Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Fri, 31 January 2020 19:13 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20162120BD4; Fri, 31 Jan 2020 11:13:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=NWkbP4+m; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=gna4JwPV
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8uVlAs1nWRmv; Fri, 31 Jan 2020 11:13:55 -0800 (PST)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7703B1200F6; Fri, 31 Jan 2020 11:13:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9530; q=dns/txt; s=iport; t=1580498035; x=1581707635; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=pg+igjlmU92yDNhHvdc2wwgBKJCZG9hTSKoChc/73Nk=; b=NWkbP4+mtkvPKNRFTQsOwZ/lAP4WGwGdaBJlZTZkIIRhillsBV/xMXGE t7USHEYMxJl6G0lqaRwXUxkJBE4w/VzVE4h/uVP1c2Y7bgklOfEPNGrdM POQGBE4N54brZmiQOM1MUxENYAo3TYA/NChZVaujxrUtNhGg3CA5zfAwO 0=;
IronPort-PHdr: 9a23:B5J8NRDt84nMaMcQOBaTUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qs13kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHwQAld1QmgUhBMCfDkiuIeD7aSc5EexJVURu+DewNk0GUMs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CDAAAcfDRe/4UNJK1lGQEBAQEBAQEBAQEBAQEBAQEBEQEBAQEBAQEBAQEBgXuBVFAFbFggBAsqhBSDRgOKdII6JZgPglIDVAkBAQEMAQEjCgIBAYRAAheCGiQ4EwIDDQEBBAEBAQIBBQRthTcMhWYBAQEBAxIREQwBATcBCwQCAQYCEQQBAQECAiYCAgIwFQUDCAIEAQ0FIoMEAYJKAy4BDpIukGYCgTmIYnWBMoJ/AQEFgTMCg1UYggwDBoEOKoUehT+BQxqBQT+BEScMFIJMPoJkAgIagUcXgnkygiyNYYI6O54ecAqCO5Y/G4JIiA2ESIcjhEWDSYsXmxgCBAIEBQIOAQEFgWkigVhwFWUBgkFQGA2OHQkaFYM7hRSFP3SBKYpfLYIUAQE
X-IronPort-AV: E=Sophos;i="5.70,386,1574121600"; d="scan'208";a="419580033"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 31 Jan 2020 19:13:54 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 00VJDsBF021122 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 31 Jan 2020 19:13:54 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 31 Jan 2020 13:13:53 -0600
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 31 Jan 2020 13:13:53 -0600
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 31 Jan 2020 13:13:53 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eNpaybjzvKmRQFQs/VivsSbgtYbgwEeK9BmeuzpJ/DG4w0azF1g249XswaH6LaecRj3Ic8fByTkgJ4RtU81uv0ThyiL25f0uYME/DLx4D5K7dqiu56JGVSDv9T0ycHuCN9BsK/6TEUMCJp0S/H/XPTiV5YTJ8lD31y4jUbCU36eoUJnq63jZdEBhXZnnjbEZVqIadPU/Ldn6JGb/F3fpP5DQI8+CIKHexL+I5Mf6OsNr3XVvndaoWwS3DcfmDtZ53W/r6RR2Mip5k7G9NSDMoPrdryFSCGIT7DlguMhXQgxjFr0HpZf22uYQW8nrl0akp0BrVTDMqnR6NPH9xHPCXA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pg+igjlmU92yDNhHvdc2wwgBKJCZG9hTSKoChc/73Nk=; b=TvVH7/fjSzEnzBDhl47prwRbzH+dDnDV1d2mYiAYEccLJiPUawWdoTeMgxOdQHpXsJlgEhSylK6lwICNoOrX8ZM0q6BUSDRcTBbPJtJ8ic+6t/J398VwoB0qXbHoXbPMxK+VjU3Ci3BBWlTtZTmi/A0llz1aGx9uKA05iPwToh8HIs1utvq/vcKKAo4QVGhGvo6xe59Y6nM9qmlztudRqxL3PrWa6Lu3mynt5IGTZqxLpuLj4SJZTHh5k1aam20FFm2DwClmZrmuwt6huBhCkZWmxVHhV1ssaeDXfNLVnEMj0IGEyDQvKgkvsEoRnVUPgcYHFKI5O/77IPGugFw/2Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pg+igjlmU92yDNhHvdc2wwgBKJCZG9hTSKoChc/73Nk=; b=gna4JwPVgDv9/oiiUzqLow+9GzqWyMCrtok3CIOjjVlvtIVcMCARywEQUOWlFa9qr3HxUlvZ0gFpb0XRx9Q0esFwi77119dXNc/Hg1uQM3Y2F9w/36udTBLLcqedZzJSnBdgc/GweyMF9Xkyqxgq671/7ORuDfauXwMzmYvPESk=
Received: from DM5PR11MB1753.namprd11.prod.outlook.com (10.175.88.141) by DM5PR11MB2043.namprd11.prod.outlook.com (10.168.105.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.20; Fri, 31 Jan 2020 19:13:52 +0000
Received: from DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::bcaa:91e6:c27b:b8ff]) by DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::bcaa:91e6:c27b:b8ff%11]) with mapi id 15.20.2665.027; Fri, 31 Jan 2020 19:13:52 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-6lo-ap-nd@ietf.org" <draft-ietf-6lo-ap-nd@ietf.org>, "Shwetha Bhandari (shwethab)" <shwethab@cisco.com>, "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>, "6lo@ietf.org" <6lo@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
Thread-Index: AQHV1rol7hp9w1bEa06QELjbj0JyDqgB2d0AgAK5cICAAF7XAA==
Date: Fri, 31 Jan 2020 19:13:51 +0000
Message-ID: <3CB5DBCB-8BC5-41BE-8850-64C2AC8FA2E5@cisco.com>
References: <158030752268.2728.2544838912831012540.idtracker@ietfa.amsl.com> <MN2PR11MB35655FBDC33DE5AB90253643D8050@MN2PR11MB3565.namprd11.prod.outlook.com> <AED6BD10-1EDE-4BF3-A63F-0B81A516E246@cisco.com> <MN2PR11MB356504F13C767D71E5E2F3DED8070@MN2PR11MB3565.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB356504F13C767D71E5E2F3DED8070@MN2PR11MB3565.namprd11.prod.outlook.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.21.0.200113
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [2001:420:c0c1:36:69ec:3c1b:61a1:52be]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1a810735-ab02-42fb-14ee-08d7a681b57f
x-ms-traffictypediagnostic: DM5PR11MB2043:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM5PR11MB2043B4B8EE1C638B619C4448A9070@DM5PR11MB2043.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 029976C540
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(39860400002)(136003)(346002)(396003)(199004)(189003)(33656002)(224303003)(71200400001)(478600001)(966005)(8936002)(81166006)(316002)(110136005)(54906003)(81156014)(91956017)(5660300002)(76116006)(66946007)(66476007)(66556008)(64756008)(66446008)(86362001)(2906002)(36756003)(4326008)(450100002)(2616005)(186003)(6512007)(6486002)(53546011)(6506007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR11MB2043; H:DM5PR11MB1753.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UnZEoNuiqQemD3y1EFKq/imaUK3HjDEs/21YjuxqyT2I15sFatwzglw1n8nk9eejlyZVjvMe9JxP23C9cJARGsYFfdUHLacPVxACo9nGeY3JxpHnkBzuY8GQxazegWntWXstvBbFgLEvY0TPXbPsgnerSJxanwqQ7zW3EXGrRM1NMM/oTFa6I5Qi9bMXLVoExaSu92+kFqAaoqtNUKqXynURy/ovmR2EFilmZY8CowSpfUmmrmvk01NPfvODWkoDQlt1Aaagy+lnyXOrDdS8QMcP56i1APlq/OTfiVsmHs5dKujqq210xPrcDDSfpkrfkUuSlnMfxAS1E2Ns575ZF6MtXVk8JFYUU6A+7pIgB7jLtpE0RVeupTBUREiug3itI+27l7njibK0gZcMI9r/yffmBIEAzaRqdbFbsjyASW5A/ALZvuLSZdel7V42KVcsQT4kJH8wIhDq/J3bwaT7RyFvoTchDVjYxTPz0VRWhRdHdetsRPBDSd8cKpNHMNbB+Zf/6LKprBYJZpRBNjEK0g==
x-ms-exchange-antispam-messagedata: oR3zJeYvvXdPX2K6ybjhlItYejluIh3Z2+FMQKagPm4IjLx/nET/bTg2HuX4t3mrBF+1cpIsBvorm/Efr1av4qSY9TKm7BJhXSNAz2GCfmJS9f58+KpuVfVVOOGMv8jJi8vBkFEl3JMYl+JKi9Ae/vze7XP22Bnb1y0qL6q0C+ZaOmSd6AO7AX86EqfvdvS5YY5TheWbrDAFacgUDPVTCA==
Content-Type: text/plain; charset="utf-8"
Content-ID: <0DC5C864E965B04E97BAD62864726B73@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 1a810735-ab02-42fb-14ee-08d7a681b57f
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jan 2020 19:13:51.7783 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: R8NnrH9hOzwNUHmJ1A8Z69nCWs3aiq576PUKQR55wvQW6zzDF8VqeEZuNl0cEIoBRiNYt2Cibxn1FgScEfgEnw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB2043
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/QSdsGDEYcbyMobdNTqxVdlbO5YU>
Subject: Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2020 19:14:01 -0000
Thank you very much Pascal and the other authors. As soon as I am back-online, I am clearing my DISCUSS. -éric On 31/01/2020, 11:22, "Pascal Thubert (pthubert)" <pthubert@cisco.com> wrote: Hello Eric: Again many thanks for your review : ) I just published 14, and added text on the Nonce to remove the impossible must. We talked between authors and the indication is same as RFC 3971 that this should be a random. The quality of the random is linked with the security level that can be obtained from it. Coupling randoms from both parties largely increases the protection, but in an IOT network that reboots, there is still a risk of a replay. All in all we give the general direction of the random, but allow an ever increasing value as well, which is simpler to obtain for a node and yields the same Nonce benefits. A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-6lo-ap-nd-14 Please let us know if the text now conforms your expectations? Many thanks again Pascal > -----Original Message----- > From: Eric Vyncke (evyncke) <evyncke@cisco.com> > Sent: mercredi 29 janvier 2020 16:47 > To: Pascal Thubert (pthubert) <pthubert@cisco.com>; The IESG > <iesg@ietf.org> > Cc: draft-ietf-6lo-ap-nd@ietf.org; Shwetha Bhandari (shwethab) > <shwethab@cisco.com>; 6lo-chairs@ietf.org; 6lo@ietf.org; secdir@ietf.org > Subject: Re: Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS > and COMMENT) > > Pascal > > Thank you for your prompt reply. I will clear my DISCUSS in a moment as you > will change the text. > > Agreed on all the points except for the 'nonce'. I know the concept of course > but the sentence "was never used with this device" is still too strong IMHO. To > comply, it would require to keep the history for ever... I would prefer a less > stringent wording. > > -éric > > On 29/01/2020, 16:38, "Pascal Thubert (pthubert)" <pthubert@cisco.com> > wrote: > > Hello Eric : ) > > Many thanks for your review! I cc'ed SEC-DIR because we could really use > their recommendation to solve some of your questions, more below. > > Please see below: > > > == DISCUSS == > > > > -- Section 4.4 -- > > The length of the reserved field is not specified. Or am I missing > something > > obvious ? > > I concatenated the reserved fields in the picture and declared it as 40 bits. > Also added the number of bits in the reserved fields of other structures. > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > == COMMENTS == > > > > -- Section 4.2 -- > > While status is set to 0 when sending a NS, what is the expected behavior > of a > > receiver ? > > Changed to > " > In NS messages it MUST be set to 0 by the sender and ignored by the > receiver. > " > > > -- Section 4.3 and 4.4 -- > > Why is the Pad Length field a 8-bit field while the actual padding will > always be > > less than 8 bytes. Suggest to make it a 3 or 4 bits field and extend the > reserved > > field. > > Actually I thought that if we want to extend the option in the future, it is > better to indicate the length of the public key as follows: > > | Type | Length | Reserved| Public Key Length | > > Where: > > Public Key Length: 13-bit unsigned integer. The length of the Public Key field > in bytes. > Public Key: A variable-length field, size indicated in the Public Key Length > field. > JWK-Encoded Public Key [RFC7517] > >Padding: A variable-length field completing the Public Key field to align to > the next 8-bytes boundary. > > > Works? > > > > > > > -- Section 6.1 -- > > About "Nonce option MUST contain a random Nonce value that was never > used > > with this device", how can it be done? Keeping a local history? Giving > some > > operational hints would bee welcome. Especially, when there are multiple > 6LR in > > the LLN: how can they synchronize the nonce? > > The nonce is used once, so there's no synchronization. A new pair is formed > and exchanged at each validation. > > The nonce game used here appear to be common practice. Yes, there's > usually a need of local history, and the fact that we get a nonce from both > side, apart from guaranteeing that the result is effectively unique to both > parties, also makes the chances for history to repeat very low. > > CC'ing SEC-DIR: Please help: if there is a reference for that practice, what it > takes to maintain a nonce, and why we have a nonce from both sides? Trying > to reinvent that text does not look like a good idea for this draft. > > > > > > > -- References -- > > Is there a reason why the crypto algorithms RFC 7748 and 8032 are not > > normative? > > Interestingly they are informational. So that would be a downref. > > CC'ing SEC-DIR: Please help: should we make these refs normative? > > > > > > == NITS == > > > > -- Section 2.2 -- > > To be honest, I am not a big fan of simply announcing concepts and > referring to > > many other RFCs. Suggest to mention which terms and concepts are > defined in > > each document. Else, the current section 2.2 mostly forces the readers to > read > > all the references. > > Yes and they are really there as additional reading, not normative. > I changed the text to > " The reader may get additional context for this specification from the > following references" > I also moved classical ND and SEND references to informational references. > > Works? > > > -- Section 6 -- > > s/may use a same Crypto-ID/may use the same Crypto-ID/ ? > > Done > > Many thanks again Eric! > > Let's see what SEC-DIR thinks > > And a very happy new year (in France we have till Jan 31st to send wishes > 😉) > > Pascal > > > >
- [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-… Éric Vyncke via Datatracker
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Barry Leiba
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Eric Vyncke (evyncke)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Eric Vyncke (evyncke)
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Benjamin Kaduk
- Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo… Pascal Thubert (pthubert)