summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc8136.txt
blob: c04a04bf8a7eb4260c0c204fdc2b20efb210353f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
Independent Submission                                      B. Carpenter
Request for Comments: 8136                             Univ. of Auckland
Category: Informational                                        R. Hinden
ISSN: 2070-1721                                     Check Point Software
                                                            1 April 2017


              Additional Transition Functionality for IPv6

Abstract

   This document proposes an additional mechanism intended to both
   facilitate transition from IPv4 to IPv6 and improve the latter's
   security and privacy.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This is a contribution to the RFC Series, independently of any other
   RFC stream.  The RFC Editor has chosen to publish this document at
   its discretion and makes no statement about its value for
   implementation or deployment.  Documents approved for publication by
   the RFC Editor are not a candidate for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc8136.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.









Carpenter & Hinden            Informational                     [Page 1]
^L
RFC 8136        Additional IPv6 Transition Functionality    1 April 2017


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Required Function of All IPv4 Nodes . . . . . . . . . . . . .   2
   3.  Security Flag for IPv6 Packets  . . . . . . . . . . . . . . .   3
   4.  Advanced Solution . . . . . . . . . . . . . . . . . . . . . .   4
     4.1.  Privacy Extension . . . . . . . . . . . . . . . . . . . .   4
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   In a recent statement [IABv6], the Internet Architecture Board deemed
   that the Internet Engineering Task Force is expected to "stop
   requiring IPv4 compatibility in new or extended protocols" and that
   future work will "optimize for and depend on IPv6".  In the interest
   of promoting these goals, this memo makes an important change to IPv4
   node requirements [RFC1122] and adds a missing security feature to
   IPv6 [RFC2460].

1.1.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are not to be interpreted as described in
   [RFC2119].

2.  Required Function of All IPv4 Nodes

   To ensure that all routers, firewalls, load balancers, and other
   forms of middleboxes can readily identify IPv4 packets and deal with
   them appropriately (selective dropping, switching to the slow path
   through a router, sending them to the longest path first, etc.), all
   IPv4 nodes MUST set the security flag defined by [RFC3514] to 1.
   This should be sufficient to ensure that implementers of dual stack
   applications prefer IPv6 when given the choice, and that the Happy
   Eyeballs algorithm [RFC6555] will usually favour the IPv6 path.









Carpenter & Hinden            Informational                     [Page 2]
^L
RFC 8136        Additional IPv6 Transition Functionality    1 April 2017


3.  Security Flag for IPv6 Packets

   The above requirement will somewhat nullify the practical effect of
   the IPv4 security flag for benign traffic, but this disadvantage can
   readily be overcome by adding an equivalent flag for IPv6; in fact,
   this is highly desirable to maintain feature equivalence between IPv4
   and IPv6.  Fortunately, this can easily be achieved since IPv6
   supplies so many bits.  The solution defined here is that the
   Security Flag bit for an IPv6 packet is simply the parity of the
   source address of the packet.  In other words, if the source address
   contains an odd number of 1s, the flag is True; otherwise, it's
   False.  All other considerations for the flag are exactly as
   described in [RFC3514].

   For an interface whose IPv6 address is set by Stateless Address
   Autoconfiguration [RFC4862], it is the host itself that determines
   the state of its security flag, by choosing an appropriate Interface
   Identifier value.  Fortunately this is now possible and compatible
   with [RFC7136], [RFC7217], [RFC7421], and [RFC7721].

   For an interface whose IPv6 address is set by DHCPv6 [RFC3315] or
   manually, the network administrator is free to choose an Interface
   Identifier that provides the desired security flag that is also
   compatible with [RFC7721].

   An exception case is a link with a 127-bit prefix [RFC6164].  Since
   there is only one bit available as an Interface Identifier, one end
   or the other will inevitably have its security flag set, and the
   other won't.  In this case, the node at one end will simply interpret
   the other end's security flag to mean the opposite of what it says,
   and vice versa.

   Since RFC 6164 is designed for links between routers, in the case
   where different ISPs are at each end of the link, it is normal
   operational practice for one ISP to consider the other ISP to be
   evil.















Carpenter & Hinden            Informational                     [Page 3]
^L
RFC 8136        Additional IPv6 Transition Functionality    1 April 2017


4.  Advanced Solution

   In the event that the previous solution proves too simple to deploy
   in practice, a more advanced solution is also defined.  It uses a new
   IPv6 hop-by-hop User Security Flag Option (UFO).

   The UFO is a hop-by-hop option that can be included in any IPv6
   packet.  Multiple UFOs MUST NOT be present in the packet.  The UFO
   has no alignment requirement.  Its format is as follows:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                                    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                    |  Option Type  | Option Length |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | UserSecFlag   |
    +-+-+-+-+-+-+-+-+

                  User Security Flag Option Layout

     Option Type

        8-bit identifier of the type of option.  The option identifier
        for the User Security Flag Option (0x7g) has not been allocated
        by the IANA.

     Option Length

        8-bit unsigned integer.  The length of the option (excluding the
        Option Type and Option Length fields).  The value MUST be 1.

     UserSecFlag

        8-bit unsigned integer.  Bit 0 has the functionality defined in
        [RFC3514].  The other bits are reserved and MUST be zero or one.

4.1.  Privacy Extension

   The mechanism can be extended to add a privacy flag.  With the
   mechanism of Section 3, the privacy flag could be encoded by using
   quaternary parity (CRC-2) to obtain an extra bit.  However, this
   would waste considerable amounts of address space and SHOULD NOT be
   done.  With the UFO mechanism, bit 1 of UserSecFlag is defined as the
   privacy flag.  If set, it means that the packet contains private
   information and MUST NOT be inspected en route.  All firewalls,
   monitoring devices, and government agencies MUST respect this rule.
   This option is expected to be much more computationally efficient




Carpenter & Hinden            Informational                     [Page 4]
^L
RFC 8136        Additional IPv6 Transition Functionality    1 April 2017


   than conventional privacy techniques like IPsec and Transport Layer
   Security (TLS) as no encryption or key management is required to
   achieve the desired privacy.

5.  Security Considerations

   The security considerations of [RFC3514] now apply to IPv6.  However,
   with the security flag being set for all IPv4 packets, there is a
   risk that all IPv4 traffic will now be treated as a very distributed
   denial-of-service attack.

   Given the recent experience with very large scale DDoS attacks from
   Internet of Things (IoT) devices like IP Cameras, phishing attacks,
   malware, etc., that occur on the IPv4 Internet, it is a safe
   assumption that all IPv4 packets are evil.

   Since the mechanism described in Section 3 is compatible with
   [RFC7721], address privacy is not impacted.  Also, with that
   mechanism, exactly half the IPv6 address space will indicate that the
   security flag is set, so we can assert that the IPv6 Internet is only
   half evil.

6.  IANA Considerations

   This document does not require any IANA actions.

7.  References

7.1.  Normative References

   [RFC1122]  Braden, R., Ed., "Requirements for Internet Hosts -
              Communication Layers", STD 3, RFC 1122,
              DOI 10.17487/RFC1122, October 1989,
              <http://www.rfc-editor.org/info/rfc1122>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
              December 1998, <http://www.rfc-editor.org/info/rfc2460>.








Carpenter & Hinden            Informational                     [Page 5]
^L
RFC 8136        Additional IPv6 Transition Functionality    1 April 2017


   [RFC3315]  Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins,
              C., and M. Carney, "Dynamic Host Configuration Protocol
              for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July
              2003, <http://www.rfc-editor.org/info/rfc3315>.

   [RFC4862]  Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
              Address Autoconfiguration", RFC 4862,
              DOI 10.17487/RFC4862, September 2007,
              <http://www.rfc-editor.org/info/rfc4862>.

   [RFC6164]  Kohno, M., Nitzan, B., Bush, R., Matsuzaki, Y., Colitti,
              L., and T. Narten, "Using 127-Bit IPv6 Prefixes on Inter-
              Router Links", RFC 6164, DOI 10.17487/RFC6164, April 2011,
              <http://www.rfc-editor.org/info/rfc6164>.

   [RFC6555]  Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
              Dual-Stack Hosts", RFC 6555, DOI 10.17487/RFC6555, April
              2012, <http://www.rfc-editor.org/info/rfc6555>.

   [RFC7136]  Carpenter, B. and S. Jiang, "Significance of IPv6
              Interface Identifiers", RFC 7136, DOI 10.17487/RFC7136,
              February 2014, <http://www.rfc-editor.org/info/rfc7136>.

   [RFC7217]  Gont, F., "A Method for Generating Semantically Opaque
              Interface Identifiers with IPv6 Stateless Address
              Autoconfiguration (SLAAC)", RFC 7217,
              DOI 10.17487/RFC7217, April 2014,
              <http://www.rfc-editor.org/info/rfc7217>.

7.2.  Informative References

   [IABv6]    IAB, "IAB Statement on IPv6", November 2016,
              <https://www.iab.org/2016/11/07/iab-statement-on-ipv6/>.

   [RFC3514]  Bellovin, S., "The Security Flag in the IPv4 Header",
              RFC 3514, DOI 10.17487/RFC3514, April 2003,
              <http://www.rfc-editor.org/info/rfc3514>.

   [RFC7421]  Carpenter, B., Ed., Chown, T., Gont, F., Jiang, S.,
              Petrescu, A., and A. Yourtchenko, "Analysis of the 64-bit
              Boundary in IPv6 Addressing", RFC 7421,
              DOI 10.17487/RFC7421, January 2015,
              <http://www.rfc-editor.org/info/rfc7421>.

   [RFC7721]  Cooper, A., Gont, F., and D. Thaler, "Security and Privacy
              Considerations for IPv6 Address Generation Mechanisms",
              RFC 7721, DOI 10.17487/RFC7721, March 2016,
              <http://www.rfc-editor.org/info/rfc7721>.



Carpenter & Hinden            Informational                     [Page 6]
^L
RFC 8136        Additional IPv6 Transition Functionality    1 April 2017


Authors' Addresses

   Brian Carpenter
   Department of Computer Science
   University of Auckland
   PB 92019
   Auckland  1142
   New Zealand

   Email: brian.e.carpenter@gmail.com


   Robert M.  Hinden
   Check Point Software
   959 Skyway Road
   San Carlos  CA 94070
   United States of America

   Email: bob.hinden@gmail.com
































Carpenter & Hinden            Informational                     [Page 7]
^L