Re: [6lo] Mirja Kühlewind's No Objection on draft-ietf-6lo-ap-nd-14: (with COMMENT)
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Fri, 31 January 2020 16:02 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 896BA1200FE; Fri, 31 Jan 2020 08:02:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=FuxFQb21; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=SHpeH+rw
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ynlCzV7fgbaj; Fri, 31 Jan 2020 08:02:00 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF77D1200FD; Fri, 31 Jan 2020 08:01:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6388; q=dns/txt; s=iport; t=1580486519; x=1581696119; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=YjuBLD7XiZ/va/+D4rLkkHpiDbvwZm7OQU4xgaJFkdE=; b=FuxFQb21DN6Ya3FaF9Z8ZNltNqhcmLhI2kM34Lc4lR2RGYlzOYlpw+fD 9y/nLqtMc2j1UEtGyMHpAYPhXXIklpS/2VwSw446PWVV+JN46fmSjQa6w GM+D/0Zl58Fsn48fRR1eXCSdyIZN5UWN3gKi84gvo4MBal4PuRNNwpERn 8=;
IronPort-PHdr: 9a23:oLKqlRS23q42BsqSH1h5yBM4Ytpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOjQmHNlIWUV513q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D1AAAdTzRe/5pdJa1lHQEBAQkBEQUFAYFpBgELAYFTUAVsWCAECyqEFINGA4p0gl+YD4EuFIEQA1QJAQEBDAEBGAsKAgEBhEACF4IaJDYHDgIDDQEBBAEBAQIBBQRthTcMhWYBAQEBAwEBEBERDAEBLAsBCwQCAQgRBAEBAwImAgICJQsVBQMIAgQOBQgagwWCSgMuAQIMokYCgTmIYnWBMoJ/AQEFgS8BAwKDVxiCDAMGgQ4qAYUdhDl2EIFDGoFBP4ERR4FOfj6CZAEBAhqBCxYogw4ygiyNPSSCOjueHnAKgjuWWoJIiA2QMINJpi8CBAIEBQIOAQEFgVkFLYFYcBU7gmxQGA2OHTiDO4UUhT90gSmKXgEmB4IUAQE
X-IronPort-AV: E=Sophos;i="5.70,386,1574121600"; d="scan'208";a="432380250"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 31 Jan 2020 16:01:50 +0000
Received: from XCH-RCD-008.cisco.com (xch-rcd-008.cisco.com [173.37.102.18]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 00VG1oLc024812 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 31 Jan 2020 16:01:50 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-008.cisco.com (173.37.102.18) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 31 Jan 2020 10:01:49 -0600
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 31 Jan 2020 11:01:48 -0500
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 31 Jan 2020 10:01:48 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bmav3LA/ouRApPtE/WGjWNSqMKS052cWYHZI+lCiW02pWDtLcVAx0qphzDKqHvoe5IeOiCwaO0FZG5YKPErdOK274dFyIziUveWgkDM2NvaH4yx9bjlUw6Z3DrTAP7p+mEtNG011obr3SktSoqO5UvxEABOuWKDlelhzI7om6NG7O/48QpeHtcmctQrT/3AiERFciCuQRpuek+8ndKkNkdXJQGqCMI6jite6O7Qud91CCfIQhoGZwSN3A53fchreWoujqfwcZhbg8cjzTnqgI0yZPStBFd30ZTgPI5BdIAs/zjgqgiA3kvg/3M54npryVg/VIttWm75HxHSqJCE2DQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YjuBLD7XiZ/va/+D4rLkkHpiDbvwZm7OQU4xgaJFkdE=; b=Yo3rdt4A0LuODIOpmaJKo875U3lzq/AhDpgbgi4IptZ6EdiAQy506rOyn0YpIxwP+tSUg7OlUAbfKagkzlYluzqJGmxd0Pu7dld+FBPJTLM2nDzpovFEiMezWdZdvUkQnxZ+IBkubmRkMyt1HaHFZE8QTzCj7X6/fWDwZpIxS8gWAu6UiyfxIKEXzrhqBQve2j7westnvDQYNo169Q/OJB+6mIBP+BB45BA9LikOlFlaG7SkimQlb0R7KtYNrrP32sm//2eFCp1nTq82zyJ5jn2ra1vFj3bAkLn1QZ1FYvTIKuN8Sznh1y+Lko2O68zsCVLfXcpNL4blkBLgEZ4dKw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YjuBLD7XiZ/va/+D4rLkkHpiDbvwZm7OQU4xgaJFkdE=; b=SHpeH+rwzWDsU7q5lLOnoT3cHeOY21bPvWS+glJgiycy7ycEDCIbG77+CxxI/OKk+A2HETRJAnUPByXXGPgpQruMhcKrwmAPFNt6ZPu2Nc6MhDXruV3QA4gMaa3eroQeK79fK4Xz5ylkv49K3uTT6Oq/e+JVUr1GMy/UVW6GsNs=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB3759.namprd11.prod.outlook.com (20.178.252.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.29; Fri, 31 Jan 2020 16:01:47 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::fd76:1534:4f9a:452a]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::fd76:1534:4f9a:452a%3]) with mapi id 15.20.2665.027; Fri, 31 Jan 2020 16:01:47 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: " Mirja Kühlewind (IETF) " <ietf@kuehlewind.net>
CC: "draft-ietf-6lo-ap-nd@ietf.org" <draft-ietf-6lo-ap-nd@ietf.org>, "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>, The IESG <iesg@ietf.org>, "Shwetha Bhandari (shwethab)" <shwethab@cisco.com>, "6lo@ietf.org" <6lo@ietf.org>
Thread-Topic: [6lo] Mirja Kühlewind's No Objection on draft-ietf-6lo-ap-nd-14: (with COMMENT)
Thread-Index: AQHV2E33uUYlLh2TO0yTUDMh6iNsQqgE7FuQ
Date: Fri, 31 Jan 2020 16:01:22 +0000
Deferred-Delivery: Fri, 31 Jan 2020 16:01:11 +0000
Message-ID: <MN2PR11MB35650E40E425FEB348DF2B9BD8070@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <MN2PR11MB3565FA312B1ADBECD0FB7FCBD8070@MN2PR11MB3565.namprd11.prod.outlook.com> <2E152AC9-A67C-49DF-9AF9-A0E5F06944EC@kuehlewind.net>
In-Reply-To: <2E152AC9-A67C-49DF-9AF9-A0E5F06944EC@kuehlewind.net>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:44f3:1300:41e7:7725:e525:b2e8]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ab696329-142f-4237-07fe-08d7a666e04f
x-ms-traffictypediagnostic: MN2PR11MB3759:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR11MB375953C8E2B2FFEF63085EABD8070@MN2PR11MB3759.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 029976C540
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(136003)(366004)(376002)(346002)(39860400002)(199004)(189003)(316002)(186003)(8936002)(4326008)(224303003)(478600001)(6666004)(966005)(71200400001)(33656002)(86362001)(54906003)(9686003)(66946007)(7696005)(55016002)(6916009)(52536014)(5660300002)(66476007)(66556008)(64756008)(66446008)(53546011)(6506007)(81166006)(81156014)(2906002)(66574012)(76116006); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3759; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: W71BNF2Ro5CHOyLIt/Eny3qqJfatI9m1msTat2N4roysXZpviwJf0ZsJ67ziYt7jD4FON4NtaK31F1TYQwVeKqIPLEvvYZnPWaO95VXvmUxsnq2Phe4h2Euou8QVXeMFqlZ+YOtPTE24PC7Lip8apUb5QMk4Dt+aa4Gxkk1H7g6DzG7Tods6PzdrtvBslcC3yNPyUS1Shsks6KM8ZhdHmU/W5dzQt2Y7qTrZy1lw9ar3uPLRNhRiz9fTgyfDMk++tl2aLQVKvynv/4yghlDxGaPVcvkfSVzQ0f+qCRNUft7/0OAMm3nmPn7G5o18GRFyNKhjN2Yg4A5+Oxk2A90VXXqr8cmkxbI3ZxzFD1ZoniToq45etss/wso9kzjxNyPakIiCNQJq96m6u6rRpzJ8jUuAd9jP4dQjMEHfhyGVCx9L48meoEKg9Dmiyr9H2ydwyKjtf5ItopcF2aNUDLeSfZj69XAWmvNu2Mb2A0ONBHvoFdv7Y4iypt+nCM6yZH2SGfQCCCHsrxHkn9qbXk+d9Q==
x-ms-exchange-antispam-messagedata: uh50E1n/kq71Xb4r2gIXcwJVcBN9+ZyLUoMoUfb8s8j+rTntb+eKnYxcAzUsBn2TcUZNruCM9n1+vg3J3dXchPPTps9R3CgC3+Az1FskShDYV2Q7kWDQ/MrpWW7Hg87oWxqtjXP/x4MPI0QHoR1QaHJOUqOi81bOxldSBiVAcwmXzF8tix2XBTSuUkGJ62vIKRQ1M6TTOIHfU0pPF4RR5w==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ab696329-142f-4237-07fe-08d7a666e04f
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jan 2020 16:01:47.5405 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: nWC12v1rgOKb65xQkuSvuBKcI9s0NrCkoEBBykwSCimFkDnI4P+vs0SVS7XIL2+3JOO7ptYsGO64t+0eKonSVw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3759
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.18, xch-rcd-008.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/VUd0ke4R7Sbj-8c3CJhmaMgVZ_g>
Subject: Re: [6lo] Mirja Kühlewind's No Objection on draft-ietf-6lo-ap-nd-14: (with COMMENT)
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2020 16:02:02 -0000
Great!
Published as 15. You may want to recheck the changes I made based on your review here:
https://www.ietf.org/rfcdiff?url2=draft-ietf-6lo-ap-nd-15
Again, many thanks, Mirja.
Pascal
> -----Original Message-----
> From: 6lo <6lo-bounces@ietf.org> On Behalf Of Mirja Kühlewind (IETF)
> Sent: vendredi 31 janvier 2020 16:49
> To: Pascal Thubert (pthubert) <pthubert@cisco.com>
> Cc: draft-ietf-6lo-ap-nd@ietf.org; 6lo-chairs@ietf.org; The IESG
> <iesg@ietf.org>; Shwetha Bhandari (shwethab) <shwethab@cisco.com>;
> 6lo@ietf.org
> Subject: Re: [6lo] Mirja Kühlewind's No Objection on draft-ietf-6lo-ap-nd-14:
> (with COMMENT)
>
> Hi Pascal,
>
> This all looks good to me.
>
> Thanks,
> Mirja
>
>
>
> > Am 31.01.2020 um 15:04 schrieb Pascal Thubert (pthubert)
> <pthubert@cisco.com>:
> >
> > Hello Mirja:
> >
> > Many thanks for your review : )
> >
> >
> >> ---------------------------------------------------------------------
> >> -
> >> COMMENT:
> >> ---------------------------------------------------------------------
> >> -
> >>
> >> A couple of small comments:
> >>
> >> 1) Sec 2.2: If actually all terms from all the RFC listed in section
> >> 2.2 are used, all the reference would need to be normative. Maybe double-
> check this!
> >
> > I went through that with Eric's review and some refs moved back and forth
> before I finally published 14.
> >
> > I found that from that list the generic LLN discussion and the legacy IPv6 ND
> are not necessary to understand and implement this specification. The needed
> normative references are the 6LoWPAN ND and RFC 3971, and crypto
> references. I think we are OK now.
> >
> >
> >> 2) Sec 3: I would have expected that section 3 says something about
> >> backward compatibility (what if not all nodes in a network are
> >> updated?) and gives a strong recommend to use this scheme (or even
> >> obsolete the old one?)
> >
> > Right. What about adding:
> > "
> > Section 5.3 of [RFC8505] introduces the ROVR as a generic object that
> > is designed for backward compatibility with the capability to
> > introduce new computation methods in the future. Section 7.3
> > discusses collisions when heterogeneous methods to compute the ROVR
> > field coexist inside a same network.
> >
> > [RFC8505] was designed in preparation for this specification, which
> > is the RECOMMENDED method for building a ROVR field.
> >
> > "
> >
> >> 3) Nit sec 4.4: s/it an be found/it can be found/
> >
> > Fixed
> >
> >> 4) Sce 6: Use of normative language: s/The node may use a same
> >> Crypto- ID/The node MAY use a same Crypto-ID/
> >
> > done
> >
> >
> >> 5) Security Consideration Section: Is there a new risk/possible
> >> attack because computational complexity of the proposed scheme is
> >> higher than the one in RFC8505? Could that be used as an attack
> >> against a central node? Would it be necessary to rate limit requests
> >> somehow? Or is there already a rate limit (that should be mentioned
> here)?
> >
> > Actually the challenge is distributed at the edge of the network. That's a
> limit if the scheme that a compromised 6LR may admit an attacker.
> > What about adding a section as follows in the security section:
> > "
> >
> > 7.6. Compromised 6LR
> >
> > This specification distributes the challenge and its validation at
> > the edge of the network, between the 6LN and its 6LR. The central
> > 6LBR is offloaded, which avoids DOS attacks targeted at that central
> > entity. This also saves back and forth exchanges across a
> > potentially large and constrained network.
> >
> > The downside is that the 6LBR needs to trust the 6LR for performing
> > the checking adequately, and the communication between the 6LR and
> > the 6LBR must be protected to avoid tempering with the result of the
> > test.
> >
> > If a 6LR is compromised, it may pretend that it owns any address and
> > defeat the protection. It may also admit any rogue and let it take
> > ownership of any address in the network, provided that the 6LR knows
> > the ROVR field used by the real owner of the address.
> > "
> >
> > Again, many thanks Mirja. Please let me know if the above looks OK and I'll
> publish.
> >
> > All the best,
> >
> > Pascal
> >
> >>
> >>
> >> _______________________________________________
> >> 6lo mailing list
> >> 6lo@ietf.org
> >> https://www.ietf.org/mailman/listinfo/6lo
>
> _______________________________________________
> 6lo mailing list
> 6lo@ietf.org
> https://www.ietf.org/mailman/listinfo/6lo
- [6lo] Mirja Kühlewind's No Objection on draft-iet… Mirja Kühlewind via Datatracker
- Re: [6lo] Mirja Kühlewind's No Objection on draft… Pascal Thubert (pthubert)
- Re: [6lo] Mirja Kühlewind's No Objection on draft… Mirja Kühlewind (IETF)
- Re: [6lo] Mirja Kühlewind's No Objection on draft… Pascal Thubert (pthubert)