Re: [6tisch] ASN replay attack -- proposed text
Mališa Vučinić <malisa.vucinic@inria.fr> Tue, 30 July 2019 09:23 UTC
Return-Path: <malisa.vucinic@inria.fr>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2937412019D for <6tisch@ietfa.amsl.com>; Tue, 30 Jul 2019 02:23:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.898
X-Spam-Level:
X-Spam-Status: No, score=-6.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aXlow3R822A5 for <6tisch@ietfa.amsl.com>; Tue, 30 Jul 2019 02:23:33 -0700 (PDT)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E598A1200DF for <6tisch@ietf.org>; Tue, 30 Jul 2019 02:23:32 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.64,326,1559512800"; d="scan'208";a="393831138"
Received: from unknown (HELO [172.20.10.5]) ([37.165.217.219]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Jul 2019 11:23:30 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Mališa Vučinić <malisa.vucinic@inria.fr>
In-Reply-To: <MN2PR11MB35655639497685D38075B1EFD8C00@MN2PR11MB3565.namprd11.prod.outlook.com>
Date: Tue, 30 Jul 2019 11:23:30 +0200
Cc: Thomas Watteyne <thomas.watteyne@inria.fr>, 6tisch <6tisch@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0DB5145D-2773-4DF0-8808-B5D248C21D26@inria.fr>
References: <187B5557-C49C-44A3-AD16-C4CFF00FB91B@inria.fr> <08DADD63-7A1D-4D17-93E5-CCAC9ED7ED97@inria.fr> <MN2PR11MB35655639497685D38075B1EFD8C00@MN2PR11MB3565.namprd11.prod.outlook.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/Jrly9ULdjxMZ2sjH792k5fRmwAc>
Subject: Re: [6tisch] ASN replay attack -- proposed text
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 09:23:35 -0000
Pascal, As Tero outlined, this information is typically available as the metadata to the frame being received. It is up to the implementations to ensure that such information is available when processing the frame with a delay, otherwise things won’t really work.. Mališa > On 26 Jul 2019, at 23:20, Pascal Thubert (pthubert) <pthubert@cisco.com> wrote: > > Agreed: > > I'm wondering about the delayed security processing. That processing may be delayed beyond the current ASN. Is the ASN of the receive time attached to the frame as a meta of sorts to enable the delayed validation? > > All the best, > > Pascal > >> -----Original Message----- >> From: 6tisch <6tisch-bounces@ietf.org> On Behalf Of Thomas Watteyne >> Sent: vendredi 26 juillet 2019 17:08 >> To: Mališa Vučinić <malisa.vucinic@inria.fr> >> Cc: 6tisch <6tisch@ietf.org> >> Subject: Re: [6tisch] ASN replay attack -- proposed text >> >> Malisa, >> The text IMO explains both the problem and the solution very well, congrats. >> Thomas >> >>> On 26 Jul 2019, at 20:23, Mališa Vučinić <malisa.vucinic@inria.fr> wrote: >>> >>> Dear all, >>> >>> I worked on the initial version of the text describing the ASN replay attack >> and its resolution discussed during the Montreal meeting. >>> >>> The text can be found at: >>> >>> https://bitbucket.org/6tisch/draft-ietf-6tisch-minimal- >> security/commits/4ea5f58b1a3245a1e2a2b46f95f0fd48b2f4bb31 >>> >>> Please let me know if you have any comments. >>> >>> Mališa >>> _______________________________________________ >>> 6tisch mailing list >>> 6tisch@ietf.org >>> https://www.ietf.org/mailman/listinfo/6tisch >> _______________________________________________ >> 6tisch mailing list >> 6tisch@ietf.org >> https://www.ietf.org/mailman/listinfo/6tisch
- [6tisch] ASN replay attack -- proposed text Mališa Vučinić
- Re: [6tisch] ASN replay attack -- proposed text Thomas Watteyne
- Re: [6tisch] ASN replay attack -- proposed text Pascal Thubert (pthubert)
- [6tisch] ASN replay attack -- proposed text Tero Kivinen
- Re: [6tisch] ASN replay attack -- proposed text Tero Kivinen
- Re: [6tisch] ASN replay attack -- proposed text Pascal Thubert (pthubert)
- Re: [6tisch] ASN replay attack -- proposed text Mališa Vučinić
- Re: [6tisch] ASN replay attack -- proposed text Michael Richardson