Re: [Full-disclosure] IPv6 security myths

Steven Bellovin <smb@cs.columbia.edu> Wed, 27 October 2010 15:47 UTC

Return-Path: <smb@cs.columbia.edu>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C0BB33A69B8 for <ietf@core3.amsl.com>; Wed, 27 Oct 2010 08:47:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.956
X-Spam-Level:
X-Spam-Status: No, score=-2.956 tagged_above=-999 required=5 tests=[AWL=-0.357, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E1FPaBGbiYF8 for <ietf@core3.amsl.com>; Wed, 27 Oct 2010 08:47:52 -0700 (PDT)
Received: from tarap.cc.columbia.edu (tarap.cc.columbia.edu [128.59.29.7]) by core3.amsl.com (Postfix) with ESMTP id DD9753A692E for <ietf@ietf.org>; Wed, 27 Oct 2010 08:47:51 -0700 (PDT)
Received: from v234.vpn.iad.rg.net (v234.vpn.iad.rg.net [198.180.150.234]) (user=smb2132 mech=PLAIN bits=0) by tarap.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id o9RFnC0g017447 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 27 Oct 2010 11:49:13 -0400 (EDT)
Subject: Re: [Full-disclosure] IPv6 security myths
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <CC0921A1-6016-419E-BB1D-6B8734F25784@cisco.com>
Date: Wed, 27 Oct 2010 17:49:11 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <3920943A-380D-408D-91DD-11E0848313A7@cs.columbia.edu>
References: <D085EE87-A989-4190-AFCF-48C368A66234@sabahattin-gucukoglu.com> <CC0921A1-6016-419E-BB1D-6B8734F25784@cisco.com>
To: Fred Baker <fred@cisco.com>
X-Mailer: Apple Mail (2.1081)
X-No-Spam-Score: Local
X-Scanned-By: MIMEDefang 2.68 on 128.59.29.7
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Oct 2010 15:47:53 -0000

On Oct 26, 2010, at 10:39 49PM, Fred Baker wrote:

> I'm not a security guru, and will step aside instantly if someone with those credentials says I'm wrong. However, from my perspective, the assertion that IPv6 had any security properties that differed from IPv4 *at*all* has never made any sense. It is essentially a marketing claim, and - well, we all have marketing departments.
> 

Actually, the claim was made, and was correct at the time under assumptions that proved false.

The core issue was indeed that IPsec was mandated for v6.  We were *very* overoptimistic about how long it would take before roll-out started in earnest.  In fact, we underestimated how long it would take to get good specs for all the important pieces.  We also underestimated how long IPsec would take, though that was partially (but only partially) because IPsec version 1 (RFCs 1825-1829) had to be thrown away.

Quite simply, we assumed (in 1994) that IPv6 rollouts would start around 1996-1997.  Given that, we didn't think that any vendors were going to bother adding IPsec to their v4 stacks.  If that had all come to pass, v6 would indeed have been more secure.  Even as late as 2000, I could still assert that v6 had some advantages; see http://www.cs.columbia.edu/~smb/talks/v6-security/index.htm

We all know what happened.  It's 2010, and deployment is finally starting in earnest.  Virtually v4 stacks have IPsec.  There's a a way to send IPsec through NATs (under certain circumstances).  And no one cares much about host-to-host IPsec, as opposed to host-to-gateway VPNs.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb