Re: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04
"Patrick Wetterwald (pwetterw)" <pwetterw@cisco.com> Fri, 28 October 2016 09:40 UTC
Return-Path: <pwetterw@cisco.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1FB11299DE; Fri, 28 Oct 2016 02:40:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.952
X-Spam-Level:
X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iEpiAfMJNE8y; Fri, 28 Oct 2016 02:40:29 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F10F61299DD; Fri, 28 Oct 2016 02:40:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10108; q=dns/txt; s=iport; t=1477647628; x=1478857228; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=+bBY4Xx8ivtV+bPqhKf12q72UnwveMmQFTOdUlJhZpo=; b=mkk6pLQElMEZRHi4ukHOd51g6cx6c62ocB+kt7t4qhWM6wNit3+E/TJa EUDa4Dz0q3m3sbhN3InBUWuCBkEFjPq8KZVHzYJ2gdiAW0Q/TYO6GvKvF B5BdqU7PI5FzQKnAlUdUVx+0jrEGfiX0lDNJGt/PPTQYIt0QPIc1dLLX5 M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AVAQC9HBNY/4cNJK1SChkBAQEBAQEBAQEBAQcBAQEBAYMqAQEBAQEfWH0HjS+XAJQ/ggcdC4V7AhqBbT8UAQIBAQEBAQEBYiiEYgEBAQMBAQEBGgYROgsMBAIBBgIRBAEBAQICIwMCAgIlCxQBCAgCBAENBYhMCA6TY502jHcBAQEBAQEBAQEBAQEBAQEBAQEBAQEXBYEHhTaBfQiCUIQfDhoXgm0sgi8BBI5Mi0wBhiyJeIFuhG2JKYcehXGEAAEeNl+DGxyBU3IBhWMlBoECgQkBAQE
X-IronPort-AV: E=Sophos;i="5.31,557,1473120000"; d="scan'208";a="339504264"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 28 Oct 2016 09:40:04 +0000
Received: from XCH-RTP-012.cisco.com (xch-rtp-012.cisco.com [64.101.220.152]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id u9S9e4tg009666 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 28 Oct 2016 09:40:04 GMT
Received: from xch-rtp-014.cisco.com (64.101.220.154) by XCH-RTP-012.cisco.com (64.101.220.152) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 28 Oct 2016 05:40:03 -0400
Received: from xch-rtp-014.cisco.com ([64.101.220.154]) by XCH-RTP-014.cisco.com ([64.101.220.154]) with mapi id 15.00.1210.000; Fri, 28 Oct 2016 05:40:03 -0400
From: "Patrick Wetterwald (pwetterw)" <pwetterw@cisco.com>
To: AbdurRashidSangi <rashid.sangi@huawei.com>, 'lo' <6lo@ietf.org>
Thread-Topic: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04
Thread-Index: AQHSMP9CFr4+GzE+EEe8EseZqmglnQ==
Date: Fri, 28 Oct 2016 09:40:03 +0000
Message-ID: <4CAB44FC-4076-4CC8-BDCD-AC5EF8BA59E8@cisco.com>
References: <05f801d2185c$80697b20$813c7160$@gmail.com> <c6811b2f796d4845a16b3ad41b603c3b@XCH-RCD-001.cisco.com> <7309BC23-6B08-47D7-9128-B79A78EA0B7D@stud.ntnu.no> <7a194f275e39593fc6844700c55b2de3.squirrel@webmail.entel.upc.edu> <C3DD54213F5261438F5CE46038658EE320834E5D@SZXEMI505-MBS.china.huawei.com>
In-Reply-To: <C3DD54213F5261438F5CE46038658EE320834E5D@SZXEMI505-MBS.china.huawei.com>
Accept-Language: fr-FR, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1b.0.161010
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.228.216.26]
Content-Type: text/plain; charset="utf-8"
Content-ID: <13E578D5011BF54B83D6A34AEC883B25@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/nc0rCwHVlniq4jBOodhBlM9H54U>
Cc: "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>
Subject: Re: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2016 09:40:31 -0000
+1 PAtrick On 28/10/2016, 11:34, "AbdurRashidSangi" <rashid.sangi@huawei.com> wrote: Hello Chairs, Late but not least, please count my support for adoption of this draft. An important mechanism "address ownership in secure manner" is devised in this draft, which enables single Cypto-ID/UID to be used to protect multiple addresses. Thanks, Rashid Sangi, Huawei, Beijing > -----Original Message----- > From: 6lo [mailto:6lo-bounces@ietf.org] On Behalf Of Carles Gomez > Montenegro > Sent: 2016年10月7日 21:21 > To: Shiva Prasad Thagadur Prakash > Cc: Pascal Thubert (pthubert); 6lo-chairs@ietf.org; samita Chakrabarti; > lo > Subject: Re: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04 > > Hi, > > I also support adoption of this work. > > Cheers, > > Carles > > > > Hi, > > > > +1. I think the draft is useful and I would support its adoption. > > The draft still needs some work but that should be done as part of > the > > working group. > > > > Thanks, > > Shiva > > > > On 29 Sep 2016, at 14:13, Pascal Thubert (pthubert) > > <pthubert@cisco.com<mailto:pthubert@cisco.com>> wrote: > > > > Dear chairs and all : > > > > As an author I support the adoption of this document. There is ample > > art -and recent events- that suggests that: > > > > > > - IOT devices cannot be trusted for their actions towards > the > > network they live in and the internet at large. They may easily be > > compromised and do all sorts of things from impersonating other > > sensors to bombing web sites. > > > > - IOT devices cannot stay awake and defend their addresses > > against attackers that may claim their addresses and then use them > for > > malicious purposes, from black-holing critical sensors to reporting > > the wrong data. > > > > > > IOT networks could be expected to protect the devices; but with the > > current protocols they cannot easily recognize right from wrong. > There > > is nothing in 6LoWPAN ND that proves ownership of an address in SAVI > > terms, e.g. first come first serve, and an attacker may successfully > > impersonate any device if it knows its MAC address and its IP address, > > one possibly derived from the other in a reversible fashion. > > > > There is a clear need for a better control, so that the 6LR/6LBR may > > recognize that a device that claims an address is the true owner. > With > > reliable information they can enforce that a device that uses an > > address as source of a packet also owns that address. > > > > This is what this draft is all about. Basically, we propose to secure > > the 6LoWPAN ND registration to prevent theft from a third party. This > > echoes the past work at SeND and SAVI, but in a very simple fashion > > that does not require heavy artillery in the device as SeND does. > > Basically the IOT device uses a crypto ID information (like CGA) > > instead of the unique ID (the MAC address) in the ARO option, as > > extended by rfc6775-update; ownership of that ID can verified and the > > ID can be used to validate that a next registration come from the > same > > device as the previous. A same crypto ID can be used to register > > multiple addresses, and the addresses to not need to derive from the > > crypto ID (as opposed to SeND). The ID is stored at the 6LR and 6LBR > > associated with the address, and they can use ND extension to > revalidate the ID ownership at any time they want. > > > > Cheers, > > > > Pascal > > > > > > > > From: 6lo [mailto:6lo-bounces@ietf.org] On Behalf Of samita > > Chakrabarti > > Sent: mardi 27 septembre 2016 03:15 > > To: 'lo' <6lo@ietf.org<mailto:6lo@ietf.org>> > > Cc: 6lo-chairs@ietf.org<mailto:6lo-chairs@ietf.org> > > Subject: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04 > > > > > > > > Hello 6lo WG: > > > > We have discussed the following document at the IETF meetings and > > mailing list about the use of cryptographic ID to identify one device > > with a particular IPv6 address during the Neighbor Discovery Process. > > The crypto-ID association is helpful when MAC-ID or EUI-64 ID may not > be used. > > There has been fair amount of interest in securing the IP-address > > owner authentication using this method, in the WG meetings(IETF95). > > > > The co-authors have addressed several WG comments in the 04 version. > > > > The adoption call starts now and ends on Oct 10th, 2016. > > > > Please provide your opinion with yes/no answer and a short > > explanation for this adoption call within the deadline. > > > > Thanks and Regards, > > -Gabriel and Samita (6lo co-chairs) > > > >> > >> > >> Name: draft-sarikaya-6lo-ap-nd > >> Revision: 04 > >> Title: Address Protected Neighbor Discovery for Low-power > and > >> Lossy Networks > >> Document date: 2016-08-22 > >> Group: Individual Submission > >> Pages: 17 > >> URL: > >> https://www.ietf.org/internet-drafts/draft-sarikaya-6lo-ap-nd-04.txt > >> Status: > >> https://datatracker.ietf.org/doc/draft-sarikaya-6lo-ap-nd/ > >> Htmlized: https://tools.ietf.org/html/draft-sarikaya-6lo-ap- > nd-04 > >> Diff: > >> https://www.ietf.org/rfcdiff?url2=draft-sarikaya-6lo-ap-nd-04 > >> > >> Abstract: > >> This document defines an extension to 6LoWPAN Neighbor Discovery. > >> This extension is designed for low-power and lossy network > >> environments and it supports multi-hop operation. Nodes > supporting > >> this extension compute a Cryptographically Unique Interface ID > and > >> associate it with one or more of their Registered Addresses. The > >> Cryptographic ID (Crypto-ID) uniquely identifies the owner of the > >> Registered Address. It is used in place of the EUI-64 address > that > >> is specified in RFC 6775. Once an address is registered with a > >> Cryptographic ID, only the owner of that ID can modify the state > >> information of the Registered Address in the 6LR and 6LBR. > > > > _______________________________________________ > > 6lo mailing list > > 6lo@ietf.org<mailto:6lo@ietf.org> > > https://www.ietf.org/mailman/listinfo/6lo > > _______________________________________________ > > 6lo mailing list > > 6lo@ietf.org > > https://www.ietf.org/mailman/listinfo/6lo > > > > > _______________________________________________ > 6lo mailing list > 6lo@ietf.org > https://www.ietf.org/mailman/listinfo/6lo _______________________________________________ 6lo mailing list 6lo@ietf.org https://www.ietf.org/mailman/listinfo/6lo
- [6lo] WG adoption call for draft-sarikaya-6lo-ap-… samita Chakrabarti
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… sajjad akbar
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… Pascal Thubert (pthubert)
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… Shiva Prasad Thagadur Prakash
- [6lo] WG adoption call for draft-sarikaya-6lo-ap-… gksrivas
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… Carles Gomez Montenegro
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… AbdurRashidSangi
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… Patrick Wetterwald (pwetterw)
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… Xavier Vilajosana
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… Prof. Diego Dujovne
- Re: [6lo] WG adoption call for draft-sarikaya-6lo… samita Chakrabarti