Re: [6tisch] shepherd review of draft-ietf-6tisch-minimal-security
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Thu, 13 June 2019 12:59 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6962120199; Thu, 13 Jun 2019 05:59:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=AwIi+LGb; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=v9Xioiui
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 64fCDaV-xr5F; Thu, 13 Jun 2019 05:59:54 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C52981201DB; Thu, 13 Jun 2019 05:59:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=22140; q=dns/txt; s=iport; t=1560430793; x=1561640393; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=LJj2sI6dZpgCAIAqIyEdkyyS5W62ZO87wcTTNhfj21U=; b=AwIi+LGb83bl9pgeiVlJz55lfIRRhW7YjPUIUTAi96l8aXIN62nGP0z8 sQLXA7X+UUR7HhIhGU1vHUaRhxcj12Eou58pwsq2p5aMyb2bVEj7UtKei 4/YKP2edNvmBryaWdxHiPj2RU2NVFuSb9g+rnFeWZELMy9KlnOuruRQcv 8=;
IronPort-PHdr: 9a23:2eQW9RyfRgh6P5/XCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5YhWN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1kAgMQSkRYnBZudFU3mJvPwcwQxHd9JUxlu+HToeUU=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AIAABXSAJd/5pdJa1mGgEBAQEBAgEBAQEHAgEBAQGBUQUBAQEBCwGBDi8kLANqVSAECyiEFoNHA4RSig+CV5JghFOBLhSBEANUCQEBAQwBASUIAgEBhEACF4IyIzQJDgEDAQEEAQECAQRtHAyFSgEBAQQSEQoTAQE3AQ8CAQgRAQMBASgDAgICMBQDBggBAQQOBQgagwGBHU0DHQECDJ8LAoE4iF9xgTGCeQEBBYEyAYNLGIIPAwaBNAGEb4QkgkkXgUA/gRFGgkw+gmEBAQIBgSY6KwmCVDKCJo41hHOIR41hCQKCEIZHjSCCJocCjgSUNY84AgQCBAUCDgEBBYFPOIFYcBWDJ4IPg3CFFIU/cgEBCoEdj0IBAQ
X-IronPort-AV: E=Sophos;i="5.63,369,1557187200"; d="scan'208,217";a="577202287"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 13 Jun 2019 12:59:52 +0000
Received: from XCH-RCD-014.cisco.com (xch-rcd-014.cisco.com [173.37.102.24]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x5DCxqUQ017817 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 13 Jun 2019 12:59:52 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-014.cisco.com (173.37.102.24) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 13 Jun 2019 07:59:51 -0500
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 13 Jun 2019 07:59:51 -0500
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 13 Jun 2019 07:59:51 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LJj2sI6dZpgCAIAqIyEdkyyS5W62ZO87wcTTNhfj21U=; b=v9XioiuiPfA79cVXXbcgVmpEenDk4LOwSWxS4yfp1KR1vYWLypDRMqHBWw8u7oMM2psQtJ/yK6D5Nntv93i2d2zqzJjoWNEbLeyBraVuFv1DOP9fWPh5ibcUiv1y46Tql0AgxHtfHw+WhGvfJAMdIG+RyGOJHxazmhGAjWRX2Pw=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4191.namprd11.prod.outlook.com (20.179.151.224) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.13; Thu, 13 Jun 2019 12:59:50 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::7cc2:b440:8820:f0fc]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::7cc2:b440:8820:f0fc%7]) with mapi id 15.20.1987.012; Thu, 13 Jun 2019 12:59:50 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Mališa Vučinić <malisa.vucinic@inria.fr>
CC: "draft-ietf-6tisch-minimal-security@ietf.org" <draft-ietf-6tisch-minimal-security@ietf.org>, "6tisch@ietf.org" <6tisch@ietf.org>
Thread-Topic: [6tisch] shepherd review of draft-ietf-6tisch-minimal-security
Thread-Index: AdUhAALV81IPv4RKQSOzSaL5pQ+azAA5cyuAAABu8lA=
Date: Thu, 13 Jun 2019 12:59:28 +0000
Deferred-Delivery: Thu, 13 Jun 2019 12:59:05 +0000
Message-ID: <MN2PR11MB3565B7C3413A113A0F3322F3D8EF0@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <MN2PR11MB356555F1E8EC8412C85CD0B0D8EC0@MN2PR11MB3565.namprd11.prod.outlook.com> <14E83AEC-E6E2-4AC2-AADA-6E429639D653@inria.fr>
In-Reply-To: <14E83AEC-E6E2-4AC2-AADA-6E429639D653@inria.fr>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:c0c0:1002::1cd]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fde80a79-8830-44e7-674f-08d6efff0539
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB4191;
x-ms-traffictypediagnostic: MN2PR11MB4191:
x-ms-exchange-purlcount: 9
x-microsoft-antispam-prvs: <MN2PR11MB4191A2ED6A70C28EC6DD6E55D8EF0@MN2PR11MB4191.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0067A8BA2A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(136003)(366004)(396003)(39860400002)(189003)(199004)(51914003)(71200400001)(71190400001)(229853002)(6666004)(54906003)(52536014)(6436002)(15650500001)(14444005)(2420400007)(256004)(236005)(25786009)(99286004)(7696005)(86362001)(66946007)(73956011)(53936002)(6306002)(9686003)(76116006)(55016002)(54896002)(606006)(316002)(66556008)(66476007)(6246003)(33656002)(46003)(446003)(11346002)(68736007)(486006)(66574012)(74316002)(5660300002)(8936002)(81166006)(81156014)(8676002)(14454004)(2906002)(53546011)(476003)(66446008)(64756008)(4326008)(6116002)(790700001)(76176011)(186003)(102836004)(6916009)(7110500001)(966005)(478600001)(7736002)(6506007); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4191; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: k2Y9ke/E74W4ULjpKjeOx9L0E6My+Z2eDfrhV0jX2kyCjVAqC//sC/7BkWiRvoF+9XPD6OduM/PzCy+0+46c4ivOhtiVgjAkRaJEKOoHkZsTQFFANHcRMCd3C2v5gjHT6J8fSOLEq2XcpKN0ufguLLm9zoN8UsDEtzDRILP7brnljayaVAWnvEwNt4AA4obhXnmXWyyXSUloIFRjPQIKnovJGNDF1QlX/2eZ6UeBnjrEpzkwhKBjSLUggptiPRlhaWQ3pUNixBsEWmm2ShnS38tDVbcwyq7UVaYJPwHheesZFOpD2A7QJfqP0z5325Co32F6NvD61B34zVZyAhQjvUBVofCV6Jf1x6RVrV6F+qZdpvLXXtGusYjO6v+4o4v0lnSY5/MOaczNjyZEhdzQhNySDzyI0RwUNVWev2nHbq4=
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3565B7C3413A113A0F3322F3D8EF0MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: fde80a79-8830-44e7-674f-08d6efff0539
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jun 2019 12:59:50.1281 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pthubert@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4191
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.24, xch-rcd-014.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/-r6HSFftdDoFRxkYtcVPaGoYlzM>
Subject: Re: [6tisch] shepherd review of draft-ietf-6tisch-minimal-security
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2019 12:59:57 -0000
Works perfectly. Please publish -11. This is an excellent document, congratulations. All the best, Pascal From: Mališa Vučinić <malisa.vucinic@inria.fr> Sent: jeudi 13 juin 2019 14:45 To: Pascal Thubert (pthubert) <pthubert@cisco.com> Cc: draft-ietf-6tisch-minimal-security@ietf.org; 6tisch@ietf.org Subject: Re: [6tisch] shepherd review of draft-ietf-6tisch-minimal-security Hello Pascal, Thanks for the review. See resolutions and some comments inline. Mališa On 12 Jun 2019, at 11:54, Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>> wrote: Dear authors; As part of shepherding the draft for publication, please find review comments below: Very well written draft altogether! A few things still: Section 4.2: “ The pledge MAY perform the Neighbor Solicitation / Neighbor Advertisement exchange with the JP, as per Section 5.5.1 of [RFC6775]<https://tools.ietf.org/html/rfc6775#section-5.5.1>. “ This reference is outdated. I suggest referring to section 5.6. of [RFC8505]. Fixed, see resolution at: https://bitbucket.org/6tisch/draft-ietf-6tisch-minimal-security/commits/c9bbe0efbe4 Section 6: Again a ref to RFC 6775. In a general manner please use RFC 8505. See above. “The JRC can be co-located on the 6LBR. In this special case, the IPv6 address of the JRC can be omitted from the Join Response message for space optimization. The 6LBR then MUST set the DODAGID field in the RPL DIOs [RFC6550<https://tools.ietf.org/html/rfc6550>] to its IPv6 address. The pledge learns the address of the JRC once joined and upon the reception of the first RPL DIO message, and uses it to operate as a JP.” Note that the expectation is that the 6LBR is the RPL root as suggested in the 6TiSCH architecture. When they are not the same box I expect the all the text about 6LBR throughout this doc is really about the RPL root. This should be indicated somewhere. In Section 2, there is a sentence stating: The term "6LBR" is used interchangeably with the term "DODAG root" defined in [RFC6550<https://tools.ietf.org/html/rfc6550>], assuming the two entities are co-located, as recommended by [I-D.ietf-6tisch-architecture<https://tools.ietf.org/html/draft-ietf-6tisch-minimal-security-10#ref-I-D.ietf-6tisch-architecture>]. IMO this makes it clear that we assume they are the same box but let me know if this is not the case for you. Section 6.1: There are a number of SHOULD there, but no explanation of what happens if the SHOULD is not respected. Maybe a sentence that says that the SHOULDs are about protecting the network against the threats discussed in the section and that failing to follow the recommendation may create congestion and more sensitivity to attacks? You are right, the SHOULDs are poorly elaborated, mostly due to the fact that the attack they protect against is explained beforehand. As suggested, I added a sentence to reference the attack description: https://bitbucket.org/6tisch/draft-ietf-6tisch-minimal-security/commits/91830c80f0cc I also fixed a couple of nits in the IANA considerations, the commit is at: https://bitbucket.org/6tisch/draft-ietf-6tisch-minimal-security/commits/673105a5e4 The overall diff is available at: https://bitbucket.org/6tisch/draft-ietf-6tisch-minimal-security/branch/minimal-security-11#diff Let me know if these resolutions work for you and I will publish -11. Mališa
- [6tisch] shepherd review of draft-ietf-6tisch-min… Pascal Thubert (pthubert)
- Re: [6tisch] shepherd review of draft-ietf-6tisch… Mališa Vučinić
- Re: [6tisch] shepherd review of draft-ietf-6tisch… Pascal Thubert (pthubert)