IPv6 Neighbor Discovery (ND) Trust Models and Threats
draft-ietf-send-psreq-04
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
04 | (System) | post-migration administrative database adjustment to the Yes position for Thomas Narten |
2003-12-23
|
04 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2003-12-22
|
04 | Amy Vezza | IESG state changed to Approved-announcement sent |
2003-12-22
|
04 | Amy Vezza | IESG has approved the document |
2003-12-22
|
04 | Amy Vezza | Closed "Approve" ballot |
2003-12-18
|
04 | Amy Vezza | Removed from agenda for telechat - 2003-12-18 by Amy Vezza |
2003-12-18
|
04 | Amy Vezza | State Changes to Approved-announcement to be sent from IESG Evaluation by Amy Vezza |
2003-12-18
|
04 | Thomas Narten | [Ballot Position Update] Position for Thomas Narten has been changed to Yes from Undefined by Thomas Narten |
2003-12-18
|
04 | Thomas Narten | [Ballot Position Update] Position for Thomas Narten has been changed to Undefined from Discuss by Thomas Narten |
2003-12-18
|
04 | Thomas Narten | [Ballot discuss] 2003-09-18 review of -3 (on agenda) > In constrast to solicitation messages that create state only in these > specific occasions, … [Ballot discuss] 2003-09-18 review of -3 (on agenda) > In constrast to solicitation messages that create state only in these > specific occasions, state is usually created whenever a node receives > an advertisement message. actually, I thought state was created for an advertisement only if the node was expecting an advertisement from a particular source IP address. This is to prevent the ND cache from overflowing as a result of entries it doesn't really care about.... (This is copied from ARP). > 4.1.3 Duplicate Address Detection DoS Attack > > In networks where the entering hosts obtain their addresses using > stateless address autoconfiguration [4], an attacking node could > launch a DoS attack by responding to every duplicate address > detection attempt made by an entering host. If the attacker claims not just with stateless addr conf. DHC requires this. Some manual configs do this (I suspect). Issue occurs whenever DAD is invoked prior to actually configuring a suggested address. nits: suffers from a chicken-and-egg problem [11]: one needs and IP address s/and IP/an IP/ > One should also note that link layer security and IP topology do not s/link layer/link-layer/ > messages to creat bindings between IP addresses and MAC addresses. s/creat/create/ > This threat involves Neighbor Solicitation and Neighbor Advertisement > messages. better: s/this threat/the above threat/ same for next paragraph. (Actually, the useage of this occurs frequently, and is less clear than being specific as to what the "this" refers to). > This threat involves Router Advertisement message. The extended s/message/messages/ This threat involves Neighbor Solicitation message. ditto (and throughout) |
2003-12-18
|
04 | Thomas Narten | [Ballot Position Update] New position, Discuss, has been recorded for by Thomas Narten |
2003-12-18
|
04 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded for by Alex Zinin |
2003-12-18
|
04 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for by Bill Fenner |
2003-12-17
|
04 | Ted Hardie | [Ballot Position Update] New position, No Objection, has been recorded for by Ted Hardie |
2003-12-16
|
04 | Steven Bellovin | [Ballot Position Update] New position, No Objection, has been recorded for by Steve Bellovin |
2003-12-11
|
04 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded for by Russ Housley |
2003-12-07
|
04 | Ned Freed | [Ballot Position Update] New position, No Objection, has been recorded for by Ned Freed |
2003-12-07
|
04 | Margaret Cullen | [Ballot Position Update] New position, Yes, has been recorded for Margaret Wasserman |
2003-12-07
|
04 | Margaret Cullen | Ballot has been issued by Margaret Wasserman |
2003-12-07
|
04 | Margaret Cullen | Created "Approve" ballot |
2003-12-07
|
04 | (System) | Last call text was added |
2003-12-07
|
04 | (System) | Ballot approval text was added |
2003-12-05
|
04 | Margaret Cullen | [Note]: 'Back on the agenda to address minor comments from Thomas, Ted and Russ.' added by Margaret Wasserman |
2003-12-02
|
04 | Margaret Cullen | [Note]: 'New version (-04) addresses comments from Thomas, Ted and Russ. Back on agenda for final approval.' added by Margaret Wasserman |
2003-11-30
|
04 | Margaret Cullen | Placed on agenda for telechat - 2003-12-18 by Margaret Wasserman |
2003-11-30
|
04 | Margaret Cullen | State Changes to IESG Evaluation from IESG Evaluation::Revised ID Needed by Margaret Wasserman |
2003-10-15
|
04 | (System) | New version available: draft-ietf-send-psreq-04.txt |
2003-09-30
|
04 | Margaret Cullen | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation::AD Followup by Margaret Wasserman |
2003-09-30
|
04 | Margaret Cullen | Removed from agenda for telechat - 2003-10-16 by Margaret Wasserman |
2003-09-30
|
04 | Margaret Cullen | Placed on agenda for telechat - 2003-10-16 by Margaret Wasserman |
2003-09-22
|
04 | Amy Vezza | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza |
2003-09-22
|
04 | Michael Lee | Removed from agenda for telechat - 2003-09-18 by Michael Lee |
2003-09-18
|
04 | Margaret Cullen | Minor comments from Thomas and Ted to be communicated to the authors: From: hardie@qualcomm.com X-Sender: hardie@mage.qualcomm.com Date: Thu, 18 Sep 2003 09:37:29 -0700 To: mrw@windriver.com … Minor comments from Thomas and Ted to be communicated to the authors: From: hardie@qualcomm.com X-Sender: hardie@mage.qualcomm.com Date: Thu, 18 Sep 2003 09:37:29 -0700 To: mrw@windriver.com Subject: Nit on send doc Hi Margaret, This is just a way small grammar nit: Note that the plus sign '+' in the table does not mean that there is a ready-to-be-applied, standardized solution. If solutions existed, this document would be unnecessary. Instead, it denotes that in the authors' opinion the problem has been solved in principle, and there exist a publication that describes some approach to solve the ***>>"and there exists a publication" To: Margaret Wasserman cc: iesg@ietf.org Subject: draft-ietf-send-psreq-03.txt Date: Thu, 18 Sep 2003 12:34:56 -0400 From: Thomas Narten These should all be easy to fix. I'm happy with whatever the authors want to do with it. Thomas > In constrast to solicitation messages that create state only in these > specific occasions, state is usually created whenever a node receives > an advertisement message. actually, I thought state was created for an advertisement only if the node was expecting an advertisement from a particular source IP address. This is to prevent the ND cache from overflowing as a result of entries it doesn't really care about.... (This is copied from ARP). > 4.1.3 Duplicate Address Detection DoS Attack > > In networks where the entering hosts obtain their addresses using > stateless address autoconfiguration [4], an attacking node could > launch a DoS attack by responding to every duplicate address > detection attempt made by an entering host. If the attacker claims not just with stateless addr conf. DHC requires this. Some manual configs do this (I suspect). Issue occurs whenever DAD is invoked prior to actually configuring a suggested address. nits: suffers from a chicken-and-egg problem [11]: one needs and IP address s/and IP/an IP/ > One should also note that link layer security and IP topology do not s/link layer/link-layer/ > messages to creat bindings between IP addresses and MAC addresses. s/creat/create/ > This threat involves Neighbor Solicitation and Neighbor Advertisement > messages. better: s/this threat/the above threat/ same for next paragraph. (Actually, the useage of this occurs frequently, and is less clear than being specific as to what the "this" refers to). > This threat involves Router Advertisement message. The extended s/message/messages/ This threat involves Neighbor Solicitation message. ditto (and throughout) |
2003-09-18
|
04 | Amy Vezza | Russ Housley (Comments): Typo in section 3.2. Please change "EAS encryption" to "AES encryption. |
2003-09-12
|
04 | Margaret Cullen | State Changes to IESG Evaluation from AD Evaluation by Margaret Wasserman |
2003-09-12
|
04 | Margaret Cullen | Placed on agenda for telechat - 2003-09-18 by Margaret Wasserman |
2003-07-31
|
04 | Margaret Cullen | State Changes to AD Evaluation from Publication Requested by Margaret Wasserman |
2003-07-28
|
04 | Margaret Cullen | Shepherding AD has been changed to Wasserman, Margaret from Narten, Thomas |
2003-05-05
|
04 | Thomas Narten | Shepherding AD has been changed to Narten, Thomas from Nordmark, Erik |
2003-04-29
|
04 | Natalia Syracuse | Draft Added by Syracuse, Natalia |
2003-04-14
|
03 | (System) | New version available: draft-ietf-send-psreq-03.txt |
2003-04-08
|
02 | (System) | New version available: draft-ietf-send-psreq-02.txt |
2003-01-23
|
01 | (System) | New version available: draft-ietf-send-psreq-01.txt |
2002-10-17
|
00 | (System) | New version available: draft-ietf-send-psreq-00.txt |