mail.gmail.com> <3C1ECB6F-E667-4200-964F-AB233A0A56E9@cisco.com> <91D98D51-4045-4331-A711-8387ECE73400@fugue.com> <F56A89D4-0DA3-4A9B-ADC1-FC51ECAB193B@delong.com> <94D12FD5-3A0A-4278-A229-F0D88EC906D6@fugue.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (owen.delong.com [IPv6:2620:0:930:0:0:0:200:2]); Fri, 31 Jul 2020 13:53:31 -0700 (PDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/vK-j4-FD7O-8EM_OIb2X9j5SeO0>
Subject: Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 20:53:38 -0000
> On Jul 31, 2020, at 08:43 , Ted Lemon <mellon@fugue.com> wrote: > > On Jul 31, 2020, at 11:30 AM, Owen DeLong <owen@delong.com <mailto:owen@delong.com>> wrote: >> 1. Public wifi networks (e.g. coffee houses, etc.) > > The BCP for this case is to isolate clients. That doesn’t prevent layer 2 attacks against the switch or router. > >> 2. College/University settings (some v6 traction here, but often not on student-device accessible LANs) > > For this it would be to give each dorm room its own subnet. This doesn’t cover networks in public areas used by students (e.g. quads, cafeterias, student union, etc.). > >> 3. Other networks which must admit untrusted clients/devices > > E.g. home networks? Or something else? > Something else. I don’t know of a home where one is required to admit untrusted clients onto their network. Owen
- [v6ops] I-D Action: draft-ietf-6man-grand-01 - ad… Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Jen Linkova
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Jen Linkova
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Nick Hilliard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Nick Hilliard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Mark Smith
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … joel jaeggli
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Mark Smith
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Pascal Thubert (pthubert)
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Ted Lemon
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Owen DeLong
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Ted Lemon
- Re: [v6ops] [EXTERNAL] Re: I-D Action: draft-ietf… Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Bob Hinden
- [v6ops] Improving ND security Ted Lemon
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Improving ND security Ted Lemon
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Tony Finch
- [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Improving ND security Ted Lemon
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Ted Lemon
- Re: [v6ops] Improving ND security Templin (US), Fred L
- Re: [v6ops] Improving ND security Ted Lemon
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Improving ND security Bjoern A. Zeeb
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] Improving ND security Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Owen DeLong
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Philip Homburg
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Christian Huitema
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Templin (US), Fred L
- [v6ops] Off topic: Teredo sunset -- Re: [EXTERNAL… Lencse Gábor
- Re: [v6ops] Off topic: Teredo sunset -- Re: [EXTE… Templin (US), Fred L
- Re: [v6ops] Off topic: Teredo sunset -- Re: [EXTE… Joseph Touch
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Michael Richardson
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Michael Richardson
- Re: [v6ops] [EXTERNAL] Re: I-D Action: draft-ietf… Michael Richardson
- Re: [v6ops] [EXTERNAL] Improving ND security Michael Richardson
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Pascal Thubert (pthubert)
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Vasilenko Eduard
- Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 … Mark Smith
- Re: [v6ops] [EXTERNAL] Improving ND security Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Fernando Gont
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Pascal Thubert (pthubert)
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] [EXTERNAL] Re: Improving ND security Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Mark Smith
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Bob Hinden
- [v6ops] distributed vs centralized approaches to … Michael Richardson
- Re: [v6ops] distributed vs centralized approaches… Nick Hilliard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Mark Smith
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Bob Hinden
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Vasilenko Eduard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Nick Hilliard
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Bob Hinden
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Michael Richardson
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] [EXTERNAL] Re: draft-ietf-6man-grand … Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] [EXTERNAL] Re: draft-ietf-6man-grand … Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Warren Kumari
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Templin (US), Fred L
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Manfredi (US), Albert E
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Fred Baker
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] [EXTERNAL] draft-ietf-6man-grand : sa… Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Ted Lemon
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Jen Linkova
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Philip Homburg
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Lorenzo Colitti
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Gyan Mishra
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Pascal Thubert (pthubert)
- Re: [v6ops] draft-ietf-6man-grand : saving lookups Templin (US), Fred L