IETF Logo Mail Archive

[6tisch] shepherd review of draft-ietf-6tisch-minimal-security

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Wed, 12 June 2019 09:55 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 807BE120113; Wed, 12 Jun 2019 02:55:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=HrdoJFaU; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ObY65Scn
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ipY9NcAMnZS; Wed, 12 Jun 2019 02:55:08 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D20691200B6; Wed, 12 Jun 2019 02:55:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8643; q=dns/txt; s=iport; t=1560333307; x=1561542907; h=from:to:cc:subject:date:message-id:mime-version; bh=NBHSBCY/i/T96NanxTBISG+vhHQeMA9S4tssQ6IXB5s=; b=HrdoJFaUfgNI0ZhHlG6tg4HbsTA+nfgXnzqUOSPonjSYWKo0g4qKXAe2 6BwOekZYFSHIDr4akAW39aB2riG9czmSO0eUXZNeVk9pRg8S5AuO8rPLn pAGMme2Fw3LlcJ7/+OJ3hz+wRywFWH2m328+IUlp2o8cEatX0lWHvj6gG U=;
IronPort-PHdr: 9a23:yQb9fh9QGEVmL/9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+8ZR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUERoMiMEYhQslVdaZCVDxIeT2Ryc7B89FElRi+iLzPA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BKAAA2ywBd/5pdJa1lHAEBAQQBAQcEAQGBUQcBAQsBgQ4vJCwDalUgBAsoh1wDhFKKD5U3hFOBLhSBEANUCQEBAQwBASMKAgEBhEACgkQjNAkOAQMBAQQBAQIBBG0cAQuFTRYbEwEBNwERARpmFw8BBA4NGoMBgR1NAx0BAgydMQKBOIhfgiKCeQEBBYUDGIIPAwaBNAGLXBeBQD+BEUaFawEBAgGBJjorgw+CJpMhiESNXwkCghCGR40egiWHAY4AjReHF48wAgQCBAUCDgEBBYFPOIFYcBWDJ4IPg3CFFIU/cgEBgSeOagEB
X-IronPort-AV: E=Sophos;i="5.63,365,1557187200"; d="scan'208,217";a="283167081"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 12 Jun 2019 09:55:06 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x5C9t62X028426 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 12 Jun 2019 09:55:06 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 12 Jun 2019 04:55:05 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 12 Jun 2019 05:55:04 -0400
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 12 Jun 2019 04:55:04 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gxuSRZMBeJi+JDEgatmnw5O80KSs9peXAf96eJ6s1NM=; b=ObY65ScnUj55gWXG4XgiXTNHZoVP6qa1jcXikwddrtOKNcFoHnRlQgYpi3oOA/mDN/N4H7aA5AAidbI68+aipPZu0tBrn5v5ljNMI5r8hrFyRCjXwRdboNTNbVx6tcRiMaX2g//3Z2new5xLNx+HPG8VU30ImTkz0nfihxIcQz4=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB3950.namprd11.prod.outlook.com (10.255.181.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1965.15; Wed, 12 Jun 2019 09:55:03 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::7cc2:b440:8820:f0fc]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::7cc2:b440:8820:f0fc%7]) with mapi id 15.20.1987.012; Wed, 12 Jun 2019 09:55:03 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: "draft-ietf-6tisch-minimal-security@ietf.org" <draft-ietf-6tisch-minimal-security@ietf.org>
CC: "6tisch@ietf.org" <6tisch@ietf.org>
Thread-Topic: shepherd review of draft-ietf-6tisch-minimal-security
Thread-Index: AdUhAALV81IPv4RKQSOzSaL5pQ+azA==
Date: Wed, 12 Jun 2019 09:54:53 +0000
Deferred-Delivery: Wed, 12 Jun 2019 09:54:25 +0000
Message-ID: <MN2PR11MB356555F1E8EC8412C85CD0B0D8EC0@MN2PR11MB3565.namprd11.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:44f3:1300:552f:ff32:b86:aad7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9e7ad6b9-5044-45dd-503e-08d6ef1c0a81
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB3950;
x-ms-traffictypediagnostic: MN2PR11MB3950:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <MN2PR11MB395077F133229B2D6A033B49D8EC0@MN2PR11MB3950.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0066D63CE6
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(396003)(39860400002)(366004)(346002)(189003)(199004)(53936002)(54896002)(9686003)(33656002)(99286004)(4326008)(14454004)(76116006)(15650500001)(450100002)(6436002)(606006)(236005)(7696005)(6506007)(476003)(2501003)(6916009)(55016002)(8676002)(486006)(46003)(6116002)(2906002)(2420400007)(186003)(102836004)(6306002)(7736002)(71190400001)(5660300002)(71200400001)(478600001)(52536014)(790700001)(6666004)(256004)(66446008)(8936002)(66556008)(25786009)(86362001)(7110500001)(64756008)(2351001)(316002)(74316002)(81166006)(68736007)(73956011)(5640700003)(81156014)(66946007)(66476007); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3950; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 7+6UcEN+z/nmk3rcGimXjiD+9XPb5C+y4sTW6zE4r/pya+LfAyy2bdr2OSrflbrv7xyRJJQyvVbywY0uWj+olnpTF293UspsLGC8HXGtKGAb/0p1rEvYtIe87NBF+My4wsBZPWgzXigrnJLQlrQ36fKUpInfs8VeFUe/IPYnRKaXiB85uIWOaGiDch3DoWYFeW9UV2+zg1W19+TU0zvFADvMUcRemnjIHUnj2VpLZ7xrKYGiWUVAdkoCIHO79YZJLsEAUpRDbcGdOMreeR9PbKfo7ZI8dAWnTpoNg5rJcELX7kFtgIsCsMULn1dXngtYOqfOjxZGeW3Tfa29TTctDfIfrv1M6uNZNKMg1Jm9DmGQ455vJS2IG55ni07+/BbGwGPFmP3WhqF8HgykZ69Nk5pCCTVzU4q8qcHPy25HNfY=
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB356555F1E8EC8412C85CD0B0D8EC0MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 9e7ad6b9-5044-45dd-503e-08d6ef1c0a81
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jun 2019 09:55:03.2904 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pthubert@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3950
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/foP80MdcioJExxsy9blOnX89NUY>
Subject: [6tisch] shepherd review of draft-ietf-6tisch-minimal-security
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2019 09:55:11 -0000

Dear authors;

As part of shepherding the draft for publication, please find review comments below:

Very well written draft altogether! A few things still:



Section 4.2:

"                 The pledge MAY perform the Neighbor

   Solicitation / Neighbor Advertisement exchange with the JP, as per

   Section 5.5.1 of [RFC6775]<https://tools.ietf.org/html/rfc6775#section-5.5.1>.

"


This reference is outdated. I suggest referring to section 5.6.  of [RFC8505].



Section 6:

Again a ref to RFC 6775. In  a general manner please use RFC 8505.



   "The JRC can be co-located on the 6LBR.  In this special case, the

   IPv6 address of the JRC can be omitted from the Join Response message

   for space optimization.  The 6LBR then MUST set the DODAGID field in

   the RPL DIOs [RFC6550<https://tools.ietf.org/html/rfc6550>] to its IPv6 address.  The pledge learns the

   address of the JRC once joined and upon the reception of the first

   RPL DIO message, and uses it to operate as a JP."

Note that the expectation is that the 6LBR is the RPL root as suggested in the 6TiSCH architecture.
When they are not the same box I expect the all the text about 6LBR throughout this doc is really about the RPL root.
This should be indicated somewhere.



Section 6.1:
There are a number of SHOULD there, but no explanation of what happens if the SHOULD is not respected.
Maybe a sentence that says that the SHOULDs are about protecting the network against the threats discussed in the section and that failing to follow the recommendation may create congestion and more sensitivity to attacks?


Otherwise all good for me!

Pascal

v2.23.0 | Report a Bug | By Email