Re: [6tisch] Intelligent JP / validating the MASA
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Thu, 22 August 2019 11:34 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DD3512081E for <6tisch@ietfa.amsl.com>; Thu, 22 Aug 2019 04:34:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Y3eT+VqC; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=xyy1iH5U
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s_vQPpJ2Ej27 for <6tisch@ietfa.amsl.com>; Thu, 22 Aug 2019 04:34:32 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DC0E120026 for <6tisch@ietf.org>; Thu, 22 Aug 2019 04:34:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12501; q=dns/txt; s=iport; t=1566473672; x=1567683272; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=/EXv9sGhiyuPE7MuHOw3X4aT2OI2pjPFMEs8+ukrWBk=; b=Y3eT+VqCip4k7HCX4hlRXIGx5fDNfMaU4NRjx4EAA1neIqKZomYUJwoV EaLAp0Xlwca755JnE3Smu/uRWHcCDSLwRiB0l6T2EzGteRmB5y2Wly4HM WY0U3bkoAJJ9Yxlu7p0/5G1Zv1H96bK0LAUu//Ek0CqeSidvyjkVPCnEp Y=;
IronPort-PHdr: 9a23:6EyNfh8T30VRrP9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+8ZR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUERoMiMEYhQslVdaZCVDxIeT2Ryc7B89FElRi+iLzPA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AaAACMfF5d/4MNJK1kGgEBAQEBAgEBAQEHAgEBAQGBVQMBAQEBCwGBFS8kLAOBQiAECyoKhBaDRwOKaII3JZMLhFuBLhSBEANUCQEBAQwBAS0CAQGEPwIXgkgjNgcOAgkBAQQBAQECAQYEbYUnDIVLAQEBAgESER0BATcBBAsCAQgSLQMCAgIwFAMOAQEEDgUigwCBHk0DDg8BAgGeUgKBOIhhc4EygnsBAQWFFxiCFgmBNAGEeIQsgkkYgUA/gREnDBOCTD6EDINDMoImjC+CaIUPlzQJAoIdjXiGQhuYSaVsAgQCBAUCDgEBBYFXCyaBWHAVZQGCQYJCg3KKU3KBKYh2K4EEAYEgAQE
X-IronPort-AV: E=Sophos;i="5.64,416,1559520000"; d="scan'208,217";a="316189181"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Aug 2019 11:34:31 +0000
Received: from XCH-RCD-015.cisco.com (xch-rcd-015.cisco.com [173.37.102.25]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x7MBYVDY013137 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 22 Aug 2019 11:34:31 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-RCD-015.cisco.com (173.37.102.25) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 22 Aug 2019 06:34:30 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 22 Aug 2019 06:34:29 -0500
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 22 Aug 2019 07:34:29 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gX98F155h+oPPWk+ZEjHlqCdmKYVZFPoh/JxfI4KXOJEsxwJCQ3BUmYRLToZXWZ/pNkq13PYVNNqVtkx4FskfX427L6W4KZ+fzKh8z7wgYwZrZSknRHRiYeKZo7MJTlxH0XvnTtaZ5JXuFcWOGReyy1Ax5cIB49KKk6JjxRCrxCH+0qrPA+djclLNgQmB9PlFeAy+Gq/ZnK+jLAeiAs5gxVkn4z47vRtNNZ0Nr6dJHijA/0aaF/5CBvxoFNLbu1q1C2Y2LAxBadVzZMse0J7QN1c/w0m+L/EO+/FtgXK2AwaM3rpLPePnCiBYCt3hF9TqoBXRtKRAYPcGidzJb3csw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/EXv9sGhiyuPE7MuHOw3X4aT2OI2pjPFMEs8+ukrWBk=; b=SgPg7kBl1pCCRjuboCLH91MW0R5gp0ROxXPHnqWstDHV+kC2kAm8LTkzupV77yDXyRvACZK68tv2ZDVm14GlmIdaBybU90uh9v8nf1/rNi0g8qcXgJkzDaOEPme2nxWVmjsk1qImPvNRHHn5CfHNn6u0y/3urCl0mUhsmOTcix1LZ1r5clIBQRrlGacP1tUj6OV4kWHuuC+4k/SV6AF7y2XQlcw5V6liWf0ODgukrPqJMS+u733ATd8OyTAT8sLbAMyNoRkMtPDidygvCF7i0WjGSRjv5PNQHp7G5MYhWhAiRGWlhnrg9m/CkgHuvKrKzbi3THrT/yg3PBFLCJm50A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/EXv9sGhiyuPE7MuHOw3X4aT2OI2pjPFMEs8+ukrWBk=; b=xyy1iH5UJCas4a8BMEOXd8/v6Iq4hyVxWF9kkB6azPpiotl6692/SGB89R9mWZipGPgYzgQYLrj4zhsyh882M0s9/QT2dyWz2PRJTmDMV+sEy5JxEFO4pcFI5bh+sBMsm+dOUtXfpwG2XTxXaZeUjNCdQp0s4klXm7MMFruujY8=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4352.namprd11.prod.outlook.com (52.135.38.94) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.16; Thu, 22 Aug 2019 11:34:28 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::89cf:9d:8a75:266e]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::89cf:9d:8a75:266e%3]) with mapi id 15.20.2178.018; Thu, 22 Aug 2019 11:34:28 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Mališa Vučinić <malisa.vucinic@inria.fr>
CC: Benjamin Kaduk <kaduk@mit.edu>, Tero Kivinen <kivinen@iki.fi>, Michael Richardson <mcr+ietf@sandelman.ca>, "6tisch@ietf.org" <6tisch@ietf.org>
Thread-Topic: Intelligent JP / validating the MASA
Thread-Index: AdVXcq2WhsWuyF3LQK+d3r69CIYQ2wBX2JKAAALfqIc=
Date: Thu, 22 Aug 2019 11:34:28 +0000
Message-ID: <70982E11-9DD0-4239-9DBD-061BDB5E834B@cisco.com>
References: <MN2PR11MB356593FEE789835AC61E7589D8AB0@MN2PR11MB3565.namprd11.prod.outlook.com>, <92FD98F1-B503-4549-B940-9426C5B4841B@inria.fr>
In-Reply-To: <92FD98F1-B503-4549-B940-9426C5B4841B@inria.fr>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [84.14.139.6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c3c733ec-fb80-4a86-2cc4-08d726f4b126
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600166)(711020)(4605104)(1401327)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MN2PR11MB4352;
x-ms-traffictypediagnostic: MN2PR11MB4352:
x-microsoft-antispam-prvs: <MN2PR11MB435236366E9046376CD17764D8A50@MN2PR11MB4352.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01371B902F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(376002)(366004)(39860400002)(136003)(396003)(199004)(43544003)(189003)(66066001)(8676002)(55236004)(33656002)(36756003)(81166006)(81156014)(446003)(316002)(2906002)(11346002)(8936002)(2616005)(71190400001)(476003)(71200400001)(66556008)(25786009)(64756008)(3846002)(66476007)(6116002)(229853002)(6512007)(54896002)(66446008)(14454004)(6436002)(76116006)(66946007)(91956017)(236005)(53546011)(6916009)(486006)(6506007)(5660300002)(54906003)(86362001)(53936002)(99286004)(186003)(26005)(4326008)(14444005)(7736002)(478600001)(66574012)(76176011)(102836004)(6246003)(6486002)(256004)(244885003); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4352; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: mAuqV3sXDX9IOeCCs2USKr/4jFfMcTLrwb75b4NCrTncZxbAa131XmC2GaEu6VmXxHzB8nN2yayLm4uYW2iABuEy8ma7eFSvH6NrBBNMJ5AfReT81yNBoyGmqN+0341dqDpkIP1tVx+4bZCeFYzxobX13s0ApbhojmoTZ2MTBjjIC6FtuNAJhACajx1sVck708mlRIzOJnU2bKDRtjWkQlPWWR2SC5u4B+4Bc6yVpmyzp4R+guGaUM2am1ixPDK9Cs3OO0H44B2ck1JOklFnF9ilGaJ2zCymRUh95AyKBMJfS72VtYVStEgEQ7B4WmKxg4Rnle0t8IWNweO7GE3yzPt7hBrFulT1SFfECvX7PfPR5ENeoLqisCIUBEm8wsIe2m8UvZcrgl23WWsk2WcE8eGPPtuWhZrgCbS/Ej7L8fk=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_70982E119DD042399DBD061BDB5E834Bciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c3c733ec-fb80-4a86-2cc4-08d726f4b126
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Aug 2019 11:34:28.0360 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: AIO5ZOLRImWvRw32Nm1LOancY6VSduoiDrHUO0/76XbiYuy6eg1kFfGidx++6W9CReT8R7bQRjLGiUL2WAb/1w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4352
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.25, xch-rcd-015.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/oQXjCHVa0u04fWiRw1PeeOzpaBk>
Subject: Re: [6tisch] Intelligent JP / validating the MASA
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Aug 2019 11:34:34 -0000
Many thanks Malisa I agree but I’m not sure it’s just that. I’m reading a question of possibility multiple JRC whereby the pledge would indicate which JRC to use and possibly leverage that for an attack on anyone outside. For all I know the knowledge of the JRC is in the root, and it’s not provided by the pledge. So that problem does not exist. The network is so slow that it can hardly be used to DoS the outside. The mechanism you describe is mostly there to protect the network itself starting with the JP. I tend to agree with Michael that we have enough text in the Architecture and that a normative Reference to minimal security and a pointer to its security section have us covered. Regards, Pascal Le 22 août 2019 à 12:12, Mališa Vučinić <malisa.vucinic@inria.fr<mailto:malisa.vucinic@inria.fr>> a écrit : Hello Pascal, The issue that Ben outlines was solved through two separate mechanisms that are detailed in draft-ietf-6tisch-minimal-security: 1) The traffic that JP redirects into the network on behalf of unauthenticated pledges is tagged using IPv6 DSCP such that it can be distinguished from the legitimate network traffic. This allows e.g. the 6tisch scheduling function to explicitly ignore the unauthenticated traffic when adapting link resources to traffic requirements. This is detailed in Section 6.1 of draft-ietf-6tisch-minimal-security. 2) The use of the CoJP “join_rate” parameter that allows the JRC to set the rate at which each JP in the network forwards the unauthenticated traffic. This mechanism serves as the bandwidth cap for the unauthenticated traffic before it is being forwarded into the network. The details are in Section 8.4.2 of draft-ietf-6tisch-minimal-security, and there is also a paragraph in the Security Considerations detailing the issue. Mališa On 20 Aug 2019, at 18:20, Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>> wrote: Dear all: I’m looking for a consensus on how to address the following review comment on the 6TiSCH Architecture by Benjamin: > I'd like to see some discussion somewhere that the Join Proxy needs to take care > to not be an open redirector by which an unauthenticated pledge can attack > arbitrary network elements (whether within the LLN or on the broader > network), e.g., by performing some validation on the claimed MASA identifier. > Similarly, that the JRC will be exposed to lots of untrusted input and needs to be > implemented in an especially robust manner. Then again I’d like to discuss the split of what goes in the architecture and what goes in Minimal security or elsewhere. What do you think? Pascal
- [6tisch] Intelligent JP / validating the MASA Pascal Thubert (pthubert)
- Re: [6tisch] Intelligent JP / validating the MASA Michael Richardson
- Re: [6tisch] Intelligent JP / validating the MASA Michael Richardson
- Re: [6tisch] Intelligent JP / validating the MASA Mališa Vučinić
- Re: [6tisch] Intelligent JP / validating the MASA Pascal Thubert (pthubert)
- Re: [6tisch] Intelligent JP / validating the MASA Michael Richardson
- Re: [6tisch] Intelligent JP / validating the MASA Benjamin Kaduk
- Re: [6tisch] Intelligent JP / validating the MASA Pascal Thubert (pthubert)