IETF Logo Mail Archive

Re: [6lo] Secdir last call review of draft-ietf-6lo-multicast-registration-16

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Mon, 15 April 2024 13:07 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 200E0C14F680; Mon, 15 Apr 2024 06:07:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.932
X-Spam-Level:
X-Spam-Status: No, score=-13.932 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j4fDAIaDQ7TZ; Mon, 15 Apr 2024 06:06:58 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85581C14F605; Mon, 15 Apr 2024 06:06:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=14224; q=dns/txt; s=iport; t=1713186418; x=1714396018; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Fwkeo8+znyc8mhDiT+LqD+Kjhv0+ejF2m2jtEheHRzY=; b=MH/6XALq4ZWv2F95uz1cT5FaE9mONL7Vv+XI2spGJNVb8Sgt2zu0Ical R4SrFptm6vwgac3an/HU/fxOgji2OVyBXHNtZt22v5d9GntH8+gmWcwAY TjPKXEGuerbs9ZTOrVIOGeFwEYPnkswKUdt0JNf/+G8jNcwd3htURAjdP 8=;
X-CSE-ConnectionGUID: biNhfqT6Thu5y12hsCz7BA==
X-CSE-MsgGUID: py7j94sqR6aCbpyg2pUrsA==
X-IPAS-Result: A0AUAACaJR1mmIMNJK1aHQEBAQEJARIBBQUBQCWBFggBCwGBQDFSegKBF0iIIQOETl+IbAOLYItWOoE4hGCBJQNWDwEBAQ0BAUQEAQGFBgKIFwImNAkOAQIEAQEBAQMCAwEBAQEBAQEBBgEBBQEBAQIBBwUUAQEBAQEBAQEeGQUQDieFeoZZAQEBAQMSWQ4QAgEIEQMBAg0iIBEdCAIEAQ0FCBqCXgGCFxQDMQMBVaUvAYFAAoooeIE0gQGCFgXbGw2CVoFIAYgPBBoBJEhphjSCMycbgUlEgRVCgmg+gh+CJh6DdIIvBIkxAYUNREkugxJBgViCMkWCcxozBxGFdlR3IgMmMyERAVUTIg8MGgIbFA0kIwIpPgMJChACFgMdFAQuEQkLJgMqBjYCEgwGBgZbIBYJBCMDCAQDUAMgcBEDBBoECwd1gXyBPQQTRxCBMooSDIF9gTQpgU4pgRGDIUtxE4QIgTkDRB1AAwttPRQhFBsFBB8BgRgFnC4EhBwBA4ItKBEBAhaNSpRsjkyUE3AKhBOaL4EJhisXqVBkmGIgkVSRQYUmAgQCBAUCDwEBBoEzMTqBW3AVO4JnUhkPjiwNCZhzeDsCBwEKAQEDCYhwLWphAQE
IronPort-PHdr: A9a23:yI7G+hCyY7iHoMdMGvS8UyQVpxdPi9zP1kY9454jjfdJaqu8usikN 03E7vIrh1jMDs3X6PNB3vLfqLuoGXcB7pCIrG0YfdRSWgUEh8Qbk01oAMOMBUDhav+/Ryc7B 89FElRi+iLzKlBbTf73fEaauXiu9XgXExT7OxByI7H4BJ/UhMe6/+uz4JbUJQ5PgWn1bbZ7N h7jtQzKrYFWmd54J6Q8wQeBrnpTLuJRw24pbV7GlBfn7cD295lmmxk=
IronPort-Data: A9a23:Ys73QqIfMzG4+r1JFE+R/ZUlxSXFcZb7ZxGr2PjKsXjdYENS0zwCz 2pMWjuFb6qDazfxKNt3PNm+8EpUv8XXz9BkT1Ed+CA2RRqmiyZq6fd1j6vUF3nPRiEWZBs/t 63yUvGZcYZsCCea/0/xWlTYhSEU/bmSQbbhA/LzNCl0RAt1IA8skhsLd9QR2uaEuvDnRVvS0 T/Oi5eHYgP9h2cpajt8B5+r8XuDgtyj4Fv0gXRmDRx7lAe2v2UYCpsZOZawIxPQKmWDNrfnL wpr5OjRElLxp3/BOPv8+lrIWhFirorpAOS7oiE+t55OLfR1jndaPq4TbJLwYKrM4tmDt4gZJ N5l7fRcReq1V0HBsLx1bvVWL81xFadH3r/JOEThjcyOklyfKXv36OcxJmhjaOX0+s4vaY1P3 fUcLDZIZReZiqfvhrm6UeJrwM8kKaEHPqtG5Somlm+fVK1gGMuaK0nJzYcwMDMYi95fG/3da uISaCFka1LLZBgn1lI/Us9mx7zz2yCmG9FegEqE+qhmv3PK9lJ4+7L1IdWPYuGQXuwAyy50o UqdojymWUtFXDCF8hKJ6HuimqrOkD/1HdwWE/i96/p2gVaa3XBWEhAZVECnu/Cli0m4HdtbL 2QV9zYg668o+ySDEN36dxy1vHDCuQQTM+e8CMUz7AWLj6HT+QvcXy4PTyVKb5ots8peqSEWO kGhldLPBTJ2jOOpSW/A5+7OrSiZK3c/BDpXDcMbdjct797mqYA1qxvASNd/DaK45uEZ/xmtk 1hmSwBg3d0uYd436kmtwbzQb9uRSnXhRwox4EDcWXioq1o/b4++bIvu4l/ehRqhEGp7ZgbZ1 JTns5HChAzrMX1rvHbTKAnqNOr2j8tpyBWG3TZS82AJrlxBAUKLc4FK+y1ZL0x0KMsCcjKBS BaM4FgIvc4PYir0PPQfj2eN5yICkPOI+TPNC6G8UzaySskZmPKvpXgxNRDKgwgBbmB2yflgU XtkTSpcJS1HUfs8lmXeqxY12r4wzSd23nLIWZ3+1Fym17HYDEN5up9bWGZimtsRtfveyC2Mq o43H5LTm313DrakCgGJqtF7ELz/BSVhbXwAg5YJJrfrz8sPMDxJNsI9Npt7JdI0w/sFy48lP BiVAydl9bY2vlWeQS2iYXF4Y7SpVpF6xU/X9wR1Vbp08xDPubqS0Zo=
IronPort-HdrOrdr: A9a23:DpfhvKrBejTHqlSKFiA5MWkaV5tiLNV00zEX/kB9WHVpm5Oj5q OTdaUgtSMc1gxxZJh5o6H/BEDhex/hHZ4c2/h2AV7QZniWhILIFvAv0WKM+UybJ8STzJ846U 4kSdkANDSSNyk0sS+Z2njELz9I+rDum87Y55a6854ud3AXV0gK1XYBNu/vKDwMeOAwP+tAKH Pz3LshmxOQPV4sQoCQAH4DU+Lfp9vNuq7HTHc9bSIP2U2ltx/tzKT1PSS5834lPg+nx41MzU H11yjCoomzufCyzRHRk0XJ6Y5NpdfnwtxfQOSRl8k8MFzX+0eVTbUkf4fHkCE+oemp5lpvus LLuQ0cM8N67G6UVn2poCHqxxLr3F8Vmj/fIB6j8DjeSP7CNXcH4vl69MZkm9zimg0dVeRHoe B2NqSixtxq5F377X3ADpPzJmFXfwKP0AkfeKgo/jJiuU90Us4LkWTZl3klSKsoDWb07psqH/ JpC9yZ7PFKcUmCZ3ScpWV3xsewN05DVStub3Jy8/B96QIm1ExR3g8d3ogSj30A/JUyR91N4P nFKL1hkPVLQtUNZaxwCe8dSY/vY1a9DC7kISaXOxDqBasHM3XCp9r+56g0/vijfNgNwIEpkJ rMXVtEvSo5el7oC8eJwJpXmyq9ClmVTHDo0IVT9pJ5srrzSP7iNjCCUkknl4+6r/AWEqTgKo CO0VJtcojexEfVaPJ0NlfFKutvwFElIbgohuo=
X-Talos-CUID: 9a23:XGh+zWOFtGmlse5DUihB9EANJp4ZcmCA3S6KI1STGzlDYejA
X-Talos-MUID: 9a23:xSq+9w5aYcdt5g3TiVwKTNW1xoxw8vusWRwWiK9YsuKOLT1/YS+gli+eF9o=
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-2.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Apr 2024 13:06:57 +0000
Received: from alln-opgw-4.cisco.com (alln-opgw-4.cisco.com [173.37.147.252]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 43FD6vsj013736 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 15 Apr 2024 13:06:57 GMT
X-CSE-ConnectionGUID: WJZZt5bGSHiTuI5NVh2jFg==
X-CSE-MsgGUID: pprO0kGLQsiKWU7xzzzmvw==
Authentication-Results: alln-opgw-4.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=evyncke@cisco.com; dmarc=pass (p=reject dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.07,203,1708387200"; d="scan'208,217";a="27863178"
Received: from mail-mw2nam10lp2100.outbound.protection.outlook.com (HELO NAM10-MW2-obe.outbound.protection.outlook.com) ([104.47.55.100]) by alln-opgw-4.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Apr 2024 13:06:56 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TyYvnn9dqSEz7751wRzt/ks0rctBFMZYpAmuecB+H02NcBMhHDESfb6y5zp/zbK7HHNEzuvbS6dGggRJM2wiq/ukIM+9XL9F+NnKbeHGgc/XeYS4BbyBUt1pp7zA7+FBmFxDM1kqc7aYu8a0fU+XjthZXTyglRkrO0GPOTiXxp70BD24oYdx/i03QTKAC0+/eZ5VRGxlynKj/KAruccMaB4X/VWceIcPNf+bL43pJC9RK/A65hFiAAan0gfAJ+krKaxywZUDtx3FY2ueXyk0PIzBur6bJCSTare320s+z3TxzkNrL7yYIlmrZsqxqIRrfgFl9xX5lFZc31920UKEYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Fwkeo8+znyc8mhDiT+LqD+Kjhv0+ejF2m2jtEheHRzY=; b=eYmqaWF6qZQ/tPR7m9pbxVtbKPs887HTDkxoIXZYmxp0keZnVNcyweyoBnBIQv1v5RKmof49Xd+MN+WXh3MKg4lkMWUhWbsI/37iaS1UUQz+VzZ5oB70SEa28M30J3T973ra7zz48qy0ORsyrmzJt+n1vYWECu83uGXj8ecs6ti7JBW2cGsC2UfHaUnav0uyDYttZmIHkTx7kq1ASzmEp3Z4zcwD/g/wrg1258cBX4om8Vvt291+UY2UELPHbMqaBv5n7G3xR93qvWYxqJWZT4JilNcp5HVL4pmYavjojq3jwHIOUzyw5LZXkqzu1l1OC1GcmateVBi/dw0cAER5Xw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH7PR11MB8011.namprd11.prod.outlook.com (2603:10b6:510:24a::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Mon, 15 Apr 2024 13:06:55 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::626d:78db:4371:447a]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::626d:78db:4371:447a%6]) with mapi id 15.20.7472.025; Mon, 15 Apr 2024 13:06:55 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Pascal Thubert <pascal.thubert@gmail.com>, Scott Kelly <scott@hyperthought.com>
CC: "6lo@ietf.org" <6lo@ietf.org>, "draft-ietf-6lo-multicast-registration.all@ietf.org" <draft-ietf-6lo-multicast-registration.all@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-6lo-multicast-registration-16
Thread-Index: AQHags8fZ3Xp5e8IbUKc+dvWEYdLSrFeKk6AgAs7M6k=
Date: Mon, 15 Apr 2024 13:06:55 +0000
Message-ID: <PH0PR11MB4966364E941424707A6620F1A9092@PH0PR11MB4966.namprd11.prod.outlook.com>
References: <171182290049.29863.677175473205471754@ietfa.amsl.com> <641ba244-964b-4ea6-8441-9f95a1a9ad24@gmail.com>
In-Reply-To: <641ba244-964b-4ea6-8441-9f95a1a9ad24@gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR11MB4966:EE_|PH7PR11MB8011:EE_
x-ms-office365-filtering-correlation-id: 2eb39317-e332-49de-fd30-08dc5d4cecef
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Pml9ozp10/FYx8TfK6k1YgiEvxicEoYrRhMmEUhXUOzqgG6srJUXJor8/+UcVuATfu2pKxz8kTgoZ5kcGYiGjfjP79NUGCCBDepUEXl2oGZwAu7URIOfjwFaB17gitKn/r7R9FSY3ZmId0zUSeXoR7BKaySabU4qV3p/Ax9yuNR9ji4Bm26JZRJhvzw1OWnEHfohQGDEFaV3ZHsn/S4729RcyGlglapDxCKhuDMpaL/DW0sxAWicOkB8EFo5y0D/EYg5Nm6dYrogFwMMEblF5yW7G0nfiOUaVOaisYZp+jdpjeler9NkdtQvEJevkdJAOLOMiK0BvrXA3Nz+vhJeRClOmMZnaYevf852j6T+VJkr5QJaHMTBILNQ4CPIUZMWhhkSHwlf3bS8V9gHbztBsk8unoK6d4BzCMsQv3yFkvBxCbGMprV2KOEs9tT3GXEVnoUKYxLFuj/PT93OcMFM5+ouVI4T22FrTbGUWTOQrx73QXdg1AOjCg/m3q8olavM4FdO6Lqey7DsRCBmCwySAPnjovI+qkCAtRZhMcXUnXWG5u/CKl8lLhaa/stRdSn0lDBAEgZxn8COlIZ0zxxmE3po9GZ9S2D70LMSy783PVPqeU9S9jMAitYR5TmnauBOkToom/jdvL0LbsDClBtgdHpLkGvekGSKtteDaFFg8xNJD+3bD9jPYcfSdp1KUt+QkhSenIzDGZxylQcMt2XmpTKTheyQULQKusTXl3hb9NY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(376005)(1800799015)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: RwsqT9cm11xGB4XxjN9JQbPST0JNuLJooQGZXz8FCYaToxD0iXSah7PBddbFtuqkr+o2nAeSi9MBkbdTwf2h2v2vnI28d9hC/1OtITv1Zb5P3xrb94ZofItA1RvfnC9dL6jOKMgMaPCZNAq7QlS6G08hMp3U2LR3wsX+P/YipPK7zJ3YGPxqtl/sFZBV20HV7Kow99tppN67j9fFUhXluc0djbubmV8fRTIEWWV+nbfcldUwaOFmN2syPy2pikCB3akpLVSM9oLOz4qp/FDrYHj9Ww+/3b4md16Qc9O4kEFvYJI5V+Bc+x4aSbm6DMusmD9Lr3jlDK40kBiCBvSYZYan0IIbrebeF4FJZIqRefC77izD+QyjkDYd+q5XDCb2iD8xZp0zhq89QZOpx+kT09U8NzRDz8xsPT2RxrSz82QEWguUmby5YEdGaqCuFx2KlW3X2WWnVC+4EcDhai2epQ4Fvb/EqjtvW7SXMiUN2nyH8cLN7wSJCSwSJ5QxDsq/840UvKbqvpX/KgNHfmbPvMSXdtKw4VigvwMnQQ4a37lI+l2hF7yiyeKtnTi4fgJzZk7bouGqZPhx2BF+4pzvFrEcSMGmei1BU298NmGe8yHyex71k4fG7wDUgBHXvYCSHKFSq7DjMx5on7bULK9Ro2P5Eths+KadUEL2uH2olXd4Hw0gVADrBH8GEAB2HwueyknHte4+RPnv72C4fIGrVUz1PcgxCnuQyseJ/11vp4OMc2oJpvzlpS2ui/B5e+ETY6gYJRDvVN2IqfAQiVpZDnfwNzy6R1bvGwzhG5FISMH01g4wP2YU0IcTXRnatihjHrD44ZDkUD17IsYlFAXVyN/cI8fERWGAgFTAgvisskTjLmjPKTNTYLUEwt27anm/LjwFXZg0lXjBLrUMOaH3KXsTq5hxHAp7Ga9dfe1pkQM93xfztPanW0SFp2XzgYll60mwRG7THgZ9z9b3JQPyV261rMsL2V11yrz+bcx9R7LVPGxut9TgnnjixqO8c/7dnUKh8vKeVjvI+KkDIVAEIrLG3grOXWD609+686O/dy8dAh5IjbzxOOm+SQtWUxH12u8ftrqK28pqP2Gssc4zzz2CJ1I1QY6ZM/vPKYiW1N6oFH+8DjWNrzLxP66st5UXilMD7BAoBJLDcRh96CxK8SPZ5IHmcYvADAXxwMYO63RSNdiBZhGmVh3QgxdsVIbMrrVFCD5Y5lF8vuWtAyUrK2Ed3Nv9CEqfoh6y3aVTJt4SBWdrr70O9kMidHpiSJwKCmkn4hMrdxFkQda6Bds5vPQ0B4mziwG6kmJL6oHwoQ0mCq6E8Wt9/s2Y74RUXeeIg/uHr4ykPPtSOjFwwEGWnY7nMcnXMSvUaCSC9La9HI6La4CJg0HFeOsya7rH+eQRpMHg5tubryeV1cd/TMABSpQvI0GaEJkYOZt1rr4jY7PAxcxbji7G/21ABZj2Cj1PQR5x/ACTI/UtAkSG626fT0xck3b5hW0sIklHTQjxMrB5nG2Fgjm+WaTjiSdZnQt0LrMb8ChYJbYVfBdoR0j4oShspmVgwyMd51tb7SoMHBvOI34IwQY2IqDhazyxFEDPN8pJKjGzM6NsNVHae7TIfW6DN5eCQ91FfB2mpbM+734N8Imkp8rmDQgLJ+58sVg3Yusv57rlRQcDc2cqJZ0X2w==
Content-Type: multipart/alternative; boundary="_000_PH0PR11MB4966364E941424707A6620F1A9092PH0PR11MB4966namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2eb39317-e332-49de-fd30-08dc5d4cecef
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2024 13:06:55.3396 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: D7QxoJq4KrYOmX2Ka+omylDp6PWyYu2vasz6W0SJfvZGDd2P8qTPAC+LHJh/eiLiWpWV16Dy6iYpV29WXotZzw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB8011
X-Outbound-SMTP-Client: 173.37.147.252, alln-opgw-4.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/WPWLH4rLz_MxoWDp5wn3ilwLT98>
Subject: Re: [6lo] Secdir last call review of draft-ietf-6lo-multicast-registration-16
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2024 13:07:03 -0000

[Trimming the recipient list]

Pascal,

The end of your reply to Scott’s review seems to indicate a new text, same applies to the secdir review.

Do you know when you will be able to provide such a revised I-D ?

Regards

-éric

From: Pascal Thubert <pascal.thubert@gmail.com>
Date: Monday, 8 April 2024 at 11:35
To: Scott Kelly <scott@hyperthought.com>, secdir@ietf.org <secdir@ietf.org>, Eric Vyncke (evyncke) <evyncke@cisco.com>
Cc: 6lo@ietf.org <6lo@ietf.org>, draft-ietf-6lo-multicast-registration.all@ietf.org <draft-ietf-6lo-multicast-registration.all@ietf.org>, last-call@ietf.org <last-call@ietf.org>
Subject: Re: Secdir last call review of draft-ietf-6lo-multicast-registration-16

Hello Scott

many thanks for the time and contributions to the progress of this document.
Le 30/03/2024 à 19:21, Scott Kelly via Datatracker a écrit :

Reviewer: Scott Kelly

Review result: Has Nits



I have reviewed this document as part of the security directorate's ongoing

effort to review all IETF documents being processed by the IESG. These comments

were written primarily for the benefit of the security area directors. Document

editors and WG chairs should treat these comments just like any other last call

comments.



>From the introduction, “This specification Extends [RFC8505] and [RFC9010] to

add the capability for the 6LN to subscribe anycast and multicast addresses and

for the 6LR to inject them in RPL when appropriate.”



I want to start by saying that I have little experience with the protocols

described in 8505 and 9010; I’d suggest that the AD have my security-related

comments double-checked with someone who has both security expertise and

expertise in these protocols.



Ack, Eric is now added to the "to" list to attract his attention.



As a general comment, it took me several passes to make sense of the

introduction. It seems to aim toward explaining the gaps motivating this RFC,

along with the building blocks this document uses to fill those gaps. It might

help readers to explain this from the outset, and to explicitly call out which

is which. There are still some paragraphs/sentences there whose purpose I don’t

understand.



For the security considerations, I have 2 suggestions: first, it currently

calls out the “security section” of RFC 8505. Shouldn’t it also call out the

security considerations of RFC 9010? Second (and I’m not sure about this), does

this extension potentially permit any new bad behavior (distinct from 8505 and

9010) that should be called out? I don’t understand the protocol nuances well

enough to say, but I’d have felt more certain if it said so explicitly.



Makes sense. The call out is easy to do. I'll ask the list for inputs on new security holes potentially being created by this.

On the RPL side, I do not see much since multicast was already there. We clarify the use of the sequence counter and add the concept of origin. I do not see an attack vector there but we can think twice about it.

As of using RFC 8505 on the first hop instead of RPL, we effectively add the capability to validate the origin of the registration, which was not present in RPL and could be the subject of a future ROV in RPL. So I'd say we are improving the security situation, denoting that the segregation allows less trusted devices to use the RPL network without allowing them to inject RPL messages directly, which could be a more ope attack vector for them.

I'll craft some text around the above if that's all right with you?

all the best;



Pascal

v2.23.0 | Report a Bug | By Email