[6tisch] Intelligent JP / validating the MASA
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Tue, 20 August 2019 16:21 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F67C12097C for <6tisch@ietfa.amsl.com>; Tue, 20 Aug 2019 09:21:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=DGA01y+C; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=GbrrS5Fe
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W-rJpKa74vsD for <6tisch@ietfa.amsl.com>; Tue, 20 Aug 2019 09:21:29 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C841120974 for <6tisch@ietf.org>; Tue, 20 Aug 2019 09:21:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4864; q=dns/txt; s=iport; t=1566318089; x=1567527689; h=from:to:cc:subject:date:message-id:mime-version; bh=xN0/XKQ7u8SpY4yubRJwqXEOOJ3oGN5CsACeFiC6Sc8=; b=DGA01y+ClRo4ePxAqoeJA53xedL6mRYtty7qgVUiS8N+o69tZ6STi/MG fYk85pJzVVHrpNuqfQnzHDDSPcJXBnBpbRvV1K2HdG6cxkOpRfbfMkh1k mO5QYD345Yb0+jAgcI1PA9rmpoy+Nio8y8GMZfLNPcUootS16Bl+zJNcX I=;
IronPort-PHdr: 9a23:kY43ahLjUSw/6GvXOdmcpTVXNCE6p7X5OBIU4ZM7irVIN76u5InmIFeBvKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUgMdz8AfngguGsmAXFXnLOPgYjYmNM9DT1RiuXq8NBsdFQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A2AAAQHVxd/4gNJK1mDgwBAQEBAQIBAQEBBwIBAQEBgVYCAQEBAQsBgRUvUANtVSAECyqHZgOKfZJigwIDhFqBQoEQA1QJAQEBDAEBLQIBAYQ/AoJVIzcGDgIFAQEEAQEBAgEGBG2FJwyFTAEDExsTAQE3AQQNARpmFw8BBAENDRqDAYEdTQMODwECoGYCgTiIYYIlgnsBAQWFERiCFAmBNAGJH4JJGIFAP4ERRocWOoM7giaUJpczCQKCHY13hl2YRo1bmA4CBAIEBQIOAQEFgWYigVhwFYMngkKDcooYO3KBKYtEK4IlAQE
X-IronPort-AV: E=Sophos;i="5.64,408,1559520000"; d="scan'208,217";a="616904017"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 Aug 2019 16:21:28 +0000
Received: from XCH-RCD-006.cisco.com (xch-rcd-006.cisco.com [173.37.102.16]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x7KGLQKI027708 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 20 Aug 2019 16:21:26 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-RCD-006.cisco.com (173.37.102.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 20 Aug 2019 11:20:52 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 20 Aug 2019 11:20:51 -0500
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 20 Aug 2019 12:20:51 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ixHVIcUaK6vv8lGHLKPLoEb2Wqp4SohGNa+mmBC8jgemXSzV1p4zuaUV9LQTUcbsdXGQnS9MHvAeuPESrPTBaWimUfR/LRC49z6gltSh7ZuQGI8YJdex3YzBh/pbUttIGiFBdkvd4czouq1billTaFtRwDyQTcRbemcpf/edYZi0AOSyUpqfqXbsU4D3rJvVaNzhJ6GLi1ex03+nPz516hyBAZHpPl7bWKUE7PUrAl5the+glUpytq/XoK686UvZ6QcNbWJZ0tcLF6MUS8l7THDeUScs3MAbMvAzk080mwtd5A91mXt9IF2boGm1RCDkZS2plqZrwt4drJgxzmsIRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UqwsmR4lw7Fn5ZGgFgtbql+kcFplf8/rRUhMbmquGiw=; b=HIAMeyg/m6CLlshW+AafJK5EylTjk5MaOfLu7CcqOoGebMWpzKBHU8y3C5qHKXt4+XilsnFeSeBqiQQJb3SneEPaQoDUDeIeSNMkicDUoK4+r9uY5tufD+IHmDcAEpXckY/fmlqgmvBCXJnLznE+4eXxplBJ6+WU+7XvZN8+rxLXdb9h8yLdMiMbbJ8vXSX41yAFx/bXbyebpmn3cWO54DugCRTxK7x7fs7MadVtRX/hBtEx8+7weLVtaVGyuucrlWz6ZMH3Wiw+zAaszTM0EtBAqfPBynOBT36ZTgZfw48xC51uj4f+VsY4b5E9RW+dbbrUi69m+Unj0WwXkJiZqg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UqwsmR4lw7Fn5ZGgFgtbql+kcFplf8/rRUhMbmquGiw=; b=GbrrS5FeG0ttv67stLy93bPEeiZzKLoSpwQij0EYyxqAVUN2OdpcMO6hZ/y4Btnhcah2Te0OmfNkFGAUXqKmVuFraqPLXXdkFOT95YlUJ70csnfBYL5AZMeRr/jcHwA6bxlftJC/EAgQOYLeaFXyZd+CGKhTE6BIn5BzPIGWLW4=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB3663.namprd11.prod.outlook.com (20.178.253.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.16; Tue, 20 Aug 2019 16:20:50 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::89cf:9d:8a75:266e]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::89cf:9d:8a75:266e%3]) with mapi id 15.20.2178.018; Tue, 20 Aug 2019 16:20:50 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Mališa Vučinić <malisa.vucinic@inria.fr>, Tero Kivinen <kivinen@iki.fi>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "6tisch@ietf.org" <6tisch@ietf.org>
Thread-Topic: Intelligent JP / validating the MASA
Thread-Index: AdVXcq2WhsWuyF3LQK+d3r69CIYQ2w==
Date: Tue, 20 Aug 2019 16:20:35 +0000
Deferred-Delivery: Tue, 20 Aug 2019 16:19:39 +0000
Message-ID: <MN2PR11MB356593FEE789835AC61E7589D8AB0@MN2PR11MB3565.namprd11.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:44f3:1300:8170:98a7:7988:d19d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d0e2d07d-64ed-45e7-2533-08d7258a5db4
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB3663;
x-ms-traffictypediagnostic: MN2PR11MB3663:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB36632F44AAB2DC8D5D1497FFD8AB0@MN2PR11MB3663.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 013568035E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(366004)(346002)(376002)(396003)(39860400002)(43544003)(199004)(189003)(46003)(99286004)(102836004)(6506007)(2171002)(476003)(186003)(14444005)(53936002)(486006)(256004)(25786009)(110136005)(71200400001)(71190400001)(2906002)(6666004)(4326008)(316002)(4744005)(6436002)(81156014)(5660300002)(8936002)(52536014)(81166006)(790700001)(478600001)(76116006)(66476007)(66556008)(8676002)(64756008)(66946007)(6116002)(33656002)(14454004)(7696005)(74316002)(7736002)(86362001)(6306002)(54896002)(55016002)(66446008)(9686003); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3663; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 9tFQbvu+by/awmFeo2wjMnoc8Kqk02fES/k4HnKYjNsXJ4G+A8P1Ag4fiaCv0cJLNEB5YAzogor4nef3vtI16SZ8eVj5xlZNU8HhZj3+zvUnK4Q3zB8Jp7uGbm3Z6PStTYNEX9SkniUPutlhyBRo9cN5dT8yjYbqkKIeS1zKbu+YQXVYo+lhCnG+OnEeQ/D1qVgB5Ahc/ZLodoL2F3W4mzKJsT+9+Xzd9FMpji77VqjauGZ4bW66nkt6OHDcUmdJTazAnUbn8R2Klfw2T3BueipMIqvSN6yjIQEbni0we7H6txly7vpcwQrlzfjUtihM4ZwABbUgNDAdk/me7PC7rtJ79HKYIN1i1hQx+hMFU1XqEYH48zFkGZ2ThlSk0lxh0O10gi+a9U8mg/VGuQRfj0QRzm7k/hLWUHrBGaNN5yA=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB356593FEE789835AC61E7589D8AB0MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d0e2d07d-64ed-45e7-2533-08d7258a5db4
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Aug 2019 16:20:50.1697 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tHKFg7H9Lc7WvUndC6VSrWxX+crIWgV1KVtkKhDBhmE9koTQZA6Ee3jF7BT29iVEVMdVVtInf4UT0MtijJs+7g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3663
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.16, xch-rcd-006.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/BUYOnkDx8lCaF1egTfHAqEZD0b0>
Subject: [6tisch] Intelligent JP / validating the MASA
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Aug 2019 16:21:31 -0000
Dear all: I'm looking for a consensus on how to address the following review comment on the 6TiSCH Architecture by Benjamin: > I'd like to see some discussion somewhere that the Join Proxy needs to take care > to not be an open redirector by which an unauthenticated pledge can attack > arbitrary network elements (whether within the LLN or on the broader > network), e.g., by performing some validation on the claimed MASA identifier. > Similarly, that the JRC will be exposed to lots of untrusted input and needs to be > implemented in an especially robust manner. Then again I'd like to discuss the split of what goes in the architecture and what goes in Minimal security or elsewhere. What do you think? Pascal
- [6tisch] Intelligent JP / validating the MASA Pascal Thubert (pthubert)
- Re: [6tisch] Intelligent JP / validating the MASA Michael Richardson
- Re: [6tisch] Intelligent JP / validating the MASA Michael Richardson
- Re: [6tisch] Intelligent JP / validating the MASA Mališa Vučinić
- Re: [6tisch] Intelligent JP / validating the MASA Pascal Thubert (pthubert)
- Re: [6tisch] Intelligent JP / validating the MASA Michael Richardson
- Re: [6tisch] Intelligent JP / validating the MASA Benjamin Kaduk
- Re: [6tisch] Intelligent JP / validating the MASA Pascal Thubert (pthubert)