IETF Logo Mail Archive

Re: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04

AbdurRashidSangi <rashid.sangi@huawei.com> Fri, 28 October 2016 09:34 UTC

Return-Path: <rashid.sangi@huawei.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D4621299DC; Fri, 28 Oct 2016 02:34:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.652
X-Spam-Level:
X-Spam-Status: No, score=-4.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9alpvmLunPCQ; Fri, 28 Oct 2016 02:34:37 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE53A1299E8; Fri, 28 Oct 2016 02:34:36 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml705-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CUB13199; Fri, 28 Oct 2016 09:34:34 +0000 (GMT)
Received: from SZXEMI404-HUB.china.huawei.com (10.82.75.40) by lhreml705-cah.china.huawei.com (10.201.5.168) with Microsoft SMTP Server (TLS) id 14.3.235.1; Fri, 28 Oct 2016 10:34:32 +0100
Received: from SZXEMI505-MBS.china.huawei.com ([169.254.4.169]) by SZXEMI404-HUB.china.huawei.com ([10.82.75.40]) with mapi id 14.03.0235.001; Fri, 28 Oct 2016 17:34:26 +0800
From: AbdurRashidSangi <rashid.sangi@huawei.com>
To: 'lo' <6lo@ietf.org>
Thread-Topic: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04
Thread-Index: AdIYWoMhUsaXqbcHSTyhqFpPI3ba9wB7VnlwAAe9b4sBfO0LgAQbMOLw
Date: Fri, 28 Oct 2016 09:34:25 +0000
Message-ID: <C3DD54213F5261438F5CE46038658EE320834E5D@SZXEMI505-MBS.china.huawei.com>
References: <05f801d2185c$80697b20$813c7160$@gmail.com>, <c6811b2f796d4845a16b3ad41b603c3b@XCH-RCD-001.cisco.com> <7309BC23-6B08-47D7-9128-B79A78EA0B7D@stud.ntnu.no> <7a194f275e39593fc6844700c55b2de3.squirrel@webmail.entel.upc.edu>
In-Reply-To: <7a194f275e39593fc6844700c55b2de3.squirrel@webmail.entel.upc.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.151.40]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020203.58131BAA.011F, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.169, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 8711ff9c9472797da039d7e5d069050f
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/7i7WcZKGhiU-BF3LQYZ3B6YPHUY>
Cc: "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>
Subject: Re: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2016 09:34:40 -0000

Hello Chairs,

Late but not least, please count my support for adoption of this draft.

An important mechanism "address ownership in secure manner" is devised in this draft, which enables single Cypto-ID/UID to be used to protect multiple addresses. 

Thanks,
Rashid Sangi,
Huawei, Beijing



> -----Original Message-----
> From: 6lo [mailto:6lo-bounces@ietf.org] On Behalf Of Carles Gomez
> Montenegro
> Sent: 2016年10月7日 21:21
> To: Shiva Prasad Thagadur Prakash
> Cc: Pascal Thubert (pthubert); 6lo-chairs@ietf.org; samita Chakrabarti;
> lo
> Subject: Re: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04
> 
> Hi,
> 
> I also support adoption of this work.
> 
> Cheers,
> 
> Carles
> 
> 
> > Hi,
> >
> > +1. I think the draft is useful and I would support its adoption.
> > The draft still needs some work but that should be done as part of
> the
> > working group.
> >
> > Thanks,
> > Shiva
> >
> > On 29 Sep 2016, at 14:13, Pascal Thubert (pthubert)
> > <pthubert@cisco.com<mailto:pthubert@cisco.com>> wrote:
> >
> > Dear chairs and all :
> >
> > As an author I support the adoption of this document. There is ample
> > art -and recent events- that suggests that:
> >
> >
> > -          IOT devices cannot be trusted for their actions towards
> the
> > network they live in and the internet at large. They may easily be
> > compromised and do all sorts of things from impersonating other
> > sensors to bombing web sites.
> >
> > -          IOT devices cannot stay awake and defend their addresses
> > against attackers that may claim their addresses and then use them
> for
> > malicious purposes, from black-holing critical sensors to reporting
> > the wrong data.
> >
> >
> > IOT networks could be expected to protect the devices; but with the
> > current protocols they cannot easily recognize right from wrong.
> There
> > is nothing in 6LoWPAN ND that proves ownership of an address in SAVI
> > terms, e.g. first come first serve, and an attacker may successfully
> > impersonate any device if it knows its MAC address and its IP address,
> > one possibly derived from the other in a reversible fashion.
> >
> > There is a clear need for a better control, so that the 6LR/6LBR may
> > recognize that a device that claims an address is the true owner.
> With
> > reliable information they can enforce that a device that uses an
> > address as source of a packet also owns that address.
> >
> > This is what this draft is all about. Basically, we propose to secure
> > the 6LoWPAN ND registration to prevent theft from a third party. This
> > echoes the past work at SeND and SAVI, but in a very simple fashion
> > that does not require heavy artillery in the device as SeND does.
> > Basically the IOT device uses a crypto ID information (like CGA)
> > instead of the unique ID (the MAC address) in the ARO option, as
> > extended by rfc6775-update; ownership of that ID can verified and the
> > ID can be used to validate that a next registration come from the
> same
> > device as the previous. A same crypto ID can be used to register
> > multiple addresses, and the addresses to not need to derive from the
> > crypto ID (as opposed to SeND). The ID is stored at the 6LR and 6LBR
> > associated with the address, and they can use ND extension to
> revalidate the ID ownership at any time they want.
> >
> > Cheers,
> >
> > Pascal
> >
> >
> >
> > From: 6lo [mailto:6lo-bounces@ietf.org] On Behalf Of samita
> > Chakrabarti
> > Sent: mardi 27 septembre 2016 03:15
> > To: 'lo' <6lo@ietf.org<mailto:6lo@ietf.org>>
> > Cc: 6lo-chairs@ietf.org<mailto:6lo-chairs@ietf.org>
> > Subject: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04
> >
> >
> >
> > Hello 6lo WG:
> >
> > We have discussed the following document at the IETF meetings and
> > mailing list about the use of cryptographic ID to identify one device
> > with a particular IPv6 address during the Neighbor Discovery Process.
> > The crypto-ID association is helpful when MAC-ID or EUI-64 ID may not
> be used.
> > There has been fair amount of interest in securing the IP-address
> > owner authentication using this method, in the WG meetings(IETF95).
> >
> > The co-authors have addressed several WG comments in the 04 version.
> >
> > The adoption call  starts now and ends on Oct 10th, 2016.
> >
> > Please provide your opinion with  yes/no  answer and a short
> > explanation for this adoption call within the deadline.
> >
> > Thanks and Regards,
> > -Gabriel and Samita (6lo co-chairs)
> >
> >>
> >>
> >> Name:           draft-sarikaya-6lo-ap-nd
> >> Revision:       04
> >> Title:          Address Protected Neighbor Discovery for Low-power
> and
> >> Lossy Networks
> >> Document date:  2016-08-22
> >> Group:          Individual Submission
> >> Pages:          17
> >> URL:
> >> https://www.ietf.org/internet-drafts/draft-sarikaya-6lo-ap-nd-04.txt
> >> Status:
> >> https://datatracker.ietf.org/doc/draft-sarikaya-6lo-ap-nd/
> >> Htmlized:       https://tools.ietf.org/html/draft-sarikaya-6lo-ap-
> nd-04
> >> Diff:
> >> https://www.ietf.org/rfcdiff?url2=draft-sarikaya-6lo-ap-nd-04
> >>
> >> Abstract:
> >>    This document defines an extension to 6LoWPAN Neighbor Discovery.
> >>    This extension is designed for low-power and lossy network
> >>    environments and it supports multi-hop operation.  Nodes
> supporting
> >>    this extension compute a Cryptographically Unique Interface ID
> and
> >>    associate it with one or more of their Registered Addresses.  The
> >>    Cryptographic ID (Crypto-ID) uniquely identifies the owner of the
> >>    Registered Address.  It is used in place of the EUI-64 address
> that
> >>    is specified in RFC 6775.  Once an address is registered with a
> >>    Cryptographic ID, only the owner of that ID can modify the state
> >>    information of the Registered Address in the 6LR and 6LBR.
> >
> > _______________________________________________
> > 6lo mailing list
> > 6lo@ietf.org<mailto:6lo@ietf.org>
> > https://www.ietf.org/mailman/listinfo/6lo
> > _______________________________________________
> > 6lo mailing list
> > 6lo@ietf.org
> > https://www.ietf.org/mailman/listinfo/6lo
> >
> 
> 
> _______________________________________________
> 6lo mailing list
> 6lo@ietf.org
> https://www.ietf.org/mailman/listinfo/6lo

v2.23.0 | Report a Bug | By Email