Re: [Gen-art] [6tisch] Review of draft-ietf-6tisch-minimal-17
Tero Kivinen <kivinen@iki.fi> Thu, 05 January 2017 16:04 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D56B8129B41; Thu, 5 Jan 2017 08:04:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lpeEw4YsSv5A; Thu, 5 Jan 2017 08:04:54 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0E2912958C; Thu, 5 Jan 2017 08:04:53 -0800 (PST)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v05G4kKS025027 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 5 Jan 2017 18:04:46 +0200 (EET)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v05G4jR6016430; Thu, 5 Jan 2017 18:04:45 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <22638.28317.918545.716649@fireball.acr.fi>
Date: Thu, 05 Jan 2017 18:04:45 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <3b1ec831-33b1-91ee-d380-1315cb7a3f81@gmail.com>
References: <148140959184.3857.2236566242217564901.idtracker@ietfa.amsl.com> <CADJ9OA8vju=Y13u8EtfsrpT0Kcaf4X-TWzmgfJ=oKkWo+pdxWw@mail.gmail.com> <CADJ9OA_q391_4thKKsXnTQw1gyS3vp+8-CRPUwDqqCzoNKZMDQ@mail.gmail.com> <3b1ec831-33b1-91ee-d380-1315cb7a3f81@gmail.com>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 14 min
X-Total-Time: 17 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/y8iplw6lfI49vhv56cqV4vtPWNM>
Cc: gen-art@ietf.org, "6tisch@ietf.org" <6tisch@ietf.org>, Thomas Watteyne <thomas.watteyne@inria.fr>, draft-ietf-6tisch-minimal.all@ietf.org
Subject: Re: [Gen-art] [6tisch] Review of draft-ietf-6tisch-minimal-17
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2017 16:04:56 -0000
Brian E Carpenter writes: > Hi Thomas, > > The responses to my comments almost all look fine to me. Just one point, > on MINOR COMMENT 4 (slide 8): > > "Shouldn't this also say that this value MUST NOT be used in > operational networks?" > > We've seen many cases over the years of informal values making it into shipped > products... generally a Bad Thing. But with my lack of IEEE802.15.4 expertise, > I really don't know whether it matters in this case. Whatever the WG decides > is good, as long as the point is considered. It does matter. If anybody knows the key they can do single packet DoS attack against network and kill it... I.e. send EB to some of the nodes, so that it changes the schedule. After that the nodes in the network are out of sync, and after few minutes or tens of minutes they will realize this and start to recover, but it takes long time, and can cause lots of disruption. If node receives EB which says that the EB slot is not timeslot 0, or that it has channel offset of 1 or something like that, then it will be listening EBs from wrong channel after that. After it misses enough of packets from the network it realizes it is out of sync and reinitializes itself back to network. This means it needs to do passive scan over the 16 channels listening each channel for slot frame size * timeslot duration * EB_PERIOD (at minimum, perhaps twice in case it happens to miss EB). Meaning that with 101 slot frames, and 10ms timeslot duration, and with EB_PERIOD of 3 that is 3 seconds per channel, and for 16 channels it takes 48 seconds. During that time nodes which were children of that node, will notice that it has gone, and they will start doing same... The attacker can cause even more confusion by changing the timeslot parameters, or channel hopping order, but I would hope that implementations would ignore changes to those IEs while the network is running. On the other changing channel offset or timeslot number for EBs, is something that might happen, so nodes might need to cope with that. I have complained this clear text password in the specification for long time, and I do not think there is any reason to include that key in the RFC. The early interoperability testing people can agree on key they use in the interoperability events it does not need to be hardcoded in the RFC or in the code. > I hope the interim goes well, it is too far out of my time zone to attend! -- kivinen@iki.fi
- [Gen-art] Review of draft-ietf-6tisch-minimal-17 Brian Carpenter
- Re: [Gen-art] [6tisch] Review of draft-ietf-6tisc… Xavi Vilajosana Guillen
- Re: [Gen-art] Review of draft-ietf-6tisch-minimal… Thomas Watteyne
- Re: [Gen-art] Review of draft-ietf-6tisch-minimal… Thomas Watteyne
- Re: [Gen-art] Review of draft-ietf-6tisch-minimal… Brian E Carpenter
- Re: [Gen-art] [6tisch] Review of draft-ietf-6tisc… Tero Kivinen
- Re: [Gen-art] [6tisch] Review of draft-ietf-6tisc… Kristofer PISTER
- Re: [Gen-art] [6tisch] Review of draft-ietf-6tisc… PWK
- Re: [Gen-art] [6tisch] Review of draft-ietf-6tisc… Tero Kivinen
- Re: [Gen-art] Review of draft-ietf-6tisch-minimal… Brian E Carpenter