IETF Logo Mail Archive

Re: [Gen-art] Genart telechat review of draft-ietf-ipwave-ipv6-over-80211ocb-47 - privacy

Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 04 July 2019 08:02 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB5B01201AF; Thu, 4 Jul 2019 01:02:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.631
X-Spam-Level:
X-Spam-Status: No, score=-2.631 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B0Z_gzsQTA5u; Thu, 4 Jul 2019 01:02:11 -0700 (PDT)
Received: from cirse-smtp-out.extra.cea.fr (cirse-smtp-out.extra.cea.fr [132.167.192.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E9A21201A3; Thu, 4 Jul 2019 01:02:11 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x64829jH047600; Thu, 4 Jul 2019 10:02:09 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 41B3920548D; Thu, 4 Jul 2019 10:02:09 +0200 (CEST)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 2E897201EC5; Thu, 4 Jul 2019 10:02:09 +0200 (CEST)
Received: from [10.8.35.150] (is154594.intra.cea.fr [10.8.35.150]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x64829fL006098; Thu, 4 Jul 2019 10:02:09 +0200
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
To: Roni Even <ron.even.tlv@gmail.com>, gen-art@ietf.org
References: <156222033675.12461.8547529207178996969@ietfa.amsl.com>
Cc: its@ietf.org, "draft-ietf-ipwave-ipv6-over-80211ocb.all@ietf.org" <draft-ietf-ipwave-ipv6-over-80211ocb.all@ietf.org>
Message-ID: <5eb32bb2-fc24-8cbc-1719-6e41fd4fb3a6@gmail.com>
Date: Thu, 04 Jul 2019 10:02:09 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <156222033675.12461.8547529207178996969@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/lO3yrZ29x1AkAdJrbFsrZWPBKmE>
Subject: Re: [Gen-art] Genart telechat review of draft-ietf-ipwave-ipv6-over-80211ocb-47 - privacy
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jul 2019 08:02:15 -0000


Le 04/07/2019 à 08:05, Roni Even via Datatracker a écrit :
> Reviewer: Roni Even
> Review result: Ready with Issues
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair. Please wait for direction from your
> document shepherd or AD before posting a new version of the draft.
> 
> For more information, please see the FAQ at
> 
> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
> 
> Document: draft-ietf-ipwave-ipv6-over-80211ocb-47
> Reviewer: Roni Even
> Review Date: 2019-07-03
> IETF LC End Date: None
> IESG Telechat date: 2019-07-11
> 
> Summary:
> The document is ready to be published as a standard track RFC with an issue
> 
> Major issues:
> 
> Minor issues:
> 
> this is about my previous comment.
> The text in section 5.1 "A vehicle embarking  an IP-OBU whose egress interface
> is 802.11-OCB may expose itself to  eavesdropping and subsequent correlation of
> data; this may reveal data considered private by the vehicle owner; there is a
> risk of being tracked.  In outdoors public environments, where vehicles
> typically circulate, the privacy risks are more important than in indoors
> settings." and "there is a strong necessity to use protection tools such  as
> dynamically changing MAC addresses"
>   so even though there are privacy concerns there is no normative text saying
>   that some method is needed. "strong necessity" is not normative .
> 
> A new sentence was added to section 5.1 "An example of change policy is to
> change the MAC address of the OCB interface each time the system boots up"
> 
> I got more confused by section 5.2 text "The policy dictating when the MAC
> address is changed on the 802.11-OCB interface is to-be-determined."
> 
> So what I got from section 5.1 and 5.2 is that protection tools to address
> privacy concern are needed but without any normative text.  Dynamic changing
> of MAC address is an option, no other option is mentioned.  Example for when to
> change MAC address is on system boot and the policy when to change MAC address
> is to be determined.
> 
> To summarize what the document currently says is that privacy risks are more
> important for outdoor public environment and it is left for implementations to
> decide if and how to address it.

Thank you for the comment.

In a sense, I agree with you: normative text is always helpful for 
implementer.  S/he will know what method for privacy of IID MUST be 
implemented, and do it.

However, I do not want to work on this because of the following: (1) the 
random MAC generation has an unknown IPR status (to me) and (2) the 
64bit IID length is imposed.

This draft imposes a 64bit for the IID length.  Given that, it is 
impossible for me personally to make sense about what should be 
implemented for privacy for IID.  I have several methods in mind, and I 
can get help from implementer to test and demonstrate.  But not within 
the upper and lower bounds of the 64bit boundaries.

Shorter than 64bit IIDs (like ::1, or ::5) are easier to manipulate by 
humans when building systems, and they can be obfuscated as well: 
instead of saying '1' one can say '2' so the listener is fooled, 
provided a secret agreement between the ends is in place.  Also, longer 
IIDs (like ::1:2:3:4:5) resist better to brute force algorithm attacks.

There is a method for generating the MAC address in a more random 
manner, and use it to form a 64bit IID.  That method is implemented 
widely in Windows on PC and on Windows Phone.  There is also an ETSI 
standard that suggests the same.  This draft IPv6-over-OCB has that 
method in mind when it talks about changing the MAC address each time a 
system boots up.  However, I do not know the IPR status of that method. 
I would like to know it, because personally I dont want to work on 
documents that are IPRed by other organisations.  It is also for this 
reason that it says 'a possibility is', and not 'MUST do'.

Finally, having retired my name from the author list, please consider 
these comments as an individual opinion.  The fact that I state it with 
certainty does not mean any form of authority on the document.  There is 
a WG for authority, an Editor, etc. (see IPWAVE WG).

I do not know what others think about privacy and IIDs and IPv6-over-OCB?

Alex

> 
> Nits/editorial comments:
> 
> 
>

v2.23.0 | Report a Bug | By Email