IETF Logo Mail Archive

Re: [babel] WG Last Call for draft-ietf-babel-dtls-03

Dave Taht <dave.taht@gmail.com> Wed, 09 January 2019 21:40 UTC

Return-Path: <dave.taht@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEF45130FD4; Wed, 9 Jan 2019 13:40:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SY_D6fq7m4la; Wed, 9 Jan 2019 13:40:44 -0800 (PST)
Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE067130FCB; Wed, 9 Jan 2019 13:40:44 -0800 (PST)
Received: by mail-qt1-x82b.google.com with SMTP id l11so10102740qtp.0; Wed, 09 Jan 2019 13:40:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=rORUd+eHGgFNXTuN0tp95K2eilo804fQKUtEjf6QaeY=; b=dVj82Qa61m+AAPJcCtoy98jY7MVNKim66mROMbFkj8HEoJ4Bl+ZQD65p8KaA3ZseRM VnF1NL/HxnQ+WkvJZ+XbXrah4iBBpez54UiO+G/DghGdWo3bxbvitMN1DGwNIh4WX7Ro /DVIO7/dtVXo/5n9NoscL97GBwax0oC3SG5562vq0BXJldqoVvuHTBYThFxB/aMfuDin Ku7RdtqYwjLPUbzyewpeO6fclwlQW2qmWd8pV5gLcm/kJujY3ez5sEbU0e3C/eCJ0+m/ G1YEqYMKykRYbSihx70Yks7dfR3/+1tslQdZvKHVrACBj0TDhC+nbcFBHyGxrNzqdTA7 Lrvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=rORUd+eHGgFNXTuN0tp95K2eilo804fQKUtEjf6QaeY=; b=i4qIIgQDJ371wfOFji8jX4dwvAHM4nkIF8wLA2yGwDMYtNaV1DjbMwnTdKgAJSvsuU GEwTfJxeHcZShVpTvteSKjWwmeiV3VfosnrfUsd6aRfJlBbX0ZMD6CBIw2L4CPC85BUB eRqDDDcF33/0SRkMWE0Qk6zrhLZVUj1wUZB0WSLwiIXK/+yNksRF5fae85d5uD49iCeP lEC83LU4S7Flt4Q3kh0+U6XwCUWBpQ9thNHJbRa7cMdjY33NLeEjpJPMuAuvr8mEqVkM OagYYsRInixvJf/3kvQxo7sRCoWI00XFA3Bymrij/1NymWKgh/gdvNLrQSg3tUKWETtp yWaA==
X-Gm-Message-State: AJcUukdtAD+fNOJes12H7ySVzqBq1ykmZNrT8KqopLJ2SbV2qH48P1wx p1P1Ob9bUnkQUjYzA9DyFCVzuCY4orBHNQxjv94=
X-Google-Smtp-Source: ALg8bN6up4LELSrmIbaXstmxe5/imnAlsXxbTG7y4n8lO351tbHmJnORt6kGGKtIPNzdgxtQJQlM82hUfGH/iyYlyE4=
X-Received: by 2002:a0c:a402:: with SMTP id w2mr7501846qvw.129.1547070043747; Wed, 09 Jan 2019 13:40:43 -0800 (PST)
MIME-Version: 1.0
References: <CAF4+nEGcA11WSLQw9K9q2TskgkNdVFsCmGWdB99QLiquJ2cKog@mail.gmail.com> <CAC=54BLM3dHP--xnhc05k-FQBr56Rkb-G-PQXRV-xgH6XZPHRg@mail.gmail.com> <CAPDSy+4FgOE0GD=UZoO-HJv3DP4xPVXxUc6LeN9PmtrABviQ_Q@mail.gmail.com>
In-Reply-To: <CAPDSy+4FgOE0GD=UZoO-HJv3DP4xPVXxUc6LeN9PmtrABviQ_Q@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
Date: Wed, 09 Jan 2019 13:40:30 -0800
Message-ID: <CAA93jw4FAevFhRrqf8igoCudZt6+HKVxxBrGEaVLtRis3cNRxg@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: Antonin Décimo <antonin.decimo@gmail.com>, Donald Eastlake <d3e3e3@gmail.com>, draft-ietf-babel-dtls@ietf.org, babel-chairs <babel-chairs@ietf.org>, Babel at IETF <babel@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/W8WDILgyVhc46o236dngbHqOYXo>
Subject: Re: [babel] WG Last Call for draft-ietf-babel-dtls-03
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2019 21:40:47 -0000

well, I've been playing catchup on these drafts for a while and had
barely looked at this before now.

* As usual, I like having two interoperable implementations before
committing to a draft.

To me, this is unclear:

" When a Babel node
   discovers a new neighbor (generally by receiving an unencrypted
   multicast Babel packet), it compares the neighbour's IPv6 link-local
   address with its own, using network byte ordering.  If a node's
   address is lower than the recently discovered neighbor's address, it
   acts as a client and connects to the neighbor.  In other words, the
   node with the lowest address is the DTLS client for this pairwise
   relationship.  As an example, fe80::1:2 is considered lower than
   fe80::2:1."

A DTLS enabled node receiving that unencrypted multicast hello packet
(on the main babel port? on the dtls port?), is then supposed to try
contacting the other router on the DTLS port?

Recieving a hello from a lower numbered fe80 address means you wait
for the lower numbered fe80 address to initiate (so you send a hello
with or without an ihu?)

So a DOS attack is merely lots of hellos and a very slow DTLS
exchange? (what are the timeouts associated with a DTLS negotiation?)

In the HMAC draft there was a 300ms timeout suggested for some things.


On Wed, Jan 9, 2019 at 11:33 AM David Schinazi <dschinazi.ietf@gmail.com> wrote:
>
> (Stating the obvious, as co-author) I support publication.
>
> On Wed, Jan 9, 2019 at 10:30 AM Antonin Décimo <antonin.decimo@gmail.com> wrote:
>>
>> Hello Donald,
>>
>> I support publication.
>>
>> -- Antonin
>
> _______________________________________________
> babel mailing list
> babel@ietf.org
> https://www.ietf.org/mailman/listinfo/babel



--

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

v2.23.0 | Report a Bug | By Email