Re: [6tisch] Benjamin Kaduk's No Objection on draft-ietf-6tisch-enrollment-enhanced-beacon-13: (with COMMENT)

[Michael Richardson <mcr+ietf@sandelman.ca>]

Benjamin Kaduk via Datatracker <noreply@ietf.org> wrote:
    > ----------------------------------------------------------------------
    > COMMENT:
    > ----------------------------------------------------------------------

    > Where is PAN/PANID defined?  I did not find it in RFC 6550, 8180, or
    > draft-ietf-6tisch-architecture, nor in the RFC Editor's list
    > (https://www.rfc-editor.org/materials/abbrev.expansion.txt).

PAN/PANID is an IEEE thing, and I've added a reference and explanation:

          These are called Personal Area Networks (PAN).
          Each instance will have a separate Layer-2 security profile, and
          will be distinguished by a different PANID.

          The PANID is part of the {{ieee802154}} layer-2 header: it is a
          16-bit value which is chosen to be unique, and it contributes context to the
          layer-2 security.

          The PANID provides a context similar to the ESSID does in 802.11
          networking, and can be conceived of in a similar fashion as the
          802.3 ethernet VLAN tag in that it provides context for all layer-2
          addresses.

    > Section 1.3

    >    Although However, even in this case, a unicast RS may be transmitted
    > in response[RFC6775] reduces the amount of multicast necessary to do
    > address resolution via Neighbor Solicitation (NS) messages, it still
    > requires multicast of either RAs or RS.  This is an expensive

    > nits: two capitalized words in a row, also some further rewording is
    > needed (and maybe s/unicast RS/unicast RA/?).

fixed.

    > Section 2

    > We should probably say something about the 'res' bits being reserved,
    > set to zero, and ignored by recipients.

done.

    >       In most cases, every node sending a beacon will set this flag,
    > and in a typical mesh, this will be every single node.  When this bit
    > is not set, it indicates that this node may be under provisioned, or
    > may have no additional slots for additional nodes.  This could make
    > this node more interesting to an attacker.

    > nit: this phrasing suggests that the list is an exhaustive list of
    > reasons why the flag could be unset; I'd suggest "it might indicate"
    > instead.

agreed.

    >       This value MUST be ignored by pledges, it is to help enrolled
    > devices only to compare different connection points.

    > nit: comma splice.  Maybe also reword to "It is only to help enrolled
    > devices to compare different connection points"?

fixed.

    >       This field communicates an Interface ID bits that should be used
    > for this nodes' layer-3 address, if it should not be derived from

    > nit: singular/plural mistmatch in "an Interface ID bits" nit:
    > s/nodes'/node's/

done.

    >       the layer-2 address.  Communication with the Join Proxy occurs in
    > the clear, this field avoids the need for an additional service
    > discovery process for the case where the L3 address is not derived from
    > the L2 address.  An attacker will see both L2 and L3

    > nit: comma splice.  I'd also hyphenate "service-discovery".

fixed.

    >       once.  That is just a suggestion for a default algorithm: it may
    > be set in any convenience way that results in a non-identifing value.
    > In some LLNs where multiple PANIDs may lead to the same

    > nits: I suggest "Per [RFC6550], that is just a suggestion",
    > s/convenience/convenient/, and s/identifing/identifying/ (though what
    > exactly it is that is not being identified might be worth clarifying,
    > too).

network ID is new, it's not in RFC6550.
DODAGID is though.

    >       management device (the JRC), then a common value that is the same
    > across all PANs MUST be configured so that pledges that attempt to

    > nit: I think "all the PANs" is more appropriate, since we only care
    > about the ones that lead to the same JRC (and there may be other PANIDs
    > in play).

okay.

    >       enroll do not waste time attempting multiple times with the same
    > network that has multiple attachment points.

    > nit: I'd consider expanding (again) what is being attempted.

Rewritten to:

In some LLNs where multiple PANIDs may lead to the same management device
(the Join Registrar/Coordinator - JRC), then a common value that is the same across all the PANs MUST be
configured.
Pledges that see the same networkID will not waste time
attempting to enroll multiple times with the same network that when the network has multiple attachment points.


    >       If the network ID is derived as suggested, then it will an
    > opaque,

    > nit: s/will/will be/

okay

    >       seemingly random value, and will reveal nothing in of itself.  An

    > I suggest "will not directly reveal any information about the network".

edited.

    > Section 3

    >    The sensitivity of each field is describe within the description of
    > each field.

    > nit: s/describe/described/

    >    visible.  Encrypting the schedule does not prevent an attacker from
    > jamming, but rather increases the energy cost of doing that jamming.

    > Perhaps also the side effects/collateral damage of the jamming.

I'm not sure what you are saying/suggesting here.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-