Re: [6tisch] Éric Vyncke's No Objection on draft-ietf-6tisch-minimal-security-13: (with COMMENT)

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Fri, 08 November 2019 12:26 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1C60120086; Fri, 8 Nov 2019 04:26:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Z7WHvjL3; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=qFI/cT4W
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q0gy06hgfCy6; Fri, 8 Nov 2019 04:26:13 -0800 (PST)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E35512007C; Fri, 8 Nov 2019 04:26:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=22427; q=dns/txt; s=iport; t=1573215973; x=1574425573; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=KQLchNMdAMEMT1WKnCVnpR40M/SRE2KoLJcQsFf9UaE=; b=Z7WHvjL3edefzjMbB2nHMWQnzOhQcqqZBGGWQqmCLUhT7GOpAylTZ/xp 6jHo3OK76y9MTLChQCAHqC4t6b2D/+5vAgt41kH9UUdSa7qBWVgSWlL5e ntColFJ04Ug5chhKNDh+Pbc4XBg3eRv/URizkGReYRm2rk7fl/UVT0ZJE 8=;
IronPort-PHdr: =?us-ascii?q?9a23=3Ail2ENhFiWRYPb1B+MNyp1Z1GYnJ96bzpIg4Y7I?= =?us-ascii?q?YmgLtSc6Oluo7vJ1Hb+e4z1A3SRYuO7fVChqKWqK3mVWEaqbe5+HEZON0pNV?= =?us-ascii?q?cejNkO2QkpAcqLE0r+efP0fioxH8lqX15+9Hb9Ok9QS47z?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C3AAA+XsVd/4gNJK1kGgEBAQEBAQE?= =?us-ascii?q?BAQMBAQEBEQEBAQICAQEBAYF+gRwvUAVsWCAECyqEKYNGA4sCgjklkxyEYoF?= =?us-ascii?q?CgRADVAkBAQEMAQEnBgIBAYRAAheDdyQ4EwIDCwEBBAEBAQIBBQRthTcMhVE?= =?us-ascii?q?BAQEBAxIRHQEBNwEPAgEIEQMBAigDAgICMBQGAwgCBA4FIoMAAYF5TQMuAQ6?= =?us-ascii?q?nHQKBOIhgdYEygn4BAQWBNAEDAg5BgwMYghcDBoE2jBQYgUA/gREnDBOCTD6?= =?us-ascii?q?CYgIBAQEBFoEPBQESAT8NCYJaMoIsjQAkgjA3hUKXXGgKgiSHF4ofhA4bgjy?= =?us-ascii?q?HYQWEMIsjg0aTNpE8AgQCBAUCDgEBBYFpImdYEQhwFWUBgkFQERSQNjiDO4U?= =?us-ascii?q?UhT90AQuBHI1PgjEBAQ?=
X-IronPort-AV: E=Sophos;i="5.68,281,1569283200"; d="scan'208,217";a="662128839"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Nov 2019 12:26:12 +0000
Received: from xch-rcd-011.cisco.com (xch-rcd-011.cisco.com [173.37.102.21]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id xA8CQBdC014715 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 8 Nov 2019 12:26:11 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-011.cisco.com (173.37.102.21) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 8 Nov 2019 06:26:11 -0600
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 8 Nov 2019 07:26:10 -0500
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 8 Nov 2019 06:26:09 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jCyW79lE/3oTKhylxnTKlkat0KqWmk+aJE7ENfIfLJEoSSs1rzMRY6LYDkY6IHESa9GdjmbgDlEdU/x+SpHpsZz5MRz3CguSyZzWU9W3hOdwtj8BKExEyLGhplV3NPtFj4x2kA1tXyn6lMjYiiI68WswatcuDMtNW6PkFn2sin3X56mgFRqbSGyKDn8ufTATPM3RBewHt1sl0HwWqe5X0AcQ1eSvjMRYZnfY+M8eUWUucSWW8EMF8ff9SyfewLbv6JmWL56uajucYf8yIpaOmU0Jb1sc8LlHDPf6Sm316xk6jyrU0tIUG3ru2d2FzKFI8AxXcqMqd36rDUC5ja3aOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KQLchNMdAMEMT1WKnCVnpR40M/SRE2KoLJcQsFf9UaE=; b=hdggepTfSkcf+6DvwJqOHQMMxPAxc1KMqQ6FXPysakz4P0W+9Df8pnUl6i4ZtnRM0PPbmoeghiKK0zJARNYv8a9dkaFa56LnPC9DszmKBy7Kdb2agCTxXgAFCzRP+5EYFvTwCn33GVKYvV8gqfwdS2qYhXsEvQnwhC0BsuTcWBq4iLLB7yI1v2nRdwMKX9Aj5APZO2la91M+YKT91VeS+RECWfBqES9Z70xn1jcag2mQO4fXlOlAZt2sPZwz6mFJfw4IJvfvv+bTLz4CWPyBLOyLKLABiNPF5pgNarJ7RfYped7Lhu0ymvaC/2EL8v1ydNGZmRtKs75ZUkavwKehhg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KQLchNMdAMEMT1WKnCVnpR40M/SRE2KoLJcQsFf9UaE=; b=qFI/cT4W8qIONTUrKRfXHbq7dFpfBFEDa+KQ4pQ3yLtW6O/Pj201BQbXGAvRAmlOz7pElIaNmwwmNi4vNQy0Ck4dOwoZPP+2QGqhyzeiWOvFr2F+Ob/cfzoaMyGK0pFIHsY72+y4BQkNA/LuwZ68X6260ZkQ5hTr/b9EAtVg8/8=
Received: from DM5PR11MB1753.namprd11.prod.outlook.com (10.175.88.141) by DM5PR11MB2011.namprd11.prod.outlook.com (10.168.105.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.20; Fri, 8 Nov 2019 12:26:09 +0000
Received: from DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::c1f1:d33a:2203:5a39]) by DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::c1f1:d33a:2203:5a39%7]) with mapi id 15.20.2408.028; Fri, 8 Nov 2019 12:26:09 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: =?utf-8?B?TWFsacWhYSBWdcSNaW5pxIc=?= <malisa.vucinic@inria.fr>
CC: The IESG <iesg@ietf.org>, 6tisch-chairs <6tisch-chairs@ietf.org>, "Pascal Thubert (pthubert)" <pthubert@cisco.com>, "draft-ietf-6tisch-minimal-security@ietf.org" <draft-ietf-6tisch-minimal-security@ietf.org>, "6tisch@ietf.org" <6tisch@ietf.org>
Thread-Topic: =?utf-8?B?WzZ0aXNjaF0gw4lyaWMgVnluY2tlJ3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0?= =?utf-8?B?LWlldGYtNnRpc2NoLW1pbmltYWwtc2VjdXJpdHktMTM6ICh3aXRoIENPTU1F?= =?utf-8?Q?NT)?=
Thread-Index: AQHVlYezaFgze3SEO0qH6aIOIp/+O6eBRRkA
Date: Fri, 8 Nov 2019 12:26:09 +0000
Message-ID: <B8E17170-1597-4EC2-B866-4E8DBC702275@cisco.com>
References: <157251627883.30451.13074753596662856513.idtracker@ietfa.amsl.com> <339D4935-03C8-4162-A226-8A11F3047E78@inria.fr>
In-Reply-To: <339D4935-03C8-4162-A226-8A11F3047E78@inria.fr>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [2001:420:c0c1:36:19c1:42a4:4110:be79]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e0d8f519-e9b9-4245-944e-08d76446d5a3
x-ms-traffictypediagnostic: DM5PR11MB2011:
x-ms-exchange-purlcount: 3
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM5PR11MB2011A350095699FDDC4012BBA97B0@DM5PR11MB2011.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0215D7173F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(396003)(39860400002)(136003)(366004)(346002)(189003)(199004)(6436002)(33656002)(46003)(76176011)(224303003)(256004)(186003)(86362001)(6506007)(53546011)(446003)(71190400001)(6116002)(71200400001)(58126008)(81156014)(102836004)(14444005)(606006)(2906002)(54906003)(81166006)(316002)(99286004)(7110500001)(6916009)(25786009)(5660300002)(54896002)(6306002)(2420400007)(478600001)(229853002)(6512007)(15650500001)(236005)(66574012)(76116006)(66946007)(8936002)(91956017)(66476007)(64756008)(14454004)(966005)(66446008)(66556008)(6246003)(2616005)(476003)(36756003)(7736002)(21615005)(486006)(6486002)(11346002)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR11MB2011; H:DM5PR11MB1753.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: o2e4YFh6eUxOpPqWcgf0xs7dJgKCOwiPPPNo+d/TXNdUnQYpz8bHY6R9RGuhVdRtM31mremhTQsTCypnyPybfeoAvsic5XmqR7lj9m4CljQs+Tic3t0CJ+UBMzSUQbRhBHrFcT1XVkAimWRU8DcK7GnKMMtCSWc4O4WKd6ED4rpXhsBKG4Wicsz4pDOiiAh6RzcrO8BnX4LnvPsZ8xiCtmy0U39EGCHE8sYypGYEvlOG2vamzyLKTsSltXatOkAYfViMV2jAA+SXPyotQ88OetRPEsW3QqQj6czNYIk/5XIUbpjDI5jn2s747V1vHeUdfsQ5WX8qR6+4wBGKamgBfn0mSoAqQDn0azbSBA6oD5v0OeWl1lNp/SzfwCMd+GxiT/1EqnTD9RkFdJdQjBrSegWy9kdJMy9NGMA32PPo1oKJvFk5XW33eukJ3bRwHOXSHbxYi1/aCIje5nS7uy2XneE/Lv9LXkbyDhLDJuri20Y=
Content-Type: multipart/alternative; boundary="_000_B8E1717015974EC2B8664E8DBC702275ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e0d8f519-e9b9-4245-944e-08d76446d5a3
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Nov 2019 12:26:09.0370 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ElBtZSDJxat0NrOsZWPb4ORgZ75Zxf9EuxykxDtE+ekn4nczfpwaGWGjlY8Yb/JePHCNTdi+6Jv9n2UIiLQxow==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB2011
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.21, xch-rcd-011.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/lv9akTRDv7yqQIESe8LyqJbkWRI>
Subject: Re: [6tisch] =?utf-8?q?=C3=89ric_Vyncke=27s_No_Objection_on_draft-ie?= =?utf-8?q?tf-6tisch-minimal-security-13=3A_=28with_COMMENT=29?=
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2019 12:26:16 -0000

Mališa thank you for replying to my comments. I appreciate it.

And thank you and the authors for your work

-éric

From: Mališa Vučinić <malisa.vucinic@inria.fr>
Date: Thursday, 7 November 2019 at 17:23
To: Eric Vyncke <evyncke@cisco.com>
Cc: The IESG <iesg@ietf.org>rg>, 6tisch-chairs <6tisch-chairs@ietf.org>rg>, Pascal Thubert <pthubert@cisco.com>om>, "draft-ietf-6tisch-minimal-security@ietf.org" <draft-ietf-6tisch-minimal-security@ietf.org>rg>, "6tisch@ietf.org" <6tisch@ietf.org>
Subject: Re: [6tisch] Éric Vyncke's No Objection on draft-ietf-6tisch-minimal-security-13: (with COMMENT)

Dear Éric,

Many thanks for your review. You can find the responses to your comments inline and the overall diff following your review at:

https://bitbucket.org/6tisch/draft-ietf-6tisch-minimal-security/commits/8e04a2e442cca81c18809b5d6e88ed0d01d012ea?at=minimal-security-14

Mališa


On 31 Oct 2019, at 11:04, Éric Vyncke via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote:

Éric Vyncke has entered the following ballot position for
draft-ietf-6tisch-minimal-security-13: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-6tisch-minimal-security/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you for the work put into this document. The document is easy to read. I
have a couple of comments and nits. Feel free to ignore all of them.

Regards,

-éric

== COMMENTS ==

-- Section 1 --
Please add reference to IEEE Std 802.15.4 at first mention.

done



-- Section 1 --
It is unclear in this section whether the PSK is per pledge (then hitting a
scalability issue) or shared by all pledge (then having huge security risk).
Section 3 is clearer on this but the reader would benefit by knowing this in
section 1.

-The configuration defined in this document assumes that the pledge and the JRC share a secret cryptographic key, called PSK (pre-shared key).
+The configuration defined in this document assumes that the pledge and the JRC share a unique symmetric cryptographic key, called PSK (pre-shared key).


-- Section 2 --
Please consider not using "secret key" and "symmetric key" interchangeably. Esp
as "secret key" is often used in the context of asymmetric key.

I made the change throughout the document to use the term “symmetric key” exclusively.




-- Section 3 --
Unsure whether the text about provisionning "Physically, ..." brings anything
useful.

If there is no strong opinion here, I left this text for now as in our opinion it gives an idea to the reader on how the provisioning can be done.



-- Section 3 --
Please add references to DHCPv6, GRASP, mDNS.

done



-- Section 4.2 --
It is unclear whether duplicate address detection should be done.

Section 5.6 of RFC8505 that we reference is clear on this that DAD needs not be done for link-local addresses. I added the following sentence to clarify this in our draft:

+As per {{RFC8505}}, there is no need to perform duplicate address detection for the link-local address.



== NITS ==

-- Section 4 --
Please expand L2 at first mention.

done


-- Section 6.1.2 --
I am not a native English speaker but I wonder whether the word 'convergecast'
is well-known.

rephrased to avoid the use of the term “convergecast”.

-Due to the convergecast nature of the DODAG, the 6LBR links are often the most congested, and from that point down there is progressively less (or equal) congestion.
+The 6LBR links are often the most congested within a DODAG, and from that point down there is progressively less (or equal) congestion.