Re: [6tisch] nbr cache recommendation
Mališa Vučinić <malisa.vucinic@inria.fr> Mon, 13 November 2017 10:45 UTC
Return-Path: <malisa.vucinic@inria.fr>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6354512949E for <6tisch@ietfa.amsl.com>; Mon, 13 Nov 2017 02:45:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GWLHN_LsqM8i for <6tisch@ietfa.amsl.com>; Mon, 13 Nov 2017 02:45:55 -0800 (PST)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86A5D129485 for <6tisch@ietf.org>; Mon, 13 Nov 2017 02:45:54 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.44,388,1505772000"; d="scan'208";a="300532337"
Received: from wifi-eduroam-85-240.paris.inria.fr ([128.93.85.240]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Nov 2017 11:45:51 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mališa Vučinić <malisa.vucinic@inria.fr>
In-Reply-To: <CAO0Djp0Wa5NdT3JySXNg_GtmA5DncBP-8kuzeDZ4UD_EZgnSCA@mail.gmail.com>
Date: Mon, 13 Nov 2017 11:45:50 +0100
Cc: tisch <6tisch@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6AFD13BD-A1B0-4CCC-B27D-75DC90FF6E60@inria.fr>
References: <CAO0Djp0Wa5NdT3JySXNg_GtmA5DncBP-8kuzeDZ4UD_EZgnSCA@mail.gmail.com>
To: Rahul Jadhav <rahul.ietf@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/GapEAHENNEWz5ex31iIZ9f0z7g0>
Subject: Re: [6tisch] nbr cache recommendation
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 10:45:56 -0000
Hi Rahul, Thanks for the pointer. I skimmed through the draft but couldn’t find how relay (JP) or new joinee (pledge) should handle each other before the authentication procedure completes. You state: > Relay element does not hold any state information on behalf of the new joinee node except for its neighbor cache entry. If one doesn’t differentiate between neighbor entries from already-authenticated nodes and yet unauthenticated pledges, depending on the policy by which new entries are added, there is a potential DoS attack on relay (JP) where the attacker could flood it with spoofed entries. I think that you should explicitly stress what is the recommended way of managing this in your draft. One could implement a separate cache for untrusted entries or keep a common cache and add complexity in the policy by which new entries are added. The latter would require an “untrusted” flag in each entry based on which we could count untrusted neighbors and decide whether to overwrite an existing neighbor with a new (untrusted) one. Let me know if I missed something :). Mališa > On 13 Nov 2017, at 10:46, Rahul Jadhav <rahul.ietf@gmail.com> wrote: > > Malisa mentioned recommendations about maintaining untrusted nbr cache entries. There is another work-in-prg on lwig which takes into considerations these aspects of maintaining nbr entries for network access/auth protocol. > > https://datatracker.ietf.org/doc/draft-ietf-lwig-nbr-mgmt-policy/ > Pls check if your considerations are handled. Thanks. > > Regards, > Rahul > _______________________________________________ > 6tisch mailing list > 6tisch@ietf.org > https://www.ietf.org/mailman/listinfo/6tisch
- [6tisch] nbr cache recommendation Rahul Jadhav
- Re: [6tisch] nbr cache recommendation Mališa Vučinić
- Re: [6tisch] nbr cache recommendation Rahul Jadhav