Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Mon, 03 February 2020 05:12 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA3F51208CE; Sun, 2 Feb 2020 21:12:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fSfd8poAFCmQ; Sun, 2 Feb 2020 21:12:44 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D9BF1208C6; Sun, 2 Feb 2020 21:12:44 -0800 (PST)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 0135CaEG011271 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 3 Feb 2020 00:12:39 -0500
Date: Sun, 02 Feb 2020 21:12:36 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Cc: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-6lo-ap-nd@ietf.org" <draft-ietf-6lo-ap-nd@ietf.org>, "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>, "Shwetha Bhandari (shwethab)" <shwethab@cisco.com>, "6lo@ietf.org" <6lo@ietf.org>
Message-ID: <20200203051214.GP91553@kduck.mit.edu>
References: <158030752268.2728.2544838912831012540.idtracker@ietfa.amsl.com> <MN2PR11MB35655FBDC33DE5AB90253643D8050@MN2PR11MB3565.namprd11.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <MN2PR11MB35655FBDC33DE5AB90253643D8050@MN2PR11MB3565.namprd11.prod.outlook.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/ue-YpL7pP48sgdh3TuJhVlYJEv4>
Subject: Re: [6lo] Éric Vyncke's Discuss on draft-ietf-6lo-ap-nd-13: (with DISCUSS and COMMENT)
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 05:12:47 -0000

On Wed, Jan 29, 2020 at 03:38:26PM +0000, Pascal Thubert (pthubert) wrote:
> Hello Eric : )
> 
> Many thanks for your review! I cc'ed SEC-DIR because we could really use their recommendation to solve some of your questions, more below.
> 
> Please see below:
>  
> > == DISCUSS ==
> > 
> > -- Section 4.4 --
> > The length of the reserved field is not specified. Or am I missing something
> > obvious ?
> 
> I concatenated the reserved fields in the picture and declared it as 40 bits. 
> Also added the number of bits in the reserved fields of other structures.
> 
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> > 
> > == COMMENTS ==
> > 
> > -- Section 4.2 --
> > While status is set to 0 when sending a NS, what is the expected behavior of a
> > receiver ?
> 
> Changed to 
> "
> In NS messages it MUST be set to 0 by the sender and ignored by the receiver.
> "
>  
> > -- Section 4.3 and 4.4 --
> > Why is the Pad Length field a 8-bit field while the actual padding will always be
> > less than 8 bytes. Suggest to make it a 3 or 4 bits field and extend the reserved
> > field.
> 
> Actually I thought that if we want to extend the option in the future, it is better to indicate the length of the public key as follows:
> 
>    |     Type      |    Length     | Reserved|  Public Key Length  |
> 
> Where:
> 
> Public Key Length: 13-bit unsigned integer. The length of the Public Key field in bytes.
> Public Key:  A variable-length field, size indicated in the Public Key Length field.
>        	     JWK-Encoded Public Key [RFC7517]
> >Padding:  A variable-length field completing the Public Key field to align to the next 8-bytes boundary.
> 
> 
> Works?
> 
> 
> 
> > 
> > -- Section 6.1 --
> > About "Nonce option MUST contain a random Nonce value that was never used
> > with this device", how can it be done? Keeping a local history? Giving some
> > operational hints would bee welcome. Especially, when there are multiple 6LR in
> > the LLN: how can they synchronize the nonce?
> 
> The nonce is used once, so there's no synchronization. A new pair is formed and exchanged at each validation.
> 
> The nonce game used here appear to be common practice. Yes, there's usually a need of local history, and the fact that we get a nonce from both side, apart from guaranteeing that the result is effectively unique to both parties, also makes the chances for history to repeat very low. 
> 
> CC'ing SEC-DIR: Please help: if there is a reference for that practice, what it takes to maintain a nonce, and why we have a nonce from both sides? Trying to reinvent that text does not look like a good idea for this draft.

It's pretty standard, so I'm not sure that there's a perfect reference for
it.  A key phrase is that it provides "contributory behavior", so that a
party (either one) that knows it has a good RNG knows that the protocol
will be secure.

> 
> 
> > 
> > -- References --
> > Is there a reason why the crypto algorithms RFC 7748 and 8032 are not
> > normative?
> 
> Interestingly they are informational. So that would be a downref. 
> 
> CC'ing SEC-DIR: Please help: should we make these refs normative? 

Generally yes; they're listed at https://datatracker.ietf.org/doc/downref/
so no need to re-run the IETF LC.

-Ben

> 
> > 
> > == NITS ==
> > 
> > -- Section 2.2 --
> > To be honest, I am not a big fan of simply announcing concepts and referring to
> > many other RFCs. Suggest to mention which terms and concepts are defined in
> > each document. Else, the current section 2.2 mostly forces the readers to read
> > all the references.
> 
> Yes and they are really there as additional reading, not normative.
> I changed the text to 
> " The reader may get additional context for this specification from the following references"
> I also moved classical ND and SEND references to informational references.
> 
> Works?
> 
> > -- Section 6 --
> > s/may use a same Crypto-ID/may use the same Crypto-ID/ ?
> 
> Done
> 
> Many thanks again Eric!
> 
> Let's see what SEC-DIR thinks
> 
> And a very happy new year (in France we have till Jan 31st to send wishes 😉)
> 
> Pascal
> 
>  
>