[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-v6ops-teredo-security-concerns-00.txt

To: Jim_Hoagland@symantec.com, suresh.krishnan@ericsson.com
Subject: Re: I-D ACTION:draft-ietf-v6ops-teredo-security-concerns-00.txt
From: Rémi Denis-Courmont <rdenis@simphalempin.com>
Date: Mon, 30 Jul 2007 22:12:59 +0300
Cc: v6ops@ops.ietf.org
In-reply-to: <E1IFYpi-0004nW-H0@stiedprstage1.ietf.org>
Organization: Remlab.net
References: <E1IFYpi-0004nW-H0@stiedprstage1.ietf.org>
User-agent: KMail/1.9.7

Le lundi 30 juillet 2007, Internet-Drafts@ietf.org a écrit :
> 	Title		: Teredo Security Concerns
> 	Author(s)	: J. Hoagland, S. Krishnan
> 	Filename	: draft-ietf-v6ops-teredo-security-concerns-00.txt
> 	Pages		: 21
> 	Date		: 2007-7-30

Some comments (some probably already made):

* Section 2.1 says:
  "When Teredo is being enabled or when it is
   going to be used for the first time, perhaps there should be a
   descriptive warning about the possible evasion that will occur."

That feels really intractable in practice. I understand it's a "should 
perhaps", but I doubt anyone's ever going to implement this, really.

* Section 2.2: not at all clear to me what the recommendations mean to 
Teredo clients. The protocol already includes quite a bunch of sanity 
checks on IPv6 addresses. If anything, what should additionaly be done 
needs to be clarified.

* Section 2.3 on source routing should be slimmed down; the 
Recommendations should consist of following 
draft-ietf-ipv6-deprecate-rh0, which need to be Reference'd.

* Sections 4.1, 4.2, 4.3: In theory, bringing up the service only when 
needed is a good idea. This is however a bit vague. The only way I can 
think of doing this without wreaking havoc to the normative 
non-blocking-ness of getaddrinfo() from the Basic IPv6 API, is to bring 
the Teredo tunnel whenever there is no other global IPv6 connectivity.

That however is a very objectable idea, as it effectively suppress the 
idea of "host-specific" relays. As such, the real "global" Teredo 
relays would be used even when they could be avoided, which is bad 
considering they are a bottleneck already.

Whether this means that or something else, I think it would need 
clarifications.

* Section 5.1: Flag randomization is a protocol update. I personnaly do 
not care whether the working group is chartered for it, or not. It 
still is a protocol update.

I suppose, the draft needs to target Standard Tracks and tentatively 
Update RFC4380 for this to stand.

I cannot say I think burning out all but one of the reserved flags was a 
terrible idea, but, oh well, it's done by the de facto monopoly client 
implementation.

* Section 5.2: exact same remark. Deprecating the Cone bit is a protocol 
update. Besides, this has implications to the qualification procedure, 
so it cannot be that simple. (I agree it should be done however).

Best regards,

-- 
Rémi Denis-Courmont
http://www.remlab.net/

Attachment: signature.asc
Description: This is a digitally signed message part.

References:
- I-D ACTION:draft-ietf-v6ops-teredo-security-concerns-00.txt
  - From: Internet-Drafts@ietf.org

Prev by Date: Re: CPE equipments and stateful filters
Next by Date: RE: [BEHAVE] Re: CPE equipments and stateful filters
Previous by thread: I-D ACTION:draft-ietf-v6ops-teredo-security-concerns-00.txt
Index(es):
- Date
- Thread