Re: [6lo] Magnus Westerlund's No Objection on draft-ietf-6lo-fragment-recovery-12: (with COMMENT)

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Mon, 09 March 2020 07:58 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 147653A0964; Mon, 9 Mar 2020 00:58:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=CujzxzRe; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Nl65pfTl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5_PrXgKeFz98; Mon, 9 Mar 2020 00:58:39 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 729863A095D; Mon, 9 Mar 2020 00:58:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4102; q=dns/txt; s=iport; t=1583740719; x=1584950319; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=JSbrJ8jbzqyEAUFBhgtoDqErlrZKtYG1biR7K1LY69w=; b=CujzxzReWfKqQQ5JSmnymvXqYJXkoVhaSpHHBsYiT2H617Yie9KcEhRt RK/gNFfsFcgBOrL5eKDAIFMVsJe+nXBu7byrUlfn9T4+Z85X/72E24CPe QyBPpbcGILiPsCbn41IV7FtWXPEgIE28+gaY2ORFjGDf9zLQEEcGQ5Hx6 w=;
IronPort-PHdr: =?us-ascii?q?9a23=3AlG6CHhbpmUS4DeO3d4Ms/2b/LSx94ef9IxIV55?= =?us-ascii?q?w7irlHbqWk+dH4MVfC4el20gabRp3VvvRDjeee87vtX2AN+96giDgDa9QNMn?= =?us-ascii?q?1NksAKh0olCc+BB1f8KavycywnFslYSHdu/mqwNg5eH8OtL1A=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AECABU9mVe/4UNJK1kHQEBAQkBEQU?= =?us-ascii?q?FAYF7gVRQBYFEIAQLKoQVg0YDimuadIFCgRADVAkBAQEMAQEtAgQBAYRDAhe?= =?us-ascii?q?BdyQ4EwIDAQELAQEFAQEBAgEFBG2FVgyFZAIBAxIREQwBATcBDwIBCBoCJgI?= =?us-ascii?q?CAjAVEAIEAQ0NGoVPAy4BnB0CgTmIYnWBMoJ/AQEFhQMYggwJgQ4qhSGHCxq?= =?us-ascii?q?BQT+BEUeCTT6EDUCDDzKCLI1zgnWQAY5PcAqCPI0fiWOCSYghi36ETY52m1E?= =?us-ascii?q?CBAIEBQIOAQEFgWkigVhwFYMnUBgNjh04gzuKVXSBKY1AAQE?=
X-IronPort-AV: E=Sophos;i="5.70,532,1574121600"; d="scan'208";a="444276037"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Mar 2020 07:58:38 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 0297wceb023914 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 9 Mar 2020 07:58:38 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 9 Mar 2020 02:58:38 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 9 Mar 2020 02:58:38 -0500
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 9 Mar 2020 02:58:37 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; =?utf-8?q?b=3DPL4feEXfNMcJp2b3o5JGt4V/ug3D8Ui6eTADcXUyxgOMCurqkZpCHFlc8aeQA?= =?utf-8?q?ON2dXa/nkHi7DToJ6wtGOnEwakrjsZe6htiZnTKjdhqznjNEQLK1/YF91oScPrXS6?= =?utf-8?q?SmQluqMd+l16zGI8k7ZeM5cFIO3q1s5/giw8QEEvaAig5IO/IHldTnWZmN20alNqu?= =?utf-8?q?/R4kBdiAUihwNnqT0azzVSftXsWiQhgPPBobf+x+U0j3ocrnbeLSP4qYSkqmSEJyZ?= =?utf-8?q?1+uBQnwmonqVbueXpaaf52wJkWyZa4as4QgeR6KN0tmG7sGZANbRz1DbflLNTYor2?= =?utf-8?q?JzosmpX66dGJpZRZb+g5A=3D=3D?=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3ACont?= =?utf-8?q?ent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DJSbrJ8jbzqyEAUFBhgtoDqErlrZKtYG1biR7K1LY69w=3D=3B_b=3DFc00jU?= =?utf-8?q?AWNd6mRecntqc+YeSzYCBeIW9yl3F31hC5qZYD0ydc+gvvAZM31/osI1U9ir2WnxU?= =?utf-8?q?aGUIGJVmbQg0KtUWS5GOZMw9lP/SWLuvtw5+SNbfDzS1oamuU5KkqwGQhtlAMnzEr?= =?utf-8?q?Hz8LYofnHrLSC6UEa9ip7eGZuysVcoTNFHA6HJe9M855sDYhE+0IAw5fdbhVb00hz?= =?utf-8?q?I4nLFRmg4rsg6+a1Jf3E2QNEh5KlDFmB2G93r7IljwoT9j2y4Q6wdRUDSS/8uH9Tf?= =?utf-8?q?4IEWGBvDKYPYwIZzcltQVWBUOeb5mbWOPPiyCQSTJOsDT/qnWkdfG19YZfYhA4Hje?= =?utf-8?q?Fy9TP/l4vgw=3D=3D?=
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AM?= =?utf-8?q?essage-ID=3AContent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADC?= =?utf-8?q?heck=3B_bh=3DJSbrJ8jbzqyEAUFBhgtoDqErlrZKtYG1biR7K1LY69w=3D=3B_b?= =?utf-8?q?=3DNl65pfTlCmHPN3E6jQ8GEVhZE9viInjgvBFbgMTS3xKs2UkgiIV4+WUtjfSUhC?= =?utf-8?q?AFBTMlDHfyC9aReIAvumZ/hxOhSrn4aE8D0NOsDVyCLXD4vunsa3ZoOh0T03pNfMO?= =?utf-8?q?RctIBGd0zgjdk0c6dTaS1JoVdeyUxL977zr/gGFOmEv0=3D?=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (2603:10b6:208:ea::31) by MN2PR11MB3853.namprd11.prod.outlook.com (2603:10b6:208:ea::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.17; Mon, 9 Mar 2020 07:58:37 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::edba:2b0f:7341:2c24]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::edba:2b0f:7341:2c24%6]) with mapi id 15.20.2793.013; Mon, 9 Mar 2020 07:58:37 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-6lo-fragment-recovery@ietf.org" <draft-ietf-6lo-fragment-recovery@ietf.org>, Carles Gomez <carlesgo@entel.upc.edu>, "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>, "6lo@ietf.org" <6lo@ietf.org>
Thread-Topic: Magnus Westerlund's No Objection on draft-ietf-6lo-fragment-recovery-12: (with COMMENT)
Thread-Index: AQHV5m78XYMUSa8LRUKDZiyvF1Lozag/7kmw
Date: Mon, 9 Mar 2020 07:58:22 +0000
Deferred-Delivery: Mon, 9 Mar 2020 07:57:39 +0000
Message-ID: =?utf-8?q?=3CMN2PR11MB3565E64BFF404C9992CBCB3ED8FE0=40MN2PR11MB3?= =?utf-8?q?565=2Enamprd11=2Eprod=2Eoutlook=2Ecom=3E?=
References: <158203922796.14034.11972445891648310968.idtracker@ietfa.amsl.com>
In-Reply-To: <158203922796.14034.11972445891648310968.idtracker@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2a01:cb1d:4ec:2200:a8c7:7af1:ca74:7a0c]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 22319991-54d0-4cd5-87ff-08d7c3ffac67
x-ms-traffictypediagnostic: MN2PR11MB3853:
x-microsoft-antispam-prvs: =?utf-8?q?=3CMN2PR11MB3853D3377F3DDCD16F338BB6D8F?= =?utf-8?q?E0=40MN2PR11MB3853=2Enamprd11=2Eprod=2Eoutlook=2Ecom=3E?=
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0337AFFE9A
x-forefront-antispam-report: SFV:NSPM; =?utf-8?q?SFS=3A=2810009020=29=284636?= =?utf-8?b?MDA5KSgzOTYwMDMpKDEzNjAwMykoMzQ2MDAyKSgzNzYwMDIpKDM2NjAwNCkoMzk4?= =?utf-8?b?NjA0MDAwMDIpKDE5OTAwNCkoMTg5MDAzKSg2NjY2MDA0KSg2Njk0NjAwNyko?= =?utf-8?q?76116006=29=2833656002=29=289686003=29=2855016002=29=2852536014?= =?utf-8?b?KSgyOTA2MDAyKSg1NjYwMzAwMDAyKSg3Njk2MDA1KSg0Nzg2MDAwMDEpKDQz?= =?utf-8?q?26008=29=286506007=29=2866476007=29=2854906003=29=28110136005=29?= =?utf-8?q?=28316002=29=2886362001=29=2866446008=29=2864756008=29=2866556008?= =?utf-8?b?KSg3MTIwMDQwMDAwMSkoODkzNjAwMikoODExNjYwMDYpKDgxMTU2MDE0KSgx?= =?utf-8?q?86003=29=288676002=29=3B?= DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3853; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: =?utf-8?q?8jx5ouQ2cT9KUW3wQgeuclavrMdrRUl?= =?utf-8?q?g1h2CNh7Cn1Ca6FobZDt2D0gL96P/weUG1cvatw8hYVQHI8Fvx/+cRqlKdzKuEDcU?= =?utf-8?q?BeFr6+2uK1/tiV1ptN2lMa8YGmySbwzpoWlTxrynAzwhEWOVpJdmLqSKtHtVUGjaK?= =?utf-8?q?44vEZ54LGZxCegJut2PZ9AXNUl9cOSGGWc7BHvmsIGnHegJGSgZ8AgjuvmVBcWEek?= =?utf-8?q?8Owv9GKCWqZtLAiplFoM7q7m1aljpLDm3Nn+Vaty7ps2jyc6TFNAzLxgBX2WYPSyD?= =?utf-8?q?tRcCV15GfD/dqZG48HHgJAqGL8qR4aUABqE3HppD+266F/qnNsn8k2PmvwBRAkheE?= =?utf-8?q?IzD7Lsp31VKJmShOsD+lMu9ZNLJ3XmgenKWw7W00wEuFEViOK7iRK3c420npjvk/D?= =?utf-8?q?XL6B4648idkKgCK5rJ7DuMmrGdq?=
x-ms-exchange-antispam-messagedata: =?utf-8?q?xFyQH5N7cUqETtrjyws8Xtpi5kFbN7?= =?utf-8?q?FXEU/Jnw4ZrcJwahvWsGE8T/uO+qh7MbXfaKGjejAycQqGFVpEiBJH1Iq9kOnKaMB?= =?utf-8?q?hcAbDo/0/KnuVabTms65KWaBRHjGl63G3Y1tVAd7Fz54bbWZBke7xqsC0yhu/WMDw?= =?utf-8?q?6ZCK3yhKeRonIJRfxqfaYNrflfqdAwcH/EUWjyNFNp30UD7SQNeKXw=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 22319991-54d0-4cd5-87ff-08d7c3ffac67
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2020 07:58:37.1388 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: =?utf-8?q?AKUUl+Gok1TW7jtq5MnBt?= =?utf-8?q?qA95/lqZR6DCTQP82o+xcSAqfXkCKtrXP+gXzC/5fT7qxf42TC1l+xIAryANE4hdQ?= =?utf-8?q?=3D=3D?=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3853
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/yOHRgk4UcUKXgA5dyi2i8QrEx_o>
Subject: Re: [6lo] Magnus Westerlund's No Objection on draft-ietf-6lo-fragment-recovery-12: (with COMMENT)
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2020 07:58:41 -0000

Hello Magnus:

Many thanks for your review!

Let's see below:

> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> I am uncertain if there is security risk that is poorly noted. I don't think it is
> significant as an intermediate node will in many other ways be able to interfere
> with the transmission of the fragments. However, it appears to me that the
> below formulation potentially allow a fragment sender to go into an interesting
> state by acknowledging fragments prior to even have received them, causing
> the sender to abort the transmission prematurely?
> 
>    When all the fragments are received, the receiving endpoint
>    reconstructs the packet, passes it to the upper layer, sends an RFRAG
>    Acknowledgment on the reverse path with a FULL bitmap, and arms a
>    short timer, e.g., in the order of an average round-trip delay in the
>    network.  As the timer runs, the receiving endpoint absorbs the
>    fragments that were still in flight for that datagram without
>    creating a new state.  The receiving endpoint abort the communication
>    if it keeps going on beyond the duration of the timer.
> 
> Could the author please comment on this aspect of what would occur in the
> fragment sender if it receives an RFRAG-ACK will full bitmap prior to having
> send all fragments, and also what would happen if this is received very shortly
> after having sent the last fragment?
> 


An attacker that is on path can indeed do many things.
The ones that you point out could be detected by the transmitter. 
Others cannot. A critical aspect in 6LoWPANs is to keep the implementation concise and simple.
So yes, a "rich" implementation can detect some situations and report, provided that it has extra memory and bandwidth to do so.
But the recommendation stays the same, inherited from [FRAG-FWD]. We need a secure join and a link layer security that prevents rogue access.

I suggest to add the second paragraph below:


"
   This document specifies an instantiation of a 6LoWPAN Fragment
   Forwarding technique.  [FRAG-FWD] provides the generic description of
   Fragment Forwarding and this specification inherits from it.  The
   generic considerations in the Security sections of [FRAG-FWD] apply
   equally to this document.

   In addition to the threats detailed therein, an attacker that is on-
   path can prematurely end the transmission of a datagram by sending a
   RFRAG Acknowledgment to the sender.  It can also cause extra
   transmissions of fragments by resetting bits in the RFRAG
   Acknowledgment bitmap, and of RFRAG Acknowledgments by forcing the
   Ack-Request bit in fragments that it forwards.  As indicated in
   [FRAG-FWD], Secure joining and the Link-Layer security are REQUIRED
   to protect against those attacks.

"

Is that enough?

Many thanks again;

Pascal