Re: [6lo] Review of draft-kelsey-6lo-mesh-link-establishment
Richard Kelsey <Richard.Kelsey@silabs.com> Mon, 21 September 2015 15:55 UTC
Return-Path: <Richard.Kelsey@silabs.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BED551B33C8 for <6lo@ietfa.amsl.com>; Mon, 21 Sep 2015 08:55:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.398
X-Spam-Level:
X-Spam-Status: No, score=0.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_LIST=2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HkGzbXlO8Fln for <6lo@ietfa.amsl.com>; Mon, 21 Sep 2015 08:55:39 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0691.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::691]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38C881B33C3 for <6lo@ietf.org>; Mon, 21 Sep 2015 08:55:39 -0700 (PDT)
Received: from SN1PR0701MB1821.namprd07.prod.outlook.com (10.162.100.150) by SN1PR0701MB1821.namprd07.prod.outlook.com (10.162.100.150) with Microsoft SMTP Server (TLS) id 15.1.268.17; Mon, 21 Sep 2015 15:55:19 +0000
Received: from SN1PR0701MB1821.namprd07.prod.outlook.com ([10.162.100.150]) by SN1PR0701MB1821.namprd07.prod.outlook.com ([10.162.100.150]) with mapi id 15.01.0268.017; Mon, 21 Sep 2015 15:55:19 +0000
From: Richard Kelsey <Richard.Kelsey@silabs.com>
To: "consultancy@vanderstok.org" <consultancy@vanderstok.org>, robert cragie <robert.cragie@gridmerge.com>, "6lo@ietf.org" <6lo@ietf.org>
Thread-Topic: [6lo] Review of draft-kelsey-6lo-mesh-link-establishment
Thread-Index: AQHQ7x+bZ3B2KD8aZ0eINllCHN6+9J5HKSIH
Date: Mon, 21 Sep 2015 15:55:18 +0000
Message-ID: <SN1PR0701MB1821231BD49F05DF843C5C02F7460@SN1PR0701MB1821.namprd07.prod.outlook.com>
References: <1fae6bc94395057d115a8a101353fd3e@xs4all.nl>
In-Reply-To: <1fae6bc94395057d115a8a101353fd3e@xs4all.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Richard.Kelsey@silabs.com;
x-originating-ip: [216.236.254.7]
x-microsoft-exchange-diagnostics: 1; SN1PR0701MB1821; 5:5AtDH10Wi5/NSU5O3mp0aWONxzbsbmq6+Nq+A72ThqTUs9953SD58w/GjfBCZr+GpKjGM9PVOMaoF8s8SXIYGKVbs+AOfTH7u1yvH+nu7uMYGbRkPPE+cToGZl5jCymiBfHHF8VJcxJ97KmTv+Kb7A==; 24:dlVbKnjIj0cKk9gLjECctG3sC5arHLFGDxNL01Ugbvk6vcVcz5R3debhtAcZ66+KgRlZ9wtdpw0mqSgjDOp3Xbc+X2R339VctwlVHb+mfdM=; 20:l4G3trcqCdkS/kWieXYdlURw3Gjma0MxPpNjU4+XTK8w98F1BgH7wnmEc7rliPJXvjEnCatQUwYB7fKksvkpFg==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR0701MB1821;
x-microsoft-antispam-prvs: <SN1PR0701MB18216BB8F9D30F2E9112FD5DF7460@SN1PR0701MB1821.namprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(520075)(520078)(5005006)(8121501046)(3002001); SRVR:SN1PR0701MB1821; BCL:0; PCL:0; RULEID:; SRVR:SN1PR0701MB1821;
x-forefront-prvs: 07063A0A30
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(199003)(189002)(377454003)(33656002)(5001960100002)(15974865002)(122556002)(5003600100002)(2900100001)(19580395003)(4001540100001)(81156007)(230783001)(87936001)(99286002)(5002640100001)(106116001)(86362001)(68736005)(102836002)(2950100001)(107886002)(62966003)(5001860100001)(40100003)(19580405001)(105586002)(77156002)(92566002)(5001770100001)(5007970100001)(46102003)(76576001)(54356999)(74316001)(64706001)(77096005)(101416001)(11100500001)(10400500002)(5001830100001)(5890100001)(66066001)(189998001)(2501003)(50986999)(76176999)(106356001)(97736004)(5004730100002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR0701MB1821; H:SN1PR0701MB1821.namprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: silabs.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: silabs.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2015 15:55:18.6335 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 54dbd822-5231-4b20-944d-6f4abcd541fb
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR0701MB1821
Archived-At: <http://mailarchive.ietf.org/arch/msg/6lo/pSAl7hopOh6kVAZ9ByNmVT6j2qg>
Subject: Re: [6lo] Review of draft-kelsey-6lo-mesh-link-establishment
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2015 15:55:44 -0000
Peter, thank you for the comments. As a general response, the draft is informational and describes MLE as it is used in ZigBee IP. Some of the choices made depended on the particular needs of ZigBee IP and on the RFCs and drafts that were available at the time (2009-2012). > The way the draft removes unreliable links looks really great and > must be very useful. Determining link reliability is not a primary goal of MLE. That really requires collecting ongoing statistics about transmission attempts and successes, which MLE does not do. > Abstract > > Three capabilities: Put 3) as first. Difference between 2) and 1) > is not very clear. 1) is concerned with configuring an individual radio link between two neighboring devices in a mesh. It deals with the specific values for communication between those two devices. This is the primary purpose for MLE, which is why it is listed first. 2) is for setting mesh-wide shared values, such as the channel or PAN ID. This could be done in lots of ways. ZigBee IP happened to use MLE. Removing this functionality would not affect the rest of the protocol. 3) is an optimization to make 1) more efficient. It isn't strictly necessary. I suspect the confusion between 1) and 2) is partly due to the multiple meanings of the word "link". Would this be better? MLE extends IEEE 802.15.4 for use in multihop mesh networks by adding three capabilities: 1) dynamically configuring and securing radio connections between neighboring devices, 2) enabling network-wide changes to shared radio parameters, and 3) allowing the determination of radio link quality prior to configuration. > Section 1 Introduction. > 1st al. > A reference to existing 802.15.4 MIB RFC7388 would help, and also an > explanation why this is not sufficient. RFC 7388 defines statistics for 6LoWPAN packet reception and transmission. I don't see how this is relevent to management of 802.15.4 radio links. > 3rd al > > MLE can also be used……across a network identified by its channel > and PAN ID. Forwarding with simple flooding (you mean TRICKLE ?) The point here is that there is no dependency on the multicast forwarding protocol or on its being efficient. > If ZigBee IP standard reference is needed, should “thread” not be > mentioned as well? The draft describes MLE as used in ZigBee IP, not as it is used in Thread. > Section 4.1: > > 1st al: Again what is relation with RFC7388. Is an extension to 7388 > sufficient? Again, I don't see any connection to RFC7388's 6LoWPAN message statistics. > 2nd al. This is very terse, and completely incomprehensible to > anyone not familiar with 802.15.4 security standards > section. And even then I wonder what is meant. More motivation > would be welcome (probably including an example) How about the following: IEEE 802.15.4 security uses frame counters to detect replayed messages. Each sender maintains an outgoing frame counter that is included in outgoing secured messages and is incremented for each message sent. Receivers store the highest frame counter yet seen from each neighbor. Messages that arrive with a frame counter less than or equal to the highest previously-seen frame counter are discarded. In a mesh network neighbors come and go as the mesh topology changes. When a message arrives from a previously unheard neighbor, the receiver has no stored frame counter that can be used to determine if the message has been replayed by an attacker. MLE solves this by providing a simple handshake mechanism that allows the receiver to securely obtain the sender's current outgoing frame counter. > Section 4.2 > > Relation with draft-ietf-roll-mpl-parameter-configuration-07 > needs to be clarified. ZigBee IP, and thus the version of MLE described in the draft, predates draft-ietf-roll-mpl-parameter-configuration. I'm not sure what needs to be clarified. > Section 5. > It will be helpful when the draft explains how neighbours use link > security and how MLE uses 802.15.4 security for the MLE messages. Do I > understand correctly that a link can be secured with 802.15.4 mechanisms > and MLE uses 802,15.4 mechanism on the MLE message sent over this > secured link? In fact the MLE message is secured twice once at UDP level > and once at link level? MLE messages secured at the UDP level are not secured at the link level. I see that the draft does not state this explicitly; I'll fix this. > The figure is encouraged to include the MAC layer as well. You mean something like this? +------------+-----------+------------+-----+------------+---------+-----+ | MAC Header | IP Header | UDP Header | 0 | Aux Header | Command | MIC | +------------+-----------+------------+-----+------------+---------+-----+ I'm not sure I see the point. > Section 6. > > Why still use TLV at this stage. In other wgs the use of CBOR is > considered advantageous. One reason is that ZigBee IP development predated the appearance of CBOR. That aside, switching to CBOR would add considerable complexity to both the draft and to implementations. I don't see what advantages CBOR would bring that would be worth the extra complexity. > Section 7 > Is it wise to start with type = 0, not better to start with type=1, to > reduce error scenarios I don't see how that helps. > Section 7.6 > > Because the MLE message containing this TLV is sent within a 802.15.4 > frame, the frame counter in the TLV must be identical to the frame > counter in 802.15.4 header? Is that not superfluous? The 802.15.4 frame is not secured and does not have a frame counter. > Does this mean that MLE uses key1 + frame counter and link uses key2 + > frame counter with key1 NEQ key2? They use different keys. From section 5: MLE security MUST NOT use any key that is being used by the link (or any other) layer. The two key counters may or may not be the same. It may be, for example, that MLE may be running on a host processor while 802.15.4 is running on an attached coprocessor. This would make coordinating a single frame counter difficult. On the other hand, if the two are running on a single processor, nothing is gained by requiring the the two counters be different. > Section 7.8: is link parameter, or interface parameter not a bitter > title? I don't think so, although "network" might not be the best term either. These parameters apply to the entire mesh, not just a single link or interface. > The consequences of modifying the PAN ID or channel number are not clear > to me. Can there be some explanatory text on this aspect? Yes, I can see that more needs to be said here. > To what 802.15.4 parameter does Permit Joining correspond? The permit joining flag in the beacon header. > Section 7.9: I thought MLE frame counter is equal to link frame counter, > so why two separate ones? Practical considerations. See the note on section 7.6 above. > Section 8, 1st al: do you mean realm-local or admin-local ? see also > section 11 Realm-local. This nees to be fixed in the draft. > Section 8. This description really needs more text and probably some > examples and should be better related to section 5. A scenario > describing the process in full would be really helpful. I agree that the description is too sparse. > Section 9 2nd al. What are “reserved command type values”? The currently unassigned values. This needs to be made consistent with section 14. > Section 9 3rd al. As in section 8, What does joining the network mean? > If I understand correctly that means that a network with a PAN ID has > been formed, and a secured network segment exists with neighbours > communicating over 802.15.4 secured links and another unsecured segment > with neighbours which communicate over unsecured links. Joining means > that a node from unsecured segment leaves the unsecured segment and > joins the secured one. Under what conditions can a node in a secured > segment communicate with a node in the unsecured segment? > In addition, does joining also mean that secured MLE messages MUST be > exchanged? Can there be MLE secured messages which are transported over > unsecured links? As pointed out earlier, I miss the overview. Starting to talk about joining opens a Pandora's box of issues, given how many different ways there are of handling joining. Better would be to leave it out of scope and remove this sentence: The one exception to this is messages sent to or from a device that is joining the network and does not yet have the necessary keys. -Richard Kelsey ________________________________________ From: peter van der Stok [stokcons@xs4all.nl] Sent: Monday, September 14, 2015 6:40 AM To: robert cragie; 6lo@ietf.org Subject: [6lo] Review of draft-kelsey-6lo-mesh-link-establishment Hi Robert, Below my review of the mle draft. The way the draft removes unreliable links looks really great and must be very useful. However, I got muddled about the security aspects. I hope my questions help solve the issues I had. Greetings, peter ____________________________________________________________________________________________________ Abstract Three capabilities: Put 3) as first. Difference between 2) and 1) is not very clear. A full stop (.) is needed between …. configuration. MLE…. Section 1 Introduction. 1st al. A reference to existing 802.15.4 MIB RFC7388 would help, and also an explanation why this is not sufficient. 3rd al MLE can also be used……across a network identified by its channel and PAN ID. Forwarding with simple flooding (you mean TRICKLE ?) If ZigBee IP standard reference is needed, should “thread” not be mentioned as well? Section 4: Last line page 4, remove: before…….them. Section 4.1: 1st al: Again what is relation with RFC7388. Is an extension to 7388 sufficient? 2nd al. This is very terse, and completely incomprehensible to anyone not familiar with 802.15.4 security standards section. And even then I wonder what is meant. More motivation would be welcome (probably including an example) Section 4.2 Relation with draft-ietf-roll-mpl-parameter-configuration-07 needs to be clarified. Section 5. It will be helpful when the draft explains how neighbours use link security and how MLE uses 802.15.4 security for the MLE messages. Do I understand correctly that a link can be secured with 802.15.4 mechanisms and MLE uses 802,15.4 mechanism on the MLE message sent over this secured link? In fact the MLE message is secured twice once at UDP level and once at link level? The figure is encouraged to include the MAC layer as well. Section 6. Why still use TLV at this stage. In other wgs the use of CBOR is considered advantageous. Section 7 Is it wise to start with type = 0, not better to start with type=1, to reduce error scenarios Section 7.6 Because the MLE message containing this TLV is sent within a 802.15.4 frame, the frame counter in the TLV must be identical to the frame counter in 802.15.4 header? Is that not superfluous? Does this mean that MLE uses key1 + frame counter and link uses key2 + frame counter with key1 NEQ key2? Section 7.7: Add a reference to section 12. Section 7.8: is link parameter, or interface parameter not a bitter title? The consequences of modifying the PAN ID or channel number are not clear to me. Can there be some explanatory text on this aspect? To what 802.15.4 parameter does Permit Joining correspond? Section 7.9: I thought MLE frame counter is equal to link frame counter, so why two separate ones? Section 8, 1st al: do you mean realm-local or admin-local ? see also section 11 Section 8. This description really needs more text and probably some examples and should be better related to section 5. A scenario describing the process in full would be really helpful. Section 9 2nd al. What are “reserved command type values”? Section 9 3rd al. As in section 8, What does joining the network mean? If I understand correctly that means that a network with a PAN ID has been formed, and a secured network segment exists with neighbours communicating over 802.15.4 secured links and another unsecured segment with neighbours which communicate over unsecured links. Joining means that a node from unsecured segment leaves the unsecured segment and joins the secured one. Under what conditions can a node in a secured segment communicate with a node in the unsecured segment? In addition, does joining also mean that secured MLE messages MUST be exchanged? Can there be MLE secured messages which are transported over unsecured links? As pointed out earlier, I miss the overview. ________________________________________________________________________________________________________________ -- Peter van der Stok vanderstok consultancy mailto: consultancy@vanderstok.org www: www.vanderstok.org tel NL: +31(0)492474673 F: +33(0)966015248
- [6lo] Review of draft-kelsey-6lo-mesh-link-establ… peter van der Stok
- Re: [6lo] Review of draft-kelsey-6lo-mesh-link-es… Richard Kelsey
- Re: [6lo] Review of draft-kelsey-6lo-mesh-link-es… peter van der Stok