Re: [dhcwg] [E] [Iot-directorate] Iotdir last call partial review of draft-ietf-dhc-mac-assign-06

"Chakrabarti, Samita" <samita.chakrabarti@verizon.com> Thu, 28 May 2020 16:45 UTC

Return-Path: <samita.chakrabarti@verizon.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C2AC3A0ED1 for <dhcwg@ietfa.amsl.com>; Thu, 28 May 2020 09:45:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=verizon.com header.b=opCxOKFB; dkim=pass (2048-bit key) header.d=verizon-com.20150623.gappssmtp.com header.b=JZI79awJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id liT-1gsFHdRI for <dhcwg@ietfa.amsl.com>; Thu, 28 May 2020 09:45:25 -0700 (PDT)
Received: from mx0a-0024a201.pphosted.com (mx0a-0024a201.pphosted.com [148.163.149.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50F9D3A0D19 for <dhcwg@ietf.org>; Thu, 28 May 2020 09:45:25 -0700 (PDT)
Received: from pps.filterd (m0114269.ppops.net [127.0.0.1]) by mx0a-0024a201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04SGfHQk013310 for <dhcwg@ietf.org>; Thu, 28 May 2020 12:45:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon.com; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : cc : content-type; s=corp; bh=nrby7t1jz352ABLUnPAmKm9FOIFehk4ml1Qc/mN6uBw=; b=opCxOKFBqOZ/ue+3RCkbN/0xLPHURC2Cxl7CARPQJU2NSTEg5uBeDYZmJ/U+zfRp2R25 Q2Cnf2hpuML/Zarl2ypNYIPy4dg9obuF+k6qQfMaqLPJ5ka5Zw/5SBkyIOs0rHi7OFSP 72cTtLi0CzBf+CIu0BnaJ9UteXHwRnq33os=
Received: from mail-ot1-f71.google.com (mail-ot1-f71.google.com [209.85.210.71]) by mx0a-0024a201.pphosted.com with ESMTP id 316xjjf1ws-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <dhcwg@ietf.org>; Thu, 28 May 2020 12:45:24 -0400
Received: by mail-ot1-f71.google.com with SMTP id k23so1629159otl.13 for <dhcwg@ietf.org>; Thu, 28 May 2020 09:45:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nrby7t1jz352ABLUnPAmKm9FOIFehk4ml1Qc/mN6uBw=; b=JZI79awJI/AgGYez61GiNzKCKJTguV9dCIRb33wHgfpRf5NoQiKIIppS0D4EMkxXwB 2P8EVXe8QyZI9IMU/VGN6QdNrI1jB+afjkRAXz0KsPq3mtOyUUi5nisfZtMCWCzfSMaJ M9Kdh78mh6jW+DqxqSBYVM3J0cqnRqe25ey7alZXQPzhDi2lJ82y+X9ogGmVDupzk3E5 RVTRVYhCedrB0DqWt5XdKfTCNwoYxDI/DUW61TBuOe3EVcJETi3WJAYAJYAipnPoXRuN S338j05pZfbyBy5Uow5JJi0FyIK6RCbLNQ77q1Fkm9mjBTKGfnow/8h5GW5MzR3kH24z L1Zw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nrby7t1jz352ABLUnPAmKm9FOIFehk4ml1Qc/mN6uBw=; b=kYoCQ8cKmmHzDjX5sk/Vr2QLD6HvcBhJM6q1M51wfABYtvLxtyoF6so8uowY7iv+qW uz5x64yW0rLTR/AaeZDlA+Az/O+V/RM8uCuC0A676BY3SxSGd+BcXktKWiohrOinb7Ue 9y76azqfFE/jJzJ2wXKhVXTrH8KZfUMLPS5HmG7QZZ17UdHNw7MzZuuXT65fxXVJF+XG 8GIl0PSLX3wcCq5hIaej2reb5nECL/Y4HtnMkRcRICugtzL4PFkO7MHM07SFTHB8Vv2F vSfEFZniLMbWLgzOx8VXhIfCEv+LA4O5PYblIwuAsua4Ifx74U3lZo9+APns5IXBRETJ uzeA==
X-Gm-Message-State: AOAM530vqjCjOtEbjmfYxESW/FErOCewIJXGthS7s9K5KsRpY1TOIJCk 0vObfLxSdJGkdneXJmCBEKiW4od67lbIMJvz3J9AypUgDjvIHaBo/LB/+z7odS0r1YDLRbuswGM 9FMFJAnixSNotJqz0HU2D4g==
X-Received: by 2002:aca:4e87:: with SMTP id c129mr2945917oib.9.1590684323278; Thu, 28 May 2020 09:45:23 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzDFWKs80x8IwCQQWtqYdyRWPad5hiE6OUdvIefItGmVaRfp4FmR0dIfqkbfJWhGHVHPks5PILUdhxLdsJKgFg=
X-Received: by 2002:aca:4e87:: with SMTP id c129mr2945895oib.9.1590684322923; Thu, 28 May 2020 09:45:22 -0700 (PDT)
MIME-Version: 1.0
References: <BN7PR11MB2547E35FBB803AFF5BA8102CCFB00@BN7PR11MB2547.namprd11.prod.outlook.com> <CAHYRG6OJsd3C1Ttxi5AfuNLUw3GunPeCcTP0u3yPeOvTy-kgOA@mail.gmail.com>
In-Reply-To: <CAHYRG6OJsd3C1Ttxi5AfuNLUw3GunPeCcTP0u3yPeOvTy-kgOA@mail.gmail.com>
From: "Chakrabarti, Samita" <samita.chakrabarti@verizon.com>
Date: Thu, 28 May 2020 12:45:11 -0400
Message-ID: <CAHYRG6OtnEwQdyJeQeZr+st+DoKaQof3YP0HzMwMNsM0rz=pkA@mail.gmail.com>
To: "Bernie Volz (volz)" <volz@cisco.com>, Carles Gomez Montenegro <carlesgo@entel.upc.edu>, "Shwetha Bhandari (shwethab)" <shwethab@cisco.com>, =?UTF-8?Q?Jaime_Jim=C3=A9nez?= <jaime.jimenez@ericsson.com>, "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Cc: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, Samita Chakrabarti <samitac.ietf@gmail.com>, "draft-ietf-dhc-mac-assign@ietf.org" <draft-ietf-dhc-mac-assign@ietf.org>, "dhc-chairs@ietf.org" <dhc-chairs@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>, Ian Farrer <ianfarrer@gmx.com>
Content-Type: multipart/alternative; boundary="000000000000049cd805a6b80ee5"
X-mailroute: internal
X-Proofpoint-Spam-Details: rule=out_spam_notspam policy=out_spam score=0 suspectscore=0 mlxlogscore=999 cotscore=-2147483648 mlxscore=0 adultscore=0 clxscore=1015 lowpriorityscore=0 phishscore=0 priorityscore=1501 malwarescore=0 bulkscore=0 impostorscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005280114
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/71eU42ih2xTz6_Eu23aEPb7DJnk>
X-Mailman-Approved-At: Fri, 29 May 2020 04:27:51 -0700
Subject: Re: [dhcwg] [E] [Iot-directorate] Iotdir last call partial review of draft-ietf-dhc-mac-assign-06
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2020 16:45:28 -0000

With corrected  list of additional recipients...

On Thu, May 28, 2020 at 12:41 PM Chakrabarti, Samita <
samita.chakrabarti@verizon.com> wrote:

> + 6lo chairs
>
> Hi Bernie,
> Thanks for the response. I had done some quick partial review  while
> waiting for the full review from Jaime (CC'ed).
>
> Please see in-line below.
>
> On Tue, May 26, 2020 at 4:47 PM Bernie Volz (volz) <volz@cisco.com> wrote:
>
>> Hum ... I never seemed to have received the original email -
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__mailarchive.ietf.org_arch_msg_iot-2Ddirectorate_AlkuS7PgeTwQStM9eFsf4gbOhSw&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=pWMzx7FsqijEJPyfMBfn-HJss-wVVTf0K5y-cxCTXL8&m=MhwqZQxZSi5uQwLINvhNLxro2iGUmpklZPKzXPeZAYo&s=Wk5IuQiP3TbFfVur_rB-lr9gRarH4Vm7VtQy6hAYlFM&e=
>> .
>>
>> Some comments below (BV>).
>>
>> ---
>> I took a quick glance at the draft from IoT point of view (only partial
>> review ).
>>
>> Section 4.2 talks about the IoT use case as Direct Client Mode -- where
>> they
>> talk about cheap devices which may not have unique UUID associated with
>> it.
>>
>> Note that a client that operates as above that does not have a
>>    globally unique link-layer address on any of its interfaces MUST NOT
>>    use a link-layer based DUID (DHCP Unique Identifier), i.e., DUID-LLT
>>    or DUID-LL.  For more details, refer to Section 11 of [RFC8415].
>>
>> 1. However,  it is not clear what  source initial link-layer address
>> should be
>> used by these devices. should it point to section 6? will that suffice?
>>
>> BV> There are two different issues here. One is the DUID this device
>> would use for DHCPv6 - we were just pointing out here that these devices
>> must not use Link Layer based DUIDs (hence, they should use DUID-EN or
>> DUID-UUID). In terms of the "initial link-layer address", I'm not sure that
>> a reference to section 6 (I assume of the dhc-mac-assign draft) would be
>> useful? In section 4.2, we already say "Upon first boot, the device uses a
>> temporary address, as described in [IEEE-802.11-02-109r0], to send initial
>> DHCP packets to available DHCP server", so I'm not sure what is missing?
>>
>> Document author would be the best person to decide where to point back
> to. If section 4.2 is where the reader should point to, please add a
> reference to that section. That will really help with the readability.
> Section 6 was a random suggestive question.
>
>
>> 2. Moreover,  how safe the mechanism would be if the Security section
>> says that
>> mechanism defined in this draft may be used by a bad actor ?
>>
>> BV> I'm also not sure what would be needed here? I guess we could point
>> out that randomly selecting an initial mac-address and trusting a DHCPv6
>> server to assign an address is very insecure? But that's pretty much
>> covered by
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc8415-23section-2D22&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=pWMzx7FsqijEJPyfMBfn-HJss-wVVTf0K5y-cxCTXL8&m=MhwqZQxZSi5uQwLINvhNLxro2iGUmpklZPKzXPeZAYo&s=E48ssN8G2VhyyeP8Bb8GAH-sg8e__ROhYmOBLR0n2p8&e=
>> . Perhaps more clarity on what should be added would help?
>>
>>
> Yes, more clarity and some suggestion for the IoT devices would help. For
> example, if there are suggestions that this solution could be used in a
> restrictive environment only, that would be helpful. An IoT security expert
> can help provide a suggestion or text here to mitigate possible threats for
> IoT devices, in case of low power and low capacity IoT devices.
>
> 3. It appears to me the mechanisms are designed for VMs behind an
>> hypervisor
>> and then IoT usages are added. My concerns are two fold for challenged low
>> capability IoT devices -- 1) will they be able to handle the complicated
>> option
>> processing described here? 2) How to mitigate the security vulnerability
>> for
>> IoT devices as direct clients?  (The security section does not talk about
>> mitigation)
>>
>> Should there be a simpler option processing structure without TLV option
>> processing ( i,e a fixed structure part + then TLV part for optional
>> information]?
>>
>> BV> The TLV structure is what DHCPv6 is based on. I'm not really sure
>> that this is that complicated and if it is ... this is OPTIONAL - a IOT
>> device could consider using it; of course, if it really is low end perhaps
>> it is not the best technique for it? The IEEE was also working on a
>> specification for doing link-layer address assignment and theirs (when
>> available) would most likely be at a much lower layer in the "stack" and
>> may be better optimized for the IOT case (and may also cover the initial
>> allocation issue that exists with DHCPv6). So the IOT case was indeed not
>> the first priority, as that likely would be better accommodated by IEEE.
>>
>>
> Understood.  Perhaps a few sentences (as explained above) may be fine, so
> that implementors will be able to make appropriate choices. I agree
> additional mechanism for IoT devices may not be worthwhile. Large things
> (IoT devices) can certainly use the  DHCP mechanism and the additional
> changes specified here. However, I would like 6lo chairs'  comments and
> their advice on this.
>
>
>
>> BV> I don't know if Carlos might have some more data on the IEEE work, as
>> my contacts at IEEE seem to have dried up.
>>
>>
>
> Best regards,
>
> -Samita
>
>
> - Bernie
>>
>>
>> -----Original Message-----
>> From: Éric Vyncke via Datatracker <noreply@ietf.org>
>> Sent: Saturday, May 23, 2020 2:55 AM
>> To: The IESG <iesg@ietf.org>
>> Cc: draft-ietf-dhc-mac-assign@ietf.org; dhc-chairs@ietf.org;
>> dhcwg@ietf.org; Tomek Mrugalski <tomasz.mrugalski@gmail.com>om>; Ian Farrer
>> <ianfarrer@gmx.com>om>; ianfarrer@gmx.com; samitac.ietf@gmail.com
>> Subject: Éric Vyncke's Yes on draft-ietf-dhc-mac-assign-06: (with COMMENT)
>>
>> Éric Vyncke has entered the following ballot position for
>> draft-ietf-dhc-mac-assign-06: Yes
>>
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>>
>>
>> Please refer to
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_iesg_statement_discuss-2Dcriteria.html&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=pWMzx7FsqijEJPyfMBfn-HJss-wVVTf0K5y-cxCTXL8&m=MhwqZQxZSi5uQwLINvhNLxro2iGUmpklZPKzXPeZAYo&s=FCX6F-uLWppM7EFaOFeIuFVExP49DNs7oDdbvBF82Zg&e=
>> for more information about IESG DISCUSS and COMMENT positions.
>>
>>
>> The document, along with other ballot positions, can be found here:
>>
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Ddhc-2Dmac-2Dassign_&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=pWMzx7FsqijEJPyfMBfn-HJss-wVVTf0K5y-cxCTXL8&m=MhwqZQxZSi5uQwLINvhNLxro2iGUmpklZPKzXPeZAYo&s=lJ6Hibrd0Y5o1Yn5wyMq1jBmYasSghT5Cun8ozP9h2o&e=
>>
>>
>>
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>>
>> Thank you for this useful and easy to read document.
>>
>> Please also address the IoT Directorate review by Samita Chakrabarti:
>>
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_review-2Dietf-2Ddhc-2Dmac-2Dassign-2D06-2Diotdir-2Dlc-2Dchakrabarti-2D2020-2D05-2D11_&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=pWMzx7FsqijEJPyfMBfn-HJss-wVVTf0K5y-cxCTXL8&m=MhwqZQxZSi5uQwLINvhNLxro2iGUmpklZPKzXPeZAYo&s=TQmeA0UlP9-u3LNCN4qZWv_DYUV_hatkOEGmptCHraM&e=
>>
>> Regards
>>
>> -éric
>>
>>
>>
>>