Re: [v6ops] new draft: draft-vyncke-v6ops-ipv6-only-thin-clients

Mark ZZZ Smith <> Mon, 29 June 2015 02:22 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 17AD41B2E40 for <>; Sun, 28 Jun 2015 19:22:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 3.802
X-Spam-Level: ***
X-Spam-Status: No, score=3.802 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, HK_RANDOM_REPLYTO=0.999, HTML_MESSAGE=0.001, J_CHICKENPOX_74=0.6, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mkQqojl_mU8R for <>; Sun, 28 Jun 2015 19:22:00 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E71271B2E3D for <>; Sun, 28 Jun 2015 19:21:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s2048; t=1435544519; bh=nPwvn3NyT5yrW/hByUXno9DQfZcF6sCkz8/xQzeVBEA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=F1XACoutjSJJJh24OGD5OEtRwJxYQXUPPb0r0HjZesoV67MN2GZhkqeBU7nZOTbD4sTRkokIOmftIhK/5g7UiMzhwb7Ik2dBhwtPK2BqYvEHDMra7KUq5VQ1fyYZUFZA4CFHmnNZiDF4P/BSGtBMowUQLMlVCHyHByDKds7BTrEU/18t+a+nYVEulr41RWQ6enzA0nyKEiGtcroPh50ndB2O8kTb5rXrc2mOUz8QUQLMMm98H3HdM17VyqXFik2v8QF4YTPMDhrheuc2t69plmfZwjjryL9HsLqe4lseDXOoc93nlxuDjx8xfQrSgBWFt0Mxr4+U0lsuo2O/Kqa1qw==
Received: from [] by with NNFMP; 29 Jun 2015 02:21:59 -0000
Received: from [] by with NNFMP; 29 Jun 2015 02:19:10 -0000
Received: from [] by with NNFMP; 29 Jun 2015 02:19:10 -0000
Received: from [] by with NNFMP; 29 Jun 2015 02:19:10 -0000
Received: from [] by with NNFMP; 29 Jun 2015 02:19:10 -0000
X-Yahoo-Newman-Property: ymail-4
X-YMail-OSG: QyaSgvIVM1kD1Jp.bBpZGjl2EsG_aDRL4B7umhizuR01m3BQZY2.RQysGcyYeUI 3jVpgxYu2HjYawRymjrCyaMQWwu7850eo2ko..H9OVLQpkabEpbVi.IP0TJX3FCfUocXWKQMz77w jQzXWLDk0Gz3eWX_bpi8kAreLRmR52DSCajj0iaE63awMvY1nmqUFbJhjs7p.4OyYq_t52.uuT0V eNbnb0KmLvwDugHj60p2l8nvubJpVD7L3X2Qc5wGymo5fcQ.n_W0XQkoDOt._c.whoZZq7b.xTG2 xWNZ8CnWEH.MnZU.FAamG0pg_KXCUa_nZIa15H4tEawbPja2bGlZXAoRAvNzsEi9nTVXZDHzom6P 54hwUU4.Qf1t_LdZkZK9VeI9ujV0leOMDxgeudnEZAPtCZjwodkihEV0jxEBCXXT6FUCWzrAklox pjktsTtrE9kSdA3VYnC1yaMltMTUcuG5t8mqzg1V6Qpkb_lw6xPhWUWcSPtWUS4wBwdM94LevxRR r1xXiJhqGww.QbZlPAYYBJVlVbEwx
Received: by; Mon, 29 Jun 2015 02:19:10 +0000
Date: Mon, 29 Jun 2015 02:19:09 +0000 (UTC)
From: Mark ZZZ Smith <>
To: "" <>
Message-ID: <>
In-Reply-To: <>
References: <>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_1631701_176801018.1435544349083"
Archived-At: <>
Cc: "" <>
Subject: Re: [v6ops] new draft: draft-vyncke-v6ops-ipv6-only-thin-clients
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Mark ZZZ Smith <>
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 29 Jun 2015 02:22:01 -0000

Some thoughts/comments:

Regarding WoL, at least one of my Wifi NICs supports it, so it isn't exclusive to wired links. I don't know much about it, I've discovered it because I've wanted to save device power and therefore switch it off. According to some Internet searching it is more generally known as "Wake on Wireless LAN" or "WoWLAN".

"1.3.  Mitigation"

"For example, to reach all nodes in 2001:db8::/64, let's
   configure a static Neighbor Cache entry for 2001:db8::cafe:c0:ffee as   ff-ff-ff-ff-ff-ff."
I think it would be better to use the IPv6 link-layer "all nodes" multicast address of 33:33:00:00:00:01 for this. Ideally, in an IPv6 only network, NICs could drop link-layer broadcasts and perform an amount of multicast address filtering.

"2.  opening a door to a denial of service attack: a remote hostile       party could keep sending packets this is specific unicast address       forcing all hosts to stay awake, hence wasting electrical energy.       As this address is a unicast address which does not belong to any       physical host on the layer-2 domain, then all nodes will silently       discard this packet at the layer-3."
This reads to me as though it is being seen as an IPv6 specific threat, where as I'd consider it to also be a threat in an IPv4 network. If it is not seen as an IPv4 threat because of RFC1918 addresses, then I think the equivalent mitigation for IPv6 would be to limit the ability to wake devices by only allowing/using ULA addresses for WoL magic destinations (i.e., devices would still have global addresses, but a global address would not be a magic WoL address.)