Re: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04
"Carles Gomez Montenegro" <carlesgo@entel.upc.edu> Fri, 07 October 2016 13:20 UTC
Return-Path: <carlesgo@entel.upc.edu>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC3341295AA; Fri, 7 Oct 2016 06:20:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JhLDTQDnzDMd; Fri, 7 Oct 2016 06:20:44 -0700 (PDT)
Received: from dash.upc.es (dash.upc.es [147.83.2.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22A65129490; Fri, 7 Oct 2016 06:20:43 -0700 (PDT)
Received: from entelserver.upc.edu (entelserver.upc.es [147.83.39.4]) by dash.upc.es (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u97DKaih022672; Fri, 7 Oct 2016 15:20:36 +0200
Received: from webmail.entel.upc.edu (webmail.entel.upc.edu [147.83.39.6]) by entelserver.upc.edu (Postfix) with ESMTP id 07C4A1D53C1; Fri, 7 Oct 2016 15:20:36 +0200 (CEST)
Received: from 83.38.159.140 by webmail.entel.upc.edu with HTTP; Fri, 7 Oct 2016 15:20:33 +0200
Message-ID: <7a194f275e39593fc6844700c55b2de3.squirrel@webmail.entel.upc.edu>
In-Reply-To: <7309BC23-6B08-47D7-9128-B79A78EA0B7D@stud.ntnu.no>
References: <05f801d2185c$80697b20$813c7160$@gmail.com>, <c6811b2f796d4845a16b3ad41b603c3b@XCH-RCD-001.cisco.com> <7309BC23-6B08-47D7-9128-B79A78EA0B7D@stud.ntnu.no>
Date: Fri, 07 Oct 2016 15:20:33 +0200
From: Carles Gomez Montenegro <carlesgo@entel.upc.edu>
To: Shiva Prasad Thagadur Prakash <shivapt@stud.ntnu.no>
User-Agent: SquirrelMail/1.4.21-1.fc14
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: clamav-milter 0.98.7 at dash
X-Virus-Status: Clean
X-Greylist: Delayed for 47:40:19 by milter-greylist-4.3.9 (dash.upc.es [147.83.2.50]); Fri, 07 Oct 2016 15:20:37 +0200 (CEST)
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/DXEIu4MrgScIH6QtX1R7qepyZuc>
Cc: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>, samita Chakrabarti <samitac.ietf@gmail.com>, lo <6lo@ietf.org>
Subject: Re: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 13:20:48 -0000
Hi, I also support adoption of this work. Cheers, Carles > Hi, > > +1. I think the draft is useful and I would support its adoption. > The draft still needs some work but that should be done as part of the > working group. > > Thanks, > Shiva > > On 29 Sep 2016, at 14:13, Pascal Thubert (pthubert) > <pthubert@cisco.com<mailto:pthubert@cisco.com>> wrote: > > Dear chairs and all : > > As an author I support the adoption of this document. There is ample art > -and recent events- that suggests that: > > > - IOT devices cannot be trusted for their actions towards the > network they live in and the internet at large. They may easily be > compromised and do all sorts of things from impersonating other sensors to > bombing web sites. > > - IOT devices cannot stay awake and defend their addresses > against attackers that may claim their addresses and then use them for > malicious purposes, from black-holing critical sensors to reporting the > wrong data. > > > IOT networks could be expected to protect the devices; but with the > current protocols they cannot easily recognize right from wrong. There is > nothing in 6LoWPAN ND that proves ownership of an address in SAVI terms, > e.g. first come first serve, and an attacker may successfully impersonate > any device if it knows its MAC address and its IP address, one possibly > derived from the other in a reversible fashion. > > There is a clear need for a better control, so that the 6LR/6LBR may > recognize that a device that claims an address is the true owner. With > reliable information they can enforce that a device that uses an address > as source of a packet also owns that address. > > This is what this draft is all about. Basically, we propose to secure the > 6LoWPAN ND registration to prevent theft from a third party. This echoes > the past work at SeND and SAVI, but in a very simple fashion that does not > require heavy artillery in the device as SeND does. Basically the IOT > device uses a crypto ID information (like CGA) instead of the unique ID > (the MAC address) in the ARO option, as extended by rfc6775-update; > ownership of that ID can verified and the ID can be used to validate that > a next registration come from the same device as the previous. A same > crypto ID can be used to register multiple addresses, and the addresses to > not need to derive from the crypto ID (as opposed to SeND). The ID is > stored at the 6LR and 6LBR associated with the address, and they can use > ND extension to revalidate the ID ownership at any time they want. > > Cheers, > > Pascal > > > > From: 6lo [mailto:6lo-bounces@ietf.org] On Behalf Of samita Chakrabarti > Sent: mardi 27 septembre 2016 03:15 > To: 'lo' <6lo@ietf.org<mailto:6lo@ietf.org>> > Cc: 6lo-chairs@ietf.org<mailto:6lo-chairs@ietf.org> > Subject: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04 > > > > Hello 6lo WG: > > We have discussed the following document at the IETF meetings and mailing > list about the use of cryptographic ID to identify one device with a > particular IPv6 address during the Neighbor Discovery Process. The > crypto-ID association is helpful when MAC-ID or EUI-64 ID may not be used. > There has been fair amount of interest in securing the IP-address owner > authentication using this method, in the WG meetings(IETF95). > > The co-authors have addressed several WG comments in the 04 version. > > The adoption call starts now and ends on Oct 10th, 2016. > > Please provide your opinion with yes/no answer and a short explanation > for this adoption call within the deadline. > > Thanks and Regards, > -Gabriel and Samita (6lo co-chairs) > >> >> >> Name: draft-sarikaya-6lo-ap-nd >> Revision: 04 >> Title: Address Protected Neighbor Discovery for Low-power and >> Lossy Networks >> Document date: 2016-08-22 >> Group: Individual Submission >> Pages: 17 >> URL: >> https://www.ietf.org/internet-drafts/draft-sarikaya-6lo-ap-nd-04.txt >> Status: >> https://datatracker.ietf.org/doc/draft-sarikaya-6lo-ap-nd/ >> Htmlized: https://tools.ietf.org/html/draft-sarikaya-6lo-ap-nd-04 >> Diff: >> https://www.ietf.org/rfcdiff?url2=draft-sarikaya-6lo-ap-nd-04 >> >> Abstract: >> This document defines an extension to 6LoWPAN Neighbor Discovery. >> This extension is designed for low-power and lossy network >> environments and it supports multi-hop operation. Nodes supporting >> this extension compute a Cryptographically Unique Interface ID and >> associate it with one or more of their Registered Addresses. The >> Cryptographic ID (Crypto-ID) uniquely identifies the owner of the >> Registered Address. It is used in place of the EUI-64 address that >> is specified in RFC 6775. Once an address is registered with a >> Cryptographic ID, only the owner of that ID can modify the state >> information of the Registered Address in the 6LR and 6LBR. > > _______________________________________________ > 6lo mailing list > 6lo@ietf.org<mailto:6lo@ietf.org> > https://www.ietf.org/mailman/listinfo/6lo > _______________________________________________ > 6lo mailing list > 6lo@ietf.org > https://www.ietf.org/mailman/listinfo/6lo >
- [6lo] WG adoption call for draft-sarikaya-6lo-ap-… samita Chakrabarti
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… sajjad akbar
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… Pascal Thubert (pthubert)
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… Shiva Prasad Thagadur Prakash
- [6lo] WG adoption call for draft-sarikaya-6lo-ap-… gksrivas
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… Carles Gomez Montenegro
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… AbdurRashidSangi
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… Patrick Wetterwald (pwetterw)
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… Xavier Vilajosana
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… Prof. Diego Dujovne
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… samita Chakrabarti