IETF Logo Mail Archive

Re: [savi] More Opinions, Please - On the Protection of Unused Addresses

"Joel M. Halpern" <jmh@joelhalpern.com> Mon, 29 June 2009 23:36 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: savi@core3.amsl.com
Delivered-To: savi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3784E3A6C04 for <savi@core3.amsl.com>; Mon, 29 Jun 2009 16:36:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.511
X-Spam-Level:
X-Spam-Status: No, score=-3.511 tagged_above=-999 required=5 tests=[AWL=0.088, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id blfc3VDnSuzV for <savi@core3.amsl.com>; Mon, 29 Jun 2009 16:36:31 -0700 (PDT)
Received: from hermes.mail.tigertech.net (hermes.mail.tigertech.net [64.62.209.72]) by core3.amsl.com (Postfix) with ESMTP id 73A7C3A6A48 for <savi@ietf.org>; Mon, 29 Jun 2009 16:36:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.tigertech.net (Postfix) with ESMTP id 4133C430516 for <savi@ietf.org>; Mon, 29 Jun 2009 16:36:47 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at hermes.tigertech.net
Received: from [10.10.10.100] (pool-71-161-52-172.clppva.btas.verizon.net [71.161.52.172]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by hermes.tigertech.net (Postfix) with ESMTP id AEB31430515 for <savi@ietf.org>; Mon, 29 Jun 2009 16:36:46 -0700 (PDT)
Message-ID: <4A49500B.6000702@joelhalpern.com>
Date: Mon, 29 Jun 2009 19:36:43 -0400
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: SAVI Mailing List <savi@ietf.org>
References: <81955095-4CA3-41E8-8435-99B2AF644621@ericsson.com> <CD75E53C-F792-454F-AC1D-B3C097AEF774@ericsson.com>
In-Reply-To: <CD75E53C-F792-454F-AC1D-B3C097AEF774@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [savi] More Opinions, Please - On the Protection of Unused Addresses
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mailing list for the SAVI WG <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2009 23:36:32 -0000

While I appreciate Christian's question, I think that this is part of a 
larger pair of questions that we talk around, but do not address.

1) What threats are we actually trying to protect against.  The threats 
draft talks about general internet threats and the need to be able to 
track them back.  But it is not particularly clear about what behavioral 
threats we are actually concerned with stopping in SAVI
- Are we concerned with ensure that every packet leaving a site can be 
reliably tracked back to a human being
- Are we concerned with preventing one device within a site from 
masquerading as another device, either at the IP or MAC layer.

2) What tools do we want to require or prohibit.  While we probably do 
not want to mandate a single tool set, without mandating something we 
get nowhere.  Possibilities include
- restricting mobility (with or without session continuity)
- Requiring MAC or IP authentication (*02.1X, SEND, ...)
- Requiring central management of addressing and bindings

No, those are not all the alternatives.  As far as I can tell from 
watching this list, there are folks who take as given the need for 
almost any subset of these and related constraints you can imagine. 
Unless we pick, explicitly, we will continue to argue in circles.

For example, the question of controlling unregistered addresses turns on 
assumptions about what threats we are addressing, and assumptions about 
address allocation that mean that "unregistered" is a meaningful 
condition.  I don't object to that particular pair, but it is really 
hard to discuss the acceptability of answers without agreeing on the 
questions.

Yours,
Joel M. Halpern

Christian Vogt wrote:
> Folks -
> 
> I would like to solicit more feedback on the benefit-cost analysis
> (below) for protecting unused addresses. How valuable do people consider
> protection of unused addresses, how much cost do they think is OK?  Is
> there something that the analysis overlooks?  We already got several
> very useful comments from a few people.  What do the others think?
> 
> To recap:  We need to decide between the following three options of
> dealing with unused addresses:
> 
> - Not protect unused addresses, i.e., forward packets without a binding.
>   Logging is still possible, though.
> 
> - Protect unused addresses, and coordinate SAVI devices on the same link
>   by manually disabling SAVI protection on ports connecting to other
>   SAVI devices.
> 
> - Protect unused addresses, and coordinate SAVI devices on the same link
>   with a dedicated binding synchronization protocol.
> 
> Please send your feedback by Sunday, July 5.  We will vote after that.
> 
> - Christian

v2.23.0 | Report a Bug | By Email