Re: [6tisch] 6tisch join requirements for 6top
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Mon, 24 November 2014 16:43 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08B691A7035 for <6tisch@ietfa.amsl.com>; Mon, 24 Nov 2014 08:43:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yeEKlL0cAF1A for <6tisch@ietfa.amsl.com>; Mon, 24 Nov 2014 08:43:30 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2F191A6EDA for <6tisch@ietf.org>; Mon, 24 Nov 2014 08:43:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2341; q=dns/txt; s=iport; t=1416847411; x=1418057011; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Wc/oS6vbuIm716bJytbQvw5HwYyFtY+vrQWiwlS252k=; b=EqRy8Suf7TIYPqECyhmIN/8kSmnrGe9m8wYTcC99vwHFIW++IJbXP8lS WYCMpHzHUnnbCcpG/m9AoYTrKlVMcea/w8rUCS7YVTbM9Mnbz2tGgg1ft NIw0P5aU0ZoZZgk4/aHU6ITKNcSqGP4qIbDbnY7SaHd2uRPH/MvjP+ol6 U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ag4FAOVfc1StJV2P/2dsb2JhbABbgw6BMshiiSMCgR4WAQEBAQF9hAMBAQMBOj8QAgEIIhQQMiUCBAENDYgwCdAuAQEBAQEBAQEBAQEBAQEBAQEBAQEBF5BaMQeDL4EfBZJoozODfYJAgQMBAQE
X-IronPort-AV: E=Sophos;i="5.07,450,1413244800"; d="scan'208";a="99632697"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-8.cisco.com with ESMTP; 24 Nov 2014 16:43:30 +0000
Received: from xhc-rcd-x01.cisco.com (xhc-rcd-x01.cisco.com [173.37.183.75]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id sAOGhTdK014112 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 24 Nov 2014 16:43:29 GMT
Received: from xmb-rcd-x01.cisco.com ([169.254.1.182]) by xhc-rcd-x01.cisco.com ([173.37.183.75]) with mapi id 14.03.0195.001; Mon, 24 Nov 2014 10:43:29 -0600
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Tero Kivinen <kivinen@iki.fi>, Michael Richardson <mcr+ietf@sandelman.ca>
Thread-Topic: [6tisch] 6tisch join requirements for 6top
Thread-Index: AQHQB+uk9TqirB7SC0GYcN0KGGR12Jxv+I9g
Date: Mon, 24 Nov 2014 16:43:28 +0000
Deferred-Delivery: Mon, 24 Nov 2014 16:43:00 +0000
Message-ID: <E045AECD98228444A58C61C200AE1BD848A77CB5@xmb-rcd-x01.cisco.com>
References: <D0876D12.C03C%rsudhaak@cisco.com> <32412.1415737868@sandelman.ca> <D087B62D.C081%rsudhaak@cisco.com> <10653.1415740821@sandelman.ca> <CADJ9OA_LFkGDuyG_0bf=07d7cvC9FNRr5cMGTmYw2PR=g9XQHA@mail.gmail.com> <8193.1416253349@sandelman.ca> <21619.12717.53454.214321@fireball.kivinen.iki.fi>
In-Reply-To: <21619.12717.53454.214321@fireball.kivinen.iki.fi>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.55.22.5]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch/PMb54zc01PjXSqTVRl0Fci9_uxs
Cc: "Raghuram Sudhaakar (rsudhaak)" <rsudhaak@cisco.com>, "6tisch@ietf.org" <6tisch@ietf.org>, Robert Moskowitz <rgm@htt-consult.com>
Subject: Re: [6tisch] 6tisch join requirements for 6top
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2014 16:43:32 -0000
Hello Tero, > > 10) the well-known beacon key to use for the join network. (Defaulting to > > "6TISCHJOIN") > > Why is this? What key Source it would use? What Key Id Mode? In 15.9 we > specify that the key management packets are sent with security level of 0, and I > did hear someone complaining that you cannot mix security level 0 and other > security level frames in the 15.4, but that is wrong. The 15.4 do allow receiving > packets with any security level, and upper layer is told about the security level of > the received frame in the DATA.indication call. > > Using well-known keys makes it bit harder for the upper layer to know whether > the frame actually has some protection or not. I.e. instead of checking whether > the security level is 0, it needs to check the KeyIdMode, KeySource and KeyIndex > to know if this key was one of the well know keys, which would indicate there is > no protection for the frames. > > If there is no protection for the frames, it is better to indicate it using security > level 0, and not hide that fact to some well know key. > Also if you define such key you also need to defined the KeyIdMode, KeyIndex > and KeySource for it. [PT] The use of a well-known beacon key (Defaulting to"6TISCHJOIN") has been debated for a while. The lack of an ethertype has already lead in the field to frame from protocol A being understood -wrong- by protocol B. Even if that looks anecdotic, we are now facing the need to reuse some messaging footprint in 6LoWPAN, and if that happens, we need to make sure that the overlapping protocol elements never mix in a same network. So, agreeably, the beacon key does not provide protection against rogues, but it does provide protection against unexpected impact of coexisting but incompatible protocols. IOW, the beacon key can be seen as an SSID that will isolate networks that are incompatible or should not be mixing for some policy reasons. The KIM would probably be 0 (correct?) and some meta would indicate the bundle that is used to join (a bundle reserved for that purpose actually), and on that bundle, no actual security can be expected, so all sort of preventive actions, such as defense against DoS, will be activated. Cheers, Pascal
- [6tisch] CoAP resource management - draft-ietf-6t… Raghuram Sudhaakar (rsudhaak)
- Re: [6tisch] CoAP resource management - draft-iet… Michael Richardson
- Re: [6tisch] CoAP resource management - draft-iet… Carsten Bormann
- Re: [6tisch] CoAP resource management - draft-iet… Raghuram Sudhaakar (rsudhaak)
- Re: [6tisch] CoAP resource management - draft-iet… Michael Richardson
- Re: [6tisch] CoAP resource management - draft-iet… Thomas Watteyne
- Re: [6tisch] CoAP resource management - draft-iet… Pascal Thubert (pthubert)
- [6tisch] 6tisch join requirements for 6top Michael Richardson
- Re: [6tisch] 6tisch join requirements for 6top Xavier Vilajosana
- Re: [6tisch] 6tisch join requirements for 6top Michael Richardson
- [6tisch] 6tisch join requirements for 6top Tero Kivinen
- Re: [6tisch] 6tisch join requirements for 6top Pascal Thubert (pthubert)
- [6tisch] on the fallacy of default keys (was: Re:… Rene Struik
- Re: [6tisch] on the fallacy of default keys (was:… Pascal Thubert (pthubert)
- Re: [6tisch] on the fallacy of default keys Rene Struik
- Re: [6tisch] 6tisch join requirements for 6top Pat Kinney
- Re: [6tisch] 6tisch join requirements for 6top Tero Kivinen
- Re: [6tisch] 6tisch join requirements for 6top Tero Kivinen
- Re: [6tisch] 6tisch join requirements for 6top Pascal Thubert (pthubert)
- Re: [6tisch] 6tisch join requirements for 6top Kris Pister
- Re: [6tisch] 6tisch join requirements for 6top Thomas Watteyne
- Re: [6tisch] 6tisch join requirements for 6top Michael Richardson
- Re: [6tisch] 6tisch join requirements for 6top Michael Richardson
- Re: [6tisch] 6tisch join requirements for 6top Tero Kivinen
- Re: [6tisch] 6tisch join requirements for 6top Tero Kivinen
- [6tisch] emails on 802.15.4 specs Rene Struik
- Re: [6tisch] 6tisch join requirements for 6top Michael Richardson
- Re: [6tisch] 6tisch join requirements for 6top Michael Richardson
- Re: [6tisch] 6tisch join requirements for 6top yoshihiro.ohba
- Re: [6tisch] 6tisch join requirements for 6top Michael Richardson
- Re: [6tisch] 6tisch join requirements for 6top Thomas Watteyne
- Re: [6tisch] 6tisch join requirements for 6top Carsten Bormann
- Re: [6tisch] 6tisch join requirements for 6top Thomas Watteyne
- Re: [6tisch] 6tisch join requirements for 6top Tero Kivinen
- Re: [6tisch] 6tisch join requirements for 6top Tero Kivinen
- Re: [6tisch] 6tisch join requirements for 6top yoshihiro.ohba
- Re: [6tisch] 6tisch join requirements for 6top Michael Richardson
- Re: [6tisch] 6tisch join requirements for 6top dejichen
- Re: [6tisch] 6tisch join requirements for 6top Michael Richardson
- Re: [6tisch] 6tisch join requirements for 6top Thomas Watteyne