IETF Logo Mail Archive

Re: [6lo] Alissa Cooper's Discuss on draft-ietf-6lo-btle-14: (with DISCUSS and COMMENT)

Kerry Lynn <kerlyn@ieee.org> Tue, 14 July 2015 20:22 UTC

Return-Path: <kerlyn2001@gmail.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 973C91B2C77; Tue, 14 Jul 2015 13:22:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.027
X-Spam-Level:
X-Spam-Status: No, score=-1.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hx7iswbmmIjv; Tue, 14 Jul 2015 13:22:46 -0700 (PDT)
Received: from mail-ob0-x235.google.com (mail-ob0-x235.google.com [IPv6:2607:f8b0:4003:c01::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 817191B2BB1; Tue, 14 Jul 2015 13:22:46 -0700 (PDT)
Received: by obre1 with SMTP id e1so13472511obr.1; Tue, 14 Jul 2015 13:22:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=RTpcUjMjNusH+1Vf3Pe+qrhPm3e4EoH3AnfX3IlpoP8=; b=eqxfT3MeRrQXqnBD3HL35107KMhQ/9j1Y1Fr0WoA17yAGVnDOcpgBKRIabzjqjhHHT GkK94WayZ7K2sBD3mJxqkkbIqB7s25BP1zqH4B8+JmZpCJLC+M+9Mv8tXTJoXipeAdiY QZFidLPKxjPTn2zoSOKMolY9oV81+pA9Ewbo6Bdmnc1gg39AXlFERY8tNZUjzceF2n69 ZkzrMtOv3P/YuXqBjl9si+gg7CeZ0YEyzDYqRZO194jJsQ88nca+fbnX3pEufse2QKMY la2YusBzDRq55iSVH65BprIOC9WPpi5imTXsz3k7X7oe2o/epkWXB+thaOca0AKqe2rl JJfg==
MIME-Version: 1.0
X-Received: by 10.60.58.136 with SMTP id r8mr351581oeq.30.1436905366003; Tue, 14 Jul 2015 13:22:46 -0700 (PDT)
Sender: kerlyn2001@gmail.com
Received: by 10.60.179.227 with HTTP; Tue, 14 Jul 2015 13:22:45 -0700 (PDT)
In-Reply-To: <b61443d2ae674ec193abf39fda94f3fd@NOKWDCFIEXCH02P.nnok.nokia.com>
References: <20150708041531.28644.93106.idtracker@ietfa.amsl.com> <39c6d3e913fd44d6bdd24a4596564cb3@NOKWDCFIEXCH02P.nnok.nokia.com> <52B44F35-F0C2-490E-B929-98EA5FD7085E@cooperw.in> <b61443d2ae674ec193abf39fda94f3fd@NOKWDCFIEXCH02P.nnok.nokia.com>
Date: Tue, 14 Jul 2015 16:22:45 -0400
X-Google-Sender-Auth: GXeTKUaAWqYJV8xSYeyly0hohiQ
Message-ID: <CABOxzu14Et-=PJJW8nJT0vHYDRDSiVz76OHj=VvNQkn-M4CXOQ@mail.gmail.com>
From: Kerry Lynn <kerlyn@ieee.org>
To: "Savolainen Teemu (Nokia-TECH/Tampere)" <teemu.savolainen@nokia.com>
Content-Type: multipart/alternative; boundary="089e013c7090eaa837051adb9912"
Archived-At: <http://mailarchive.ietf.org/arch/msg/6lo/c5xdh5djflFGGUs2VoPFoHhHDwg>
Cc: "draft-ietf-6lo-btle.shepherd@ietf.org" <draft-ietf-6lo-btle.shepherd@ietf.org>, "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>, "draft-ietf-6lo-btle.ad@ietf.org" <draft-ietf-6lo-btle.ad@ietf.org>, ext Alissa Cooper <alissa@cooperw.in>, "draft-ietf-6lo-btle@ietf.org" <draft-ietf-6lo-btle@ietf.org>, "Gabriel.Montenegro@microsoft.com" <Gabriel.Montenegro@microsoft.com>, IESG <iesg@ietf.org>, "6lo@ietf.org" <6lo@ietf.org>
Subject: Re: [6lo] Alissa Cooper's Discuss on draft-ietf-6lo-btle-14: (with DISCUSS and COMMENT)
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2015 20:22:50 -0000

On Tue, Jul 14, 2015 at 1:53 AM, Savolainen Teemu (Nokia-TECH/Tampere) <
teemu.savolainen@nokia.com> wrote:

> Hi Alissa,
>
> Thank you for your reply, understanding, and spending time to create
> actual text proposals. The proposed pieces of text are good improvements,
> in my opinion, and I didn't really have any objections or comments. If no
> other opinions arise, these will be included in -15 as you proposed.
>
> For 3.2.1 the proposed sentence is currently drafted to be added to the
> end of the section like this:
> --
> ....The 6LBR ensures address collisions do not occur (see Section 3.2.3)
> and forwards packets sent by one 6LN to another. However, the 6LBR MUST NOT
> send the 6LN's link-local address outside of the local link.
>

The definition of link-local address is given in RFC 4291, Section 2.5.6:
"Routers must not forward any packets with Link-Local source or destination
addresses to other links."

It seems unnecessary and perhaps confusing to repeat it here.  If it is not
universally understood that
6LBRs work in this fashion, then we should clarify it in some architectural
document (like RFC 4291)
so we don't have to spell it out in each 6lo proposal.

Regards, Kerry Lynn

--
>
> Best regards,
>
> Teemu
>
> -----Original Message-----
> From: ext Alissa Cooper [mailto:alissa@cooperw.in]
> Sent: 14. heinäkuuta 2015 2:37
> To: Savolainen Teemu (Nokia-TECH/Tampere)
> Cc: IESG; draft-ietf-6lo-btle@ietf.org; 6lo-chairs@ietf.org;
> Gabriel.Montenegro@microsoft.com; draft-ietf-6lo-btle.ad@ietf.org;
> draft-ietf-6lo-btle.shepherd@ietf.org; 6lo@ietf.org
> Subject: Re: Alissa Cooper's Discuss on draft-ietf-6lo-btle-14: (with
> DISCUSS and COMMENT)
>
> Hi Teemu,
>
> Thanks for your reply. Comments inline.
>
> On Jul 7, 2015, at 10:59 PM, Savolainen Teemu (Nokia-TECH/Tampere) <
> teemu.savolainen@nokia.com> wrote:
>
> > Hi Alissa,
> >
> > Thank you for your review. I'll try to address your comments below:
> >
> >> My understanding from the discussions surrounding
> draft-ietf-6man-default-iids was that RFC 6282 constitutes an exception to
> the main recommendation ("By default, nodes SHOULD NOT employ IPv6 address
> generation schemes that embed the underlying link-layer address in the
> IID") because the header compression scheme in RFC 6282 requires that the
> IID be based on the link layer address. I see no text that justifies a
> similar requirement in this document.
> >
> > This document uses the same RFC 6282 for header compression (normative
> reference) and requires IID to be derivable from somewhere. Hence I would
> see that this document is under the RFC6282 exception on that regard, and
> we would not need to repeat all justifications? Furthermore, if the IID
> cannot be derived from the Bluetooth LE connection itself, I don't really
> see from where it could be derived..
> >
> >> I think if this document is going to specify generating the IID from
> the device address as the only address generation scheme for link-local
> addresses, it needs to provide a justification for that. Otherwise, the
> default address generation scheme should be one that generates an opaque
> IID of limited lifetime. The possibility that the device address is
> generated randomly and refreshed on each power cycle is important to note,
> but is not by itself sufficient justification given what I assume is the
> wider deployment of static device addresses. If the v6 address can provide
> better privacy protection than the device address, it should.
> >
> > Well the RFC 6282 requires IID to be computable from somewhere, when
> fully elided and we need that for best power efficiency, so isn't that
> already enough of justification?
> >
> > Furthermore, the subnet model (Section 3.2.1) restricts link-local
> addresses to be used only between 6LN and 6LBR. Hence the IID should not
> leak any further than to 6LBR. If the LE device is not changing its device
> address but is switching between different 6LBRs, the 6LBRs can already
> track the LE device based on its device address, and changing IPv6 IID for
> link-local addresses just adds complexity/loses efficiency, but does not
> provide privacy benefits. Right?
>
> I chatted with Brian about this during the telechat and he reaffirmed that
> link-locals are not expected to leak outside the 6LN-6LBR connection in
> this case. So I'm ok to clear the bulk of my discuss with that assurance.
> But I would suggest being totally explicit about it, e.g. by adding text to
> 3.2.1 such as:
>
> The 6LBR MUST NOT send the 6LN's link-local address outside of the local
> link.
>
> With that said, this text about non-link-locals is not consistent with the
> recommendations in draft-ietf-6man-default-iids:
>
> For non-link-local addresses a 64-bit IID MAY be formed by utilizing
>    the 48-bit Bluetooth device address.  A 6LN can also use a randomly
>    generated IID (see Section 3.2.3), for example, as discussed in
>    [I-D.ietf-6man-default-iids], or use alternative schemes such as
>    Cryptographically Generated Addresses (CGA) [RFC3972], privacy
>    extensions [RFC4941], Hash-Based Addresses (HBA, [RFC5535]), or
>    DHCPv6 [RFC3315].
>
> To be consistent with draft-ietf-6man-default-iids I think it would have
> to say something more along these lines:
>
> For non-link-local addresses, 6LNs SHOULD NOT be configured to embed the
> Bluetooth device address in the IID by default. Alternative schemes such as
> Cryptographically Generated Addresses (CGA) [RFC3972], privacy extensions
> [RFC4941], Hash-Based Addresses (HBA, [RFC5535]), DHCPv6 [RFC3315], or
> static, semantically opaque addreses [RFC7217] SHOULD be used by default.
> In situations where the Bluetooth device address is known to be randomly
> generated and/or the header compression benefits of embedding the device
> address in the IID are required to support deployment constraints, 6LNs MAY
> form a 64-bit IID by utilizing the 48-bit Bluetooth device address.
>
> >
> > Even more, if device vendors choose to use static Bluetooth device
> addresses, *everybody* in vicinity will be able to track such devices
> simply by listening Bluetooth LE advertisements those devices broadcast for
> Bluetooth LE service discovery purposes. If they then use IPv6 link-local
> address that are only used between Bluetooth LE device and it's router, no
> additional information leaks out. It is of course another matter if the 6LN
> uses the static device address for global address generation.
> >
> > When it comes to assumption, I would assume static Bluetooth LE device
> addresses are actually not to be used that much, at least for Bluetooth LE
> nodes that are expected to be mobile. This is because in Bluetooth LE
> random addresses are inbuilt to specification and very easy to use, on the
> contrary to basic Bluetooth (BR/EDR) that does not have as good privacy
> features as the LE. So I don't really see need for LE device vendors not to
> use random device addresses. (If Bluetooth LE devices have been paired,
> they can choose to use random resolvable addresses in their advertisements,
> which the paired devices can recognize to indicate known device by using
> Identity Resolving Key, please see BLE specs for more).
> >
> > For non-link-local addresses variety of means for privacy are documented.
> >
> >> On that point, there also seems to be a discrepancy between Section
> 3.2.2 and Section 5. Section 3.2.2 states:
> >> "(After a Bluetooth LE logical link has been established, it
> >   is referenced with a Connection Handle in HCI.  Thus possibly
> >   changing device addresses do not impact data flows within existing
> >   L2CAP channels.  Hence there is no need to change IPv6 link-local
> >   addresses even if devices change their random device addresses during
> >   L2CAP channel lifetime)."
> >> Section 5 states:
> >> "The IPv6 link-local address configuration described in Section 3.2.2
> >   strictly binds the privacy level of IPv6 link-local address to the
> >   privacy level device has selected for the Bluetooth LE.  This means
> >   that a device using Bluetooth privacy features will retain the same
> >   level of privacy with generated IPv6 link-local addresses."
> >> If the IID remains the same even when the device address changes, then
> the IID can be used to correlate activities of the device for the full
> lifetime of the IID, which goes beyond the lifetime of the device address.
> So the "privacy level" afforded by the device address is not the same as
> that of the IID. If this document is going to specify the generation of
> IIDs based on device addresses, why not regenerate the IID when the device
> address is regenerated?
> >
> > The Bluetooth LE device address change does not impact ongoing sessions.
> So the IID will remain the same during an established LE L2CAP connection
> lifetime - the possible device address change is not impacting existing
> connections! However, for Bluetooth LE service discovery and for new
> connections the new device address *does* impact, and hence new IPv6 IID
> would be used for new connections. Actually, no matter what kind of IPv6
> address changes the 6LN performs, the 6LBR that has ongoing L2CAP
> connection to 6LN will always know it is the same 6LN that is sending data.
> Hence there's no point in changing IPv6 link-local address within ongoing
> L2CAP connection.
>
> Ok, understood. I would suggest a slight modification to the text so it
> gets more to the point:
>
> OLD
> The IPv6 link-local address configuration described in Section 3.2.2
>    strictly binds the privacy level of IPv6 link-local address to the
>    privacy level device has selected for the Bluetooth LE.  This means
>    that a device using Bluetooth privacy features will retain the same
>    level of privacy with generated IPv6 link-local addresses.
>
> NEW
> The IPv6 link-local address configuration described in Section 3.2.2 only
> reveals information about the 6LN to the 6LBR that the 6LBR already knows
> from the link layer connection. This means that a device using Bluetooth
> privacy features reveals the same information in its IPv6 link-local
> addresses as in its device addresses.
>
> >
> > If the 6LN having connection up would wish to change its link-local
> address so that the 6LBR cannot track it, the 6LN has to:
> > - Tear down BLE connection (disconnect L2CAP and so on)
> > - Change device address
> > - Start advertising IPSP service
> > - Wait for 6LBR to establish BLE connection to it
> > - Start using IP with new link-local address
> >
> >> Why does this draft reference v4.1 of the Bluetooth spec rather than
> v4.2?
> >
> > This draft requires Bluetooth 4.1 or newer. We wanted to have reference
> to the minimum version of the Bluetooth spec that is required.
> >
> >> In 3.2.2, I think RFC 7217 should be added to the list in this sentence:
> >> Similarly, in Section 5, s/[I-D.ietf-6man-default-iids]/[RFC7217]/ in
> this sentence:
> >
> > That sound be fine, as long as we don't need to start defining how to
> select things like Network_ID?
>
> I don't think that's necessary - it's not as if this has been defined for
> other network types, and it's optional.
>
> Thanks,
> Alissa
>
> >
> > Best regards,
> >
> > Teemu
> >
>
> _______________________________________________
> 6lo mailing list
> 6lo@ietf.org
> https://www.ietf.org/mailman/listinfo/6lo
>

v2.23.0 | Report a Bug | By Email