Re: [6lo] Iotdir last call review of draft-ietf-6lo-minimal-fragment-04
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Tue, 26 November 2019 13:58 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8C7D120106; Tue, 26 Nov 2019 05:58:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=lLzMCCVp; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=q+/V3dt3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XeM2iZBehcbr; Tue, 26 Nov 2019 05:58:09 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 475B8120048; Tue, 26 Nov 2019 05:58:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12956; q=dns/txt; s=iport; t=1574776689; x=1575986289; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Tqpr/gaPzIa93zypiMMSdhJFjMgg7De2whBZoxheEYc=; b=lLzMCCVpXyfGaXS/nx2dQGmhF4+jJfc04EU75uEAPrEhXWnq309c5jTS mPZG8tnGdIIuDbhWqFjSB2zypvH2s8z8UU8SrQFBeH3qHIb806h5kuz/n 14J2gkaDbXV3UPqqtvBeH0KufDIdcOloEVEeLE4Rh1LBkzagpIbV0FZ9W M=;
IronPort-PHdr: 9a23:+h2IRhAzvVnIg8B0PTM/UyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qs03kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHwQAld1QmgUhBMCfDkiuNOLqciY3BthqX15+9Hb9Ok9QS47z
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AZAAAnLt1d/5tdJa1kGwEBAQEBAQEFAQEBEQEBAwMBAQGBagYBAQELAYEbL1AFbFggBAsqhCuDRgOEWoYUgl+TIoRigS6BJANUCQEBAQwBAS0CAQGEQAIXgV8kNAkOAgMNAQEEAQEBAgEFBG2FNwyFUgEBAQECARIRChMBATcBBAsCAQgOAwQBASgDAgICMBQJCAIEDgUIGoMBgXlNAw4gAQKnaAKBOIhgdYEygn4BAQWFGw0LghcJgTYBjBUagUA/gRFHgU5+PoIbgjA0gloygiyQF4VKiUiOIG8KgiyMRIktgj+Hao90kAqYUAIEAgQFAg4BAQWBUjmBWHAVO4JsUBEUhkiDc4pTdIEojkcBAQ
X-IronPort-AV: E=Sophos;i="5.69,245,1571702400"; d="scan'208,217";a="371258936"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 26 Nov 2019 13:58:04 +0000
Received: from XCH-RCD-009.cisco.com (xch-rcd-009.cisco.com [173.37.102.19]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id xAQDw2Cp001240 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 26 Nov 2019 13:58:03 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-RCD-009.cisco.com (173.37.102.19) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 26 Nov 2019 07:58:03 -0600
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 26 Nov 2019 07:58:01 -0600
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 26 Nov 2019 07:58:01 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LN/0iM137jwrPgoQAF5l3dpdDFVOsxccyyidLCNyZIEOqQsBd5CivEM/Mcse1w7km3AiYsQgBfdAikYypiVT2Q/+D0oqD4okWJjKJCMak1hKQS6dBiWa6ZejjklfjDkvR9lO8aISC+dwA4dqh+SgYzMRl3Ao6UVacWPBCXjZgYqZ2tO/d9/3QH8inbGUBIarD0dmcUn3UkYmGSqOKHlNiW+uVP3mqq8IDUbTq6PHSLcTQLbDWWbD7cn+xnI1HATld/pgcncHalp11MzwS31hGbFRACLYXSZ0uFQ8XQxhcMpvSz0XTeDsK1Lno9TLgwve4GmA899H57N14eYnXV8mjQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tqpr/gaPzIa93zypiMMSdhJFjMgg7De2whBZoxheEYc=; b=kK3CRU9Kijcl7CFa9xwUpY1r4UH1VV2fUOBmfnlxCkziY8oVG98IvK1/VRVQPzMZupw3D4k9JtE1I1KjrZ7oQEPo+2s2R2HPn7v7AC5ghCYjYCkGvrqnq4V5OCcY39KWbU4pIIcdu5FYFlVqcf2FVUlB0z8IAMVD8k4Lnw22xQJ43vM/RaBvd99Ut1CY5fANP4haluVaordITnZT3MlgF1sTlyGFRIhG4bHmM2AYM48FYQS9rWJf/7SKwRVtcg8hdwigJyQaJ2QDjkwTL2IhIpDDYPnw0tmKBIG7EklltILMhBkEh2qZ+lQMWWuz320QMMA679mu9I8PXnvoHUNOng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tqpr/gaPzIa93zypiMMSdhJFjMgg7De2whBZoxheEYc=; b=q+/V3dt3q9ch6vXLSRQw62JB1XofSNQy0zmdeddLLAijFtrPE9OrSxAxyUEzmxpE1E+ABcmbnWRDTTbAYI2xEi7/9IO/y88fVbbu9NpHetT42Mnszneea/xHvExNM/HO3QOVN+4RzBB+zZ1tWV1JhF+Q29Ruj02Yzh/X8QktPLE=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4271.namprd11.prod.outlook.com (52.135.36.212) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.22; Tue, 26 Nov 2019 13:58:00 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::3037:66f1:dc79:b564]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::3037:66f1:dc79:b564%7]) with mapi id 15.20.2474.023; Tue, 26 Nov 2019 13:58:00 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Ines Robles <mariainesrobles@googlemail.com>
CC: "Iot-dir@ietf.org" <Iot-dir@ietf.org>, "draft-ietf-6lo-minimal-fragment.all@ietf.org" <draft-ietf-6lo-minimal-fragment.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "6lo@ietf.org" <6lo@ietf.org>
Thread-Topic: Iotdir last call review of draft-ietf-6lo-minimal-fragment-04
Thread-Index: AQHVpFUIy8ZfwTmG7UqQ+H4Hk2fjGKedZnQAgAALeYCAAAZvcA==
Date: Tue, 26 Nov 2019 13:57:51 +0000
Deferred-Delivery: Tue, 26 Nov 2019 13:57:10 +0000
Message-ID: <MN2PR11MB356504734927FDAFC85B897ED8450@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <157477128880.13735.1639586563134012090@ietfa.amsl.com> <MN2PR11MB3565B3E1C6C4819300132E0BD8450@MN2PR11MB3565.namprd11.prod.outlook.com> <CAP+sJUcGvY2ZZgZMJc=xzjsoCw1+Ay9d5UANEK5=3ajTroDsCQ@mail.gmail.com>
In-Reply-To: <CAP+sJUcGvY2ZZgZMJc=xzjsoCw1+Ay9d5UANEK5=3ajTroDsCQ@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:44f3:1300:319a:d677:8020:aa76]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c43d9f92-9388-474f-98c4-08d77278a640
x-ms-traffictypediagnostic: MN2PR11MB4271:
x-microsoft-antispam-prvs: <MN2PR11MB42713AEBA2532AA7DE5DFC85D8450@MN2PR11MB4271.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 0233768B38
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(346002)(376002)(136003)(366004)(39860400002)(189003)(199004)(54906003)(446003)(55016002)(54896002)(186003)(236005)(6666004)(256004)(14444005)(6306002)(11346002)(86362001)(6916009)(14454004)(7736002)(6436002)(25786009)(8676002)(81166006)(81156014)(2906002)(9686003)(478600001)(4326008)(7696005)(52536014)(6246003)(8936002)(99286004)(76176011)(316002)(5660300002)(6116002)(66946007)(66556008)(64756008)(66446008)(76116006)(102836004)(71200400001)(71190400001)(66476007)(33656002)(74316002)(229853002)(46003)(790700001)(6506007)(53546011); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4271; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7j9NIcpX6FxWIrAH006tjS/0YSkUuN1XRNQLdSBa7dD9dDjPopV8sv5eYhnhlA8qyzE9tqZafj/7r/MzCknU5Gqost+MRKZ94dhOM07J4AJ2n9slTQLERFVXTkBJILleqA0w8bk+DsBLs14ERjdLO5XZU1UTlsrusn1io1lq/xqchNAIBT3KzCuQPFrnblv4tfrtgn2nEhbROuI79bLpiEfY5alY4LMykOE2/Xr3uZmRtcQKHDGMbdf2WqQgkEtF/g6a6lmyIl/XFEgqBHuh0S7KevaaPP85eK4oFDvcn4OL2vCC1xH9X5OPIRjH7OA7gicGwFe8l8KXWyy0ZAq39GhDj5W5SJ0MmZVKDetxvU4veYC1/wZD8gd5A8eTJH3kn7KeYBs+S4sLG1CBVG/BiwydGAO5ztd1yV+k5Svgu4rwiKF3ZtV5Nmnc2nJjt9yQ
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB356504734927FDAFC85B897ED8450MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c43d9f92-9388-474f-98c4-08d77278a640
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Nov 2019 13:58:00.5498 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cDYPaIAyC1MjCxdZhbUXSMr7ALX2wt6pSH/slMMpe7742qFwSGt0FVEoFggkh5c529YNxafpA5xUzqMvHnKvHA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4271
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.19, xch-rcd-009.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/7etR7wUbClfCZcRWvOuSfbNf2B4>
Subject: Re: [6lo] Iotdir last call review of draft-ietf-6lo-minimal-fragment-04
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2019 13:58:12 -0000
Just published 05, Ines, to address your last point. Please see section 6 on security. There’s also a bunch of new text that was discussed with Dave Thaler but could not be uploaded during draft cutoff. Maybe you’d want to look at that text too? Pascal From: Ines Robles <mariainesrobles@googlemail.com> Sent: mardi 26 novembre 2019 14:28 To: Pascal Thubert (pthubert) <pthubert@cisco.com> Cc: Iot-dir@ietf.org; draft-ietf-6lo-minimal-fragment.all@ietf.org; last-call@ietf.org; 6lo@ietf.org Subject: Re: Iotdir last call review of draft-ietf-6lo-minimal-fragment-04 Thank you very much Pascal for the fast response and explanations. Best, Ines. On Tue, Nov 26, 2019 at 3:12 PM Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>> wrote: Many thanks Ines! > Questions: > > 1- In Section 1 that list the components of the reassembly buffer in node B, > should it contains the datagram_offset as well? Well each fragment has a offset and a length but there's only one datagram size. Fragments are normally received in order but that's only a MUST for the first fragment. So say fragments are received in any order. You'd need to remember all the offsets. Whether the fragments are kept as received with their meta including the offset or just pasted at the right place is implementation dependent. > > 2- In Section 1, where states: "...the actual packet data from the fragments > received so far, in a form that makes it possible to detect...", I think it might be > nice to add an example referring in which form, I mean: "...in a form (e.g. ....) > that makes it possible....", what do you think? If an implementation wishes to check that it gets is all and that's there's no overlap it can remember all the offsets and sizes. Or make a linked list of the fragments as received. Or paste in a space that is big enough and in a way that allows to scan for gaps. But we do not mandate exactly if and how that's done. If we indicate one we seem to favor it and I'm concerned that people would come up with a better idea and complain. This is an internal of the implementation after all. > 3- draft-ietf-intarea-frag-fragile-17, section 3.7 states some security > vulnerabilities for IP fragmentation (The mentioned document as well defines > virtual reassembly). Do you think that some of these vulnerabilities can be > applied to 6LOWPAN fragments? For example, attacks based on predictable > 6LOWPAN fragment identification values. You're certainly right, Ines. Let me visit that and come back with an update. All the best; Pascal
- [6lo] Iotdir last call review of draft-ietf-6lo-m… Ines Robles via Datatracker
- Re: [6lo] Iotdir last call review of draft-ietf-6… Pascal Thubert (pthubert)
- Re: [6lo] Iotdir last call review of draft-ietf-6… Ines Robles
- Re: [6lo] Iotdir last call review of draft-ietf-6… Pascal Thubert (pthubert)
- Re: [6lo] Iotdir last call review of draft-ietf-6… Ines Robles