Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns

Ted Lemon <> Fri, 31 July 2020 15:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 65F2F3A1247 for <>; Fri, 31 Jul 2020 08:13:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oiCZUmsnhQ9d for <>; Fri, 31 Jul 2020 08:13:29 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::f34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 20ED83A1155 for <>; Fri, 31 Jul 2020 08:13:29 -0700 (PDT)
Received: by with SMTP id ed14so14272658qvb.2 for <>; Fri, 31 Jul 2020 08:13:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=OWVOxLRstSPGty7A+CBWdG4BJrIDPtSLRDzA9b2oi5A=; b=QV4sCfZkpI0/l2y9aY+Ku7pSwXSEoDqSQGBtPZSpsT0c3ApLUOTlyS95pxIV30EE5I n0xw+IrCb/Y07+7NcxX9p+pvLvTgsg6RK7/qbAli4FMqll++eK3yue5IuJFPEg3HAUhR vjM8BybP6WipJYbp8/0aw0H8LPPJ7s8+eKWQ/sm6cEB8ACtgeHPuXJnEiZscBZnAQwmM ljWUIwGxjzRYd+zF0f4hWZMXTYSLAnxTO25A0s9+VF7sFwhv9f+XvCblEl0Ro9S8ncsq JyJP04XjpUeLyaxKzax0TJbL2cTumE6yJ23h4ofSdj3Tvai99oI7zu06IAU9gZvx2+nI zcfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=OWVOxLRstSPGty7A+CBWdG4BJrIDPtSLRDzA9b2oi5A=; b=RpjlhIDLmOpbYw4A4XrP6RXuneh/G6xY8+WCMDWNYc3qGc6hKp/injIq8zV6jQqrWh 8IsB/zYoJm9kKDXbyN0kcAaN1c9v7lO9z/13vMdelYmKE5AVaFsndsg70Nydp27VSDBW YLyNtsFgv1Bej5Tx1vqBQ2g0h7mEcqTGSIXbaKnPTY5o/lOHycwLXvhjHVbqDssuYmiI aoZgIKRL2Bdx3Slm9gtggRUFwgisyKL0fATzT9+a943snY4fsbLBKi/9TYn+nhRqOeKc cp1WqLkXDFy0PBbEBzXOlRFPqgznzmRHQAyRpaWQwe5wnUxZ5eCeW1AX+7AXQP7p4/tU RS1g==
X-Gm-Message-State: AOAM532Nhr9wYXbm1a1XyMDtpsA8g4yPPKwtztl5qb5gHI+/QvH97qVf ilEbxIarHcbVOHaMIrfEhZc7iw==
X-Google-Smtp-Source: ABdhPJwwdR4LQHiptwu26PwxzdA5BuiSWXqAi4jkr/Db+Q5nYYa2BuWYRnTyGXJ6VzgAS3j+xJlsig==
X-Received: by 2002:a0c:d7c9:: with SMTP id g9mr4691767qvj.83.1596208404431; Fri, 31 Jul 2020 08:13:24 -0700 (PDT)
Received: from ?IPv6:2601:18b:300:36ee:1d5e:d83c:760:89f9? ([2601:18b:300:36ee:1d5e:d83c:760:89f9]) by with ESMTPSA id f31sm9672265qte.35.2020. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 31 Jul 2020 08:13:23 -0700 (PDT)
From: Ted Lemon <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2D08DCFE-0988-461D-938A-F4BDB9AA8389"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
Date: Fri, 31 Jul 2020 11:13:21 -0400
In-Reply-To: <>
Cc: Mark Smith <>, v6ops list <>, 6man <>
To: "Pascal Thubert (pthubert)" <>
References: <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3608.
Archived-At: <>
Subject: Re: [v6ops] I-D Action: draft-ietf-6man-grand-01 - additional security concerns
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 31 Jul 2020 15:13:31 -0000

On Jul 30, 2020, at 6:26 PM, Pascal Thubert (pthubert) <> wrote:
> I support GRAND because it is better than nothing and progressing just that at 6MAN seems to be an incredible achievement already. 

Indeed.  GRAND seems like a thing that one would be tempted to add to a stack even in the absence of a draft describing it. Having a draft that describes how to do it is better, because we can then have a discussion of what the benefits and drawbacks are, and mitigate the drawbacks. This concern about ND security seems like a useless digression: yes, ND is not secure, we know this. We’ve tried to address it with SEND, but that hasn’t gotten any traction in the market. 

Are we seeing L2 attacks on ND in the wild? What’s the threat model? If this is a real concern, let’s confront it head-on, rather than trying to address it piecemeal.