Re: [homenet] Please review security considerations of draft-homenet-babel-profile
Juliusz Chroboczek <jch@irif.fr> Tue, 25 July 2017 22:09 UTC
Return-Path: <jch@irif.fr>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12509131F47 for <homenet@ietfa.amsl.com>; Tue, 25 Jul 2017 15:09:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zz4JUMtOUBCY for <homenet@ietfa.amsl.com>; Tue, 25 Jul 2017 15:09:07 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56E6D131CEF for <homenet@ietf.org>; Tue, 25 Jul 2017 15:09:07 -0700 (PDT)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/56228) with ESMTP id v6PM95GK025395; Wed, 26 Jul 2017 00:09:05 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 15847EB274; Wed, 26 Jul 2017 00:09:05 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id md7o_h1b9CYM; Wed, 26 Jul 2017 00:09:00 +0200 (CEST)
Received: from trurl.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id D4E57EB2CC; Wed, 26 Jul 2017 00:09:00 +0200 (CEST)
Date: Wed, 26 Jul 2017 00:09:00 +0200
Message-ID: <87o9s8f9tv.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: homenet@ietf.org
In-Reply-To: <2a01c4f9-8961-3b8a-0746-f7c77a9e65e3@cs.tcd.ie>
References: <874lu045zs.wl-jch@irif.fr> <2a01c4f9-8961-3b8a-0746-f7c77a9e65e3@cs.tcd.ie>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Wed, 26 Jul 2017 00:09:05 +0200 (CEST)
X-Miltered: at korolev with ID 5977C181.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5977C181.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5977C181.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/J35xlgM0jdSap8bTvPL216n4zn8>
Subject: Re: [homenet] Please review security considerations of draft-homenet-babel-profile
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jul 2017 22:09:09 -0000
> 1) The first sentence seems to not say what to do if a packet comes > from a 1918 IPv4 address. Even if that's not supposed to happen, it > could be attempted. What's an implementation supposed to do then? Both HNCP and Babel use IPv6 for carrying control data. There's no way an IPv4 packet can be received by them (barring bugs, of course). See also REQ1 in this draft. > 2) Again I need to read the rest of the draft, but does this mean > that anyone on that link of the homenet can inject these messages > without any authentication, On the trusted link, yes. > and if so why is that ok? This draft takes no stand on whether it is okay or not, it merely states the current security situation. Defining cryptographic authentication mechanisms for the Homenet stack is out of scope for this draft. -- Juliusz
- [homenet] Please review security considerations o… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Stephen Farrell
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Ray Bellis
- Re: [homenet] Please review security consideratio… Mark Baugher
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Philip Homburg
- Re: [homenet] Please review security consideratio… Gert Doering
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Philip Homburg
- Re: [homenet] Please review security consideratio… Philip Homburg
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Philip Homburg
- Re: [homenet] Please review security consideratio… Gert Doering