Re: [6lo] INT-DIR review of draft-ietf-6lo-6lobac-05

Tim Chown <Tim.Chown@jisc.ac.uk> Fri, 28 October 2016 13:15 UTC

From: Tim Chown <Tim.Chown@jisc.ac.uk>
To: Kerry Lynn <kerlyn@ieee.org>
Thread-Topic: INT-DIR review of draft-ietf-6lo-6lobac-05
Thread-Index: AQHR+WDf3DFEsFHNAkyGB6gLOPgWXaB4KD6AgEYfhgA=
Date: Fri, 28 Oct 2016 13:14:51 +0000
Message-ID: <35286AA5-139D-47F0-8DE0-012C014C3343@jisc.ac.uk>
References: <A14FE569-2CFB-4D7A-9ED1-D0710C3F2521@jisc.ac.uk> <CABOxzu1JNvjviyaAprXU5Ns5_bK5LZFJXUH3HKf+cZs2PtSTUw@mail.gmail.com>
In-Reply-To: <CABOxzu1JNvjviyaAprXU5Ns5_bK5LZFJXUH3HKf+cZs2PtSTUw@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [152.78.0.24]
x-ms-office365-filtering-correlation-id: cae71555-cb18-4986-2d91-08d3ff3466fd
x-microsoft-exchange-diagnostics: 1; AM3PR07MB1139; 7:QvqX8djt90Nlr0q61LIYINP+om+XkJSllcD+GKHma6P9T2RJydhQ8kpl+NYYEMq6IwMOTQ7G5iNfZFsgYJuWeVuvRrKbTLpTsM50DdMJ9ZRK3HeyDM6Bbp0R+hHqEdV+U0oUheRp5pV/VbZCduDOw+RmVAaWD1wUvZUGjwKdxIkbFAw6RiDg9XkIBy3uVKhvcddGoEniYM4Xcb1Z8LlXa05jcHLeLUV//pcb0RoFk+zSliN5VxMaH4xncXoog+9jDQUbB5Ci6+xbqkbFbqFRMmh27lv5eQ2Sl65FiemSu4DqBb1HEhSsNtddyQoizs4HP3csfl1DzZOfoRSPxyTobOA0hb+dL7N82yzYVVH2fdU=; 20:2/0O7cmmXlvvsVYHoWjsTBmtgMU/yB/eaqrKHxVC9lHxQhNfE5jqld8HHC1vXaWMbkUd4A3O17bc+OzHe7zQAT1TcPl+LjjQNxrQgTrpoLzEnKHUTjKAc6TTSKaIjugVy4X9odGcMWDL6DZgx90E5zUX/yLFS0vwt0UErw0FKQc=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM3PR07MB1139;
x-microsoft-antispam-prvs: <AM3PR07MB11399E149D0C62298E18FFDCD6AD0@AM3PR07MB1139.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(274715658323672)(192374486261705)(131327999870524);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001); SRVR:AM3PR07MB1139; BCL:0; PCL:0; RULEID:; SRVR:AM3PR07MB1139;
x-forefront-prvs: 0109D382B0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916002)(377454003)(24454002)(189002)(199003)(52314003)(8676002)(5250100002)(106356001)(50226002)(19273905006)(19300405004)(97736004)(106116001)(3280700002)(16236675004)(8936002)(3660700001)(5660300001)(15975445007)(92566002)(83716003)(230783001)(2900100001)(42882006)(110136003)(86362001)(82746002)(19580405001)(81166006)(105586002)(7846002)(36756003)(5002640100001)(7736002)(19617315012)(7906003)(6916009)(2950100002)(101416001)(87936001)(76176999)(50986999)(11100500001)(81156014)(4326007)(3846002)(102836003)(57306001)(6116002)(586003)(2906002)(66066001)(68736007)(74482002)(19580395003)(189998001)(33656002)(104396002)(562404015)(563064011); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR07MB1139; H:AM3PR07MB1140.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: jisc.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2016 13:14:51.9021 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR07MB1139
X-MC-Unique: dfrBkuzVOJaXjW4mYdfdGQ-1
Content-Type: multipart/alternative; boundary="_000_35286AA5139D47F08DE0012C014C3343jiscacuk_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/BGXyih_BnvCh0Gr0v2CzxQepDTU>
Cc: "6lo@ietf.org" <6lo@ietf.org>, "int-ads@ietf.org" <int-ads@ietf.org>, "draft-ietf-6lo-6lobac@ietf.org" <draft-ietf-6lo-6lobac@ietf.org>, "int-dir@ietf.org" <int-dir@ietf.org>
Subject: Re: [6lo] INT-DIR review of draft-ietf-6lo-6lobac-05
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2016 13:15:12 -0000

Hi Kerry,

On 13 Sep 2016, at 23:23, Kerry Lynn <kerlyn@ieee.org<mailto:kerlyn@ieee.org>> wrote:

Hi Tim,

Thanks very much for the review; sorry for the delayed response.
Comments inline…

And for the delayed response to the response, but I don’t see the 6lobac draft having been updated as yet…

On Thu, Aug 18, 2016 at 10:57 AM, Tim Chown <Tim.Chown@jisc.ac.uk<mailto:Tim.Chown@jisc.ac.uk>> wrote:
Hi,

I am an assigned INT directorate reviewer for this draft. These comments were written primarily for the benefit of the Internet Area Directors. Document editors and shepherds should treat these comments just like they would treat comments from any other IETF contributors and resolve them along with any other Last Call comments that have been received. For more details of the INT directorate, see <http://www.ietf.org/iesg/directorate.html>.

Summary

This document defines the mechanisms for delivering IPv6 over Master-Slave/Token Passing (MS/TP), which is a MAC protocol commonly used in building automation networks. It includes the frame format for transmitting IPv6 packets, as well as the method for forming link-local and statelessly auto-configured IPv6 addresses.

I was not familiar with the work prior to reading it, but found the text to be well-written and easy to read, with it following a similar structure to other IETF IPv6-over-foo documents.

Some specific points of note regards MS/TP are that it has 8-bit MAC addresses, it has no multicast (so multicast packets are sent to the 8-bit broadcast destination address (255), it can support MTUs of 1280-1500 (and above), and, as a wired protocol, it runs at around 115Kbit/s up to 1000m.

Comments:

The introduction says that the “general approach is to adapt elements of the 6LoWPAN specifications, RFC4944, RFC6282 and RFC6775”. This is understandable given the constrained nature of nodes in building automation scenarios. There are however places in the document where it’s not clear where specifically these specifications are being drawn upon and are to be used. Some more explicit pointers might be helpful. An example of this lies in Section 8, which says unicast address mapping follows Section 7.2 of RFC4861, but one might expect RFC6775 (on ND optimisation) to be used, e.g. wrt solicited node multicast.

This seems like a two-parter. Are you saying there are sections of the I-D that are
adapted from the 6LoWPAN RFCs but aren't referenced? If so, what sections need
fixing?

It’s a general comment. You say broadly that the "general approach is to adapt elements of the 6LoWPAN specifications, RFC4944, RFC6282 and RFC6775”, but then it’s unclear throughout which elements are adapted.

Or are you saying you feel that some parts of the RFCs SHOULD be incorporated
into this I-D, but aren't? If so, what text needs to changed?

The problem is that I don’t know what’s missing, from the adaptation. If you’re saying that the 6lobac draft is a complete, standalone spec, and there’s nothing implied from those RFCs, then that’s fine, in which case I’d suggest deleting the last sentence of the first paragraph, as it’s not needed and may make others like me think “so what’s implied from those that I need to know?”.

Re: RFC 6775, it appears to be mainly targeted at networks that don't have a multicast
capability, which doesn't apply to 6LoBAC. The draft does call out use of ARO in section 6.

OK, well there’s an example wrt RFC6775.

Section 2 has some “musts” that might be MUSTs, given RFC2119 language is defined in Section 1.1.

OK.
In Section 3 it says that all multicast packets SHOULD be broadcast at the MAC layer. Why is this a SHOULD, and not a MUST? One would assume unicasting multicast messages would be expensive in this type of constrained network and given the token passing mechanism where the token is passed after sending so many packets.

This was also called out by Brian Haberman. This used to be a MUST, but was changed
to a SHOULD after comments from two WG reviewers. For the record, I agree with you
but I think we need to revisit the topic in the WG to make sure there's a rough consensus.

OK, it would be interesting to know the rationale for a SHOULD here; it implies they have at least one exception in mind.

The introduction says header compression support as per RFC6282 is REQUIRED, but Section 5 does not explicitly say that the compression mechanism described there MUST be implemented. I’d suggest rewriting the first sentence of Section 5 to say something like “Due to the relatively low data rates of MS/TP, the header compression mechanism described in this section MUST be implemented on all nodes.”

It used to be that both compressed and uncompressed headers were supported. I
understand you're asking for an additional MUST and I'll figure out a way to word it.
Section 5 defines the adaptation header. Is it clear that this MUST be implemented
by all 6LoBAC nodes? The only header type defined is for LOWPAN_IPHC (which
is described in section 10). Can one not draw the inference that IPHC is required on
all nodes?

You say in the first sentence of Section 5 “indicate”, where perhaps “require” is a better word?

Perhaps before Section 6, or at the start of it, there should be text stating which addresses are formed, and which multicast groups are joined. Further, perhaps we can draw on draft-ietf-6man-default-iids-13, which is now very close to publication, and refer to the recommendations in Section 3 there, e.g. that RFC7217 SHOULD be used, and that you SHOULD NOT embed a stable link-layer address in the IID.

I do not want to be over-proscriptive. This I-D attempts to draw attention to cases
where privacy addresses should be used. draft-ietf-6man-default-iids has thus far
NOT been applied to 6lo specifications, and I don't want to set the precedent. In
particular, that I-D currently reads:

In some network technologies and adaptation layers, the use of an IID
based on a link-layer address may offer some advantages. For
example, the IP-over-IEEE802.15.4 standard in [RFC6775<https://tools.ietf.org/html/rfc6775>] allows for
compression of IPv6 addresses when the IID is based on the underlying
link-layer address.

Given the push elsewhere to get link layer identifiers out of L3 addresses, this may be contentious. You do make the distinction between LL and non-LL though. Anyway, I guess this will be picked up by the security area review, so will be resolved through that, one way or the other.

It seems the text is saying that RFC7217 is not to be used for link-local IIDs; rather the text suggests using a SLAAC-style address (with the last 8 bits being the MAC address) to allow for efficient header compression. Perhaps some explicit text here would help (i.e. SHOULD use RFC7217 for global scope addresses, but RECOMMENDED that you use the SLAAC-a-like mechanism for link-local addresses for header compression efficiency).

Section 6 seems to be clear that it's recommending (but not mandating) link-local
addresses based on MAC ID. By the same token, it recommends privacy IIDs for
globally scoped addresses. (Brian H. asked for s/forwardable/globally scoped)

OK, and this is in your Security Considerations. But this text implies 7217 is a privacy address, but I then think of only 4941, where 7217 is a replacement for MAC-based SLAAC. Perhaps the issue here is the word “privacy”… maybe an “obfuscated IID” is a better phrase?

I agree “forwardable” is not the best word here; global scope is better (so ULA and regular globals).

The text RECOMMENDING use of a privacy IID does not mention RFC4941, presumably because RFC4941 targets IIDs with embedded IEEE MAC addresses, but the principle for generating the privacy address is the same. As it stands, the text does not define how a 64-bit privacy address is generated (I think we assume it’s as per RFC4941, but be specific?).

Section 6 says:

A 64-bit privacy IID is RECOMMENDED for each globally scoped address
and SHOULD be locally generated according to one of the methods cited

in Section 12.

Section 12 calls out RFCs 3315, 3972, 4941, 5535, and 7217.

Same comment on the word “privacy”.

One assumes RFC6724-based address selection is followed, in which case privacy addresses would be preferred over public addresses, and thus for all communications initiated by the device, it would be using non-compression friendly addresses. Is this a concern? Or might you explicitly say here only use privacy addresses for global scope prefixes, again for efficiency.

I think this has been answered.

Yes, thanks.

Section 8 should clarify which elements of RFC6775 are used. As it’s written, I assume none, but that’s at odds with the introduction text.

I think this has been answered.

Yes and no. If other reviewers aren’t raising it, I veer towards yes :)

Section 12 (like Section 6, now I notice it) refers to “forwardable addresses”. Do you mean global scope addresses (which would include ULAs, if used)? If so, I’d suggest using that terminology.

As I said, Brian has already requested s/forwardable/globally scoped.
When I wrote this, I was trying to use the RFC 6890 terminology, in
which "forwardable" includes ULAs.

OK.

Scanning attacks where embedded 8-bit MAC addresses are used for the last 8-bits would be quite trivial. I think the text here that basically says “you SHOULD use RFC7217" (for local scope addresses) should be emphasised in Section 6; it doesn’t need to be here, or if it is mentioned, refer to Section 6. I’m not sure of the relevance of DHCPv6 here(?), while CGAs and hash-based addresses are not (I believe) in common use.

Scanning attacks are mitigated by the use of privacy IIDs for globally scoped
addresses RECOMMENDED in section 6. The rationale is given in the first
sentence of section 12. I don't see anything magic about RFC 7217; any
method that can give a good approximation of a random 64-bit number is
sufficient. My preference for 6lo networks would be to offload this to a service
(e.g. DHCPv6) that could hand out random IIDs.

RFC7217’s “magic” is you get the same “privacy” IID each time you visit the same prefix.

I guess you may not want 6lo devices having to do HBA (RFC5535) or RFC7217 computation?

Are such wired networks not liable to casual snopping? What happens if I unplug a device and plug my own in, using a master node MAC? Presumably the MS/TP protocol defines mechanisms for protection against such attacks, that you could cite?

I've heard many voice concerns about being tracked through airports or in
coffee shops by proximate attackers snooping on wireless links. I think it is a
step beyond "casual" to get up into the ceiling tiles and install a promiscuous
listener on a wired link. The mitigation for this is out of scope for an IP-over-
foo specification, right?

Fair enough.

You might add in Section 12 that ULAs may be appropriate for building management systems where the communications are all intra-site. If external communications are needed, an additional ISP-based prefix could be used. Though I appreciate ULAs can be a contentious subject, so if you want to publish quickly you might choose to not say anything on the subject (but it will come up… :)

I guess I don't feel that an IP-over-foo spec should be a compleat treatise on
how to correctly deploy IPv6, but others may disagree ;-)

OK :)

Tim

Regards, Kerry

Tim

Re: [6lo] INT-DIR review of draft-ietf-6lo-6lobac… Kerry Lynn
Re: [6lo] INT-DIR review of draft-ietf-6lo-6lobac… Tim Chown