In your previous mail you wrote:
For reference, the full text of (the candidate of) new revision is
available at: http://www.jinmei.org/draft-ietf-ipv6-scoping-arch-02rc1.txt
> Steve Bellovin:
> Discuss:
> [2004-07-06] The Security Considerations section should note that the
> ambiguity of addresses means that unqualified source IP addresses
> cannot safely be used in security contexts such as ACLs or IKE
> negotiation.
Proposed resolution:
add the following paragraph at the head of security considerations
section:
The ambiguity of limited scope addresses has security implications.
In particular, unqualified source IP addresses regarding their scope
cannot safely be used in security contexts such as access control
lists or key negotiations for IP security.
=> IMHO the proposed resolution is not enough accurate: there is a real
issue with scoped addresses and IKE which is not really addressed.
It has been known since many years, I remember some message exchanges
with Itojun about this (I proposed a fix for racoon, the KAME IKE
implementation). Fortunately I have a text about this issue in
my MIPv6/IPsec framework draft which I translated to xml two days ago
in order to refresh it... I put it as it is at the end of this message.
Regards
[EMAIL PROTECTED]
PS: please ask if you need help to understand my text or to adapt
it to your draft.
PPS: some details:
- the original text is pretty old (feb 2002)
- the SCOPING reference is the scoping architecture draft
- the term partition comes from mathematics
<section anchor="scoped" title="Scoped Addresses">
<t>
This topics is not really a Mobile IPv6 one, but in practice the
"mobile VPN" case there is a heavy usage of limited scope or
private addresses.
</t>
<t>
The issue is that addresses carried in identity or traffic
selector payloads are not clothed with zone identifiers.
Only the peer addresses used to transport messages have an
indirect indication of their zones.
</t>
<t>
The IPv6 address architecture <xref target="SCOPING" /> gives
the properties
of zones: at a given scope, zones formed a partition, i.e.,
an interface belongs to one and only one zone. They have an
inclusion property too, i.e., a zone of a given scope is
fully included into a zone of any higher scope. This gives
an inheritance property which is safe when it is used in
the proper way: to establish SAs with global addresses with
IKE running over link-local addresses is safe, the opposite
is not.
</t>
<t>
<iref item="RULE" subitem="" />
RULE: The default policy SHOULD accept scoped addresses as
selectors of SAs only when they are established using peer
addresses (for the transport of IKE/IKEv2/etc messages) which
are in fully included zones.
</t>
</section>
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
