[6tisch] Thomas' review of draft-richardson-6tisch-roll-enrollment-priority-00

[Thomas Watteyne <thomas.watteyne@inria.fr>]

[co-chair hat off]

This review is linked to the one I did for
draft-richardson-6tisch-enrollment-enhanced-beacon-00
(https://www.ietf.org/mail-archive/web/6tisch/current/msg05767.html) as the
drafts are linked.

The draft is short (great), and easy to read.

My comments about  draft-richardson-6tisch-enrollment-enhanced-beacon-00 apply
here as well, i.e. the former document should much better describe what it
is trying to achieve, and why.
draft-richardson-6tisch-roll-enrollment-priority-00
is almost a technical annex ("and here is how to propagate the
configuration using RPL"), and IMO should be kept as short as possible,
referring to  draft-richardson-6tisch-enrollment-enhanced-beacon-00  for
any type of discussion.

There seems to be a mismatch between the two drafts, however.
draft-richardson-6tisch-enrollment-enhanced-beacon-00  defines 3 priority
fields (pan priority, proxy priority, rank priority), carried in a new IE
in the EB. draft-richardson-6tisch-roll-enrollment-priority-00 starts by
saying it defines a way to set those priorities using RPL, but in Section 2
it turns out that it defines a way to propagate something that becomes the
value of the "join priority" field in the EB base header.

Of course, this discrepancy needs to be resolved, but these are just
editorial mechanics. The much more important discussion we need to have is
regarding the policy that these two drafts allow: how are those 4 prioritie
supposed to be used, and why is that needed? Only when we have come to a
consensus that it is importnat to solve should be talk about the editorial
work on the drafts.

Below, my detailed inline comments.

Thomas

===

6lo Working Group                                          M. Richardson
TW> 6lo or 6tisch?
Internet-Draft                                  Sandelman Software Works
Intended status: Informational                         February 02, 2018
Expires: August 6, 2018


           Enabling secure network enrollment in RPL networks
          draft-richardson-6tisch-roll-enrollment-priority-00

Abstract

   [I-D.richardson-6tisch-join-enhanced-beacon]
TW> replace by draft-richardson-6tisch-enrollment-enhanced-beacon
TW> (repeat throughout this draft)
   defines a method by
   which a potential [I-D.ietf-6tisch-minimal-security]
TW> word missing? "node"?
   can announce
   itself as a
TW> remove "a"
   available for new Pledges to Join a network.  The
   announcement includes a priority for join
TW> please rephrase, which priority do you mean exactly? One of the 3? all?
   .  This document provides a
   mechanism by which a RPL DODAG root can disable join announcements,
TW> what is a join announcement? sending EBs?
   or adjust the base priority for join operation.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 6, 2018.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of




Richardson               Expires August 6, 2018                 [Page 1]
Internet-Draft                 J-Pref DIO                  February 2018


   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Protocol Definition . . . . . . . . . . . . . . . . . . . . .   3
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   4.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .   4
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   4
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   4
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   5
   Appendix A.  Change history . . . . . . . . . . . . . . . . . . .   6
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   6

1.  Introduction

   [RFC7554] describes the use of the time-slotted channel hopping
   (TSCH) mode of [ieee802154].  [I-D.ietf-6tisch-minimal-security] and
   [I-D.ietf-6tisch-dtsecurity-secure-join] describe mechanisms by which
   a new node (the "pledge)"
TW> " at the wrong place
    can use a friendly router as a Join Proxy.
   [I-D.richardson-6tisch-join-enhanced-beacon] describes an extension
   to the 802.15.4 Enhanced Beacon
TW> not really, it defines a new IE
    that is used by a Join Proxy to
   announce its existence such that Pledges can find them.

   It has become clear that not every routing member of the mesh ought
   to announce itself as a Join Proxy.  There are a variety of local
   reasons by which a
TW> an
    6LR might not want to provide the Join Proxy
   function.  They include available battery power, already committed
   network bandwidth, and also total available memory available for Join
   proxy neighbor cache slots.

   There are other situations where the operator of the network would
   like to selective enable or disable the join process in a particular
   DODAG.

   As the join process involves permitting unencrypted traffic into the
   best effort part of a (TSCH) network, it would be better to have the
   join process off when no new nodes are expected.

   A network operator might also be able to recognize when certain parts
   of the network are overloaded and can not accomodate
TW> accommodate
    additional join
   traffic, and it would like to adjust the join priority among all
   nodes in the subtree of a congested link.




Richardson               Expires August 6, 2018                 [Page 2]
Internet-Draft                 J-Pref DIO                  February 2018


   This document describes an RPL DIO option that can be used to
   announce a minimum join priority.
TW> I'm confused about the term "join priority". There are now 4
TW> called priority:
TW>   - the "join priority" in the EB
TW>   - the "pan priority" in richardson-6tisch-join-enhanced-beacon
TW>   - the "proxy priority" in richardson-6tisch-join-enhanced-beacon
TW>   - the "rank priority" in richardson-6tisch-join-enhanced-beacon
TW> which one are you concerned with? In general, I would recommend
TW> to be as specific as possible, right from the abstract/intro of
TW draft. This makes shorter, to the point, easier to read docs.

1.1.  Terminology

   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
   and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119
   [RFC2119] and indicate requirement levels for compliant STuPiD
   implementations.

   In addition, the terminology of [I-D.ietf-6tisch-terminology] and
   from [I-D.ietf-anima-voucher] are used.
TW> why "in addition"? I would drop that statement.

2.  Protocol Definition

   The following option is defined to transmission
TW> to be transmitted?
   in the DIO issued by
   the DODAG root.  It may also be added by a router
TW> add "to the DIOs it generates"
   on part of the sub-
   tree
TW> The concept of sub-tree introduces confusion at this point IMO.
TW> I would just talk aobut a node adding the option to its DIOs.
   as a result of some (out of scope for this document) management
   function.

   6LRs that see this DIO Option
TW> option (casing)
   SHOULD increment the minimum priority
   if they observe congestion on the channel used for join traffic.
   (TODO: how much?  Do we need to standardize this?)
TW> at this point in the text, the "minimum priority" isn't defined.
TW> move this paragraph lower, i.e. start by introducing the format,
TW> then discuss how it is used?

   A 6LR which would otherwise be willing to act as a Join Proxy, will
   examine the minimum priority field, and to that number, add any
   additional local consideration (such as upstream congestion).  The
   resulting priority, if less than 0x7f should enable the Join Proxy
   function.

       0                   1                   2
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |   Type = TBD01|Opt Length = 1|R| min. priority  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   min.priority  a 7 bit field which provides a base value for the
      Enhanced Beacon Join priority.  A value of 0x7f (127) disables the
      Join Proxy function entirely.
TW> hmm, OK. So now you're saying this is used for the join priority in
TW> the EB. But that has nothing to do with \
TW> draft-richardson-6tisch-enrollment-enhanced-beacon

   R  a reserved bit that SHOULD be set to 0 by senders, and MUST be
      ignored by receivers.  The reserved bit SHOULD be copied to
      options created.







Richardson               Expires August 6, 2018                 [Page 3]
Internet-Draft                 J-Pref DIO                  February 2018


3.  Security Considerations

   As per [RFC7416], RPL control frames either run over a secured layer
   2, or use the [RFC6550] Secure DIO methods.  This option can be
   placed into either a "clear" (layer-2 secured) DIO, or a layer-3
   Secure DIO.  As such this option will have both integrity and
   confidentiality mechanisms applied to it.

   A malicious node (that was part of the RPL control plane) could see
   these options and could, based upon the observed minimal join
   priority signal a confederate that it was a good time to send
   malicious join traffic.

   A malicious node (that was part of the RPL control plane) could also
   send DIOs with a different minimal join priority which would cause
   downstream mesh routers to change their Join Proxy behaviour.  Lower
   minimal priorities would cause downstream nodes to accept more
   pledges than the network was expecting, and higher minimal priorities
   cause the join process to stall.

   The use of layer-2 or layer-3 security for RPL control messages
   prevents the above two attacks.

4.  Privacy Considerations

   There are no new privacy issues caused by this extension.

5.  IANA Considerations

   Allocate a new number TBD01 from Registry RPL Control Message
   Options.  This entry should be called Minimum Join Priority.

6.  Acknowledgements
TW> Acknowledgments

   none so far.
TW> I would replace by "TODO"

7.  References

7.1.  Normative References

   [I-D.ietf-6tisch-minimal-security]
              Vucinic, M., Simon, J., Pister, K., and M. Richardson,
              "Minimal Security Framework for 6TiSCH", draft-ietf-
              6tisch-minimal-security-04 (work in progress), October
              2017.






Richardson               Expires August 6, 2018                 [Page 4]
Internet-Draft                 J-Pref DIO                  February 2018


   [I-D.richardson-6tisch-join-enhanced-beacon]
              Dujovne, D. and M. Richardson, "IEEE802.15.4 Informational
              Element encapsulation of 6tisch Join Information", draft-
              richardson-6tisch-join-enhanced-beacon-03 (work in
              progress), January 2018.

   [ieee802154]
              IEEE Standard, ., "802.15.4-2015 - IEEE Standard for Low-
              Rate Wireless Personal Area Networks (WPANs)", 2015,
              <http://standards.ieee.org/findstds/
              standard/802.15.4-2015.html>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC6550]  Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J.,
              Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur,
              JP., and R. Alexander, "RPL: IPv6 Routing Protocol for
              Low-Power and Lossy Networks", RFC 6550,
              DOI 10.17487/RFC6550, March 2012,
              <https://www.rfc-editor.org/info/rfc6550>.

   [RFC7416]  Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A.,
              and M. Richardson, Ed., "A Security Threat Analysis for
              the Routing Protocol for Low-Power and Lossy Networks
              (RPLs)", RFC 7416, DOI 10.17487/RFC7416, January 2015,
              <https://www.rfc-editor.org/info/rfc7416>.

   [RFC7554]  Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using
              IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the
              Internet of Things (IoT): Problem Statement", RFC 7554,
              DOI 10.17487/RFC7554, May 2015,
              <https://www.rfc-editor.org/info/rfc7554>.

7.2.  Informative References

   [I-D.ietf-6tisch-architecture]
              Thubert, P., "An Architecture for IPv6 over the TSCH mode
              of IEEE 802.15.4", draft-ietf-6tisch-architecture-13 (work
              in progress), November 2017.

   [I-D.ietf-6tisch-dtsecurity-secure-join]
              Richardson, M., "6tisch Secure Join protocol", draft-ietf-
              6tisch-dtsecurity-secure-join-01 (work in progress),
              February 2017.




Richardson               Expires August 6, 2018                 [Page 5]
Internet-Draft                 J-Pref DIO                  February 2018


   [I-D.ietf-6tisch-terminology]
              Palattella, M., Thubert, P., Watteyne, T., and Q. Wang,
              "Terminology in IPv6 over the TSCH mode of IEEE
              802.15.4e", draft-ietf-6tisch-terminology-09 (work in
              progress), June 2017.

   [I-D.ietf-anima-voucher]
              Watsen, K., Richardson, M., Pritikin, M., and T. Eckert,
              "Voucher Profile for Bootstrapping Protocols", draft-ietf-
              anima-voucher-07 (work in progress), January 2018.

   [RFC8137]  Kivinen, T. and P. Kinney, "IEEE 802.15.4 Information
              Element for the IETF", RFC 8137, DOI 10.17487/RFC8137, May
              2017, <https://www.rfc-editor.org/info/rfc8137>.

Appendix A.  Change history
TW> add a marker (e.g. "[TEMPORARY]") which makes it clear this section
TW> will go

   version 00.

Author's Address

   Michael Richardson
   Sandelman Software Works

   Email: mcr+ietf@sandelman.ca


























Richardson               Expires August 6, 2018                 [Page 6]


-- 
________________________________________

Thomas Watteyne, PhD
Research Scientist & Innovator, Inria
Sr Networking Design Eng, Analog Devices
Founder & co-lead, UC Berkeley OpenWSN
Co-chair, IETF 6TiSCH

www.thomaswatteyne.com
________________________________________