RE: Last Call: <draft-ietf-manet-nhdp-optimization-03.txt> (An Optimization for the MANET Neighborhood Discovery Protocol (NHDP)) to Proposed Standard
"Adrian Farrel" <adrian@olddog.co.uk> Fri, 07 November 2014 18:07 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA1BB1A8897 for <ietf@ietfa.amsl.com>; Fri, 7 Nov 2014 10:07:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FT637r-mt-3g for <ietf@ietfa.amsl.com>; Fri, 7 Nov 2014 10:07:47 -0800 (PST)
Received: from asmtp5.iomartmail.com (asmtp5.iomartmail.com [62.128.201.176]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8638E1A88AE for <ietf@ietf.org>; Fri, 7 Nov 2014 10:07:46 -0800 (PST)
Received: from asmtp5.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp5.iomartmail.com (8.13.8/8.13.8) with ESMTP id sA7I7hrW001234; Fri, 7 Nov 2014 18:07:43 GMT
Received: from 950129200 ([66.129.246.4]) (authenticated bits=0) by asmtp5.iomartmail.com (8.13.8/8.13.8) with ESMTP id sA7I7eNh001220 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 7 Nov 2014 18:07:41 GMT
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Abdussalam Baryun' <abdussalambaryun@gmail.com>
References: <02e501cff6e8$5e908990$1bb19cb0$@olddog.co.uk> <CADnDZ88XEszopC24pxgw-M_yOvBTJxBLZOoHKMMHw=bisQsTvw@mail.gmail.com>
In-Reply-To: <CADnDZ88XEszopC24pxgw-M_yOvBTJxBLZOoHKMMHw=bisQsTvw@mail.gmail.com>
Subject: RE: Last Call: <draft-ietf-manet-nhdp-optimization-03.txt> (An Optimization for the MANET Neighborhood Discovery Protocol (NHDP)) to Proposed Standard
Date: Fri, 07 Nov 2014 18:07:39 -0000
Message-ID: <013e01cffab5$b9910fb0$2cb32f10$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQNfsIfd0fofX/875rt40vC3y5YJ7wHp3XsLmSa2GoA=
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-7.5.0.1018-21084.001
X-TM-AS-Result: No--24.185-10.0-31-10
X-imss-scan-details: No--24.185-10.0-31-10
X-TMASE-MatchedRID: j4nUk6F+aLYzx9GDMr0HvzYTypjB3iDVuikHZcC6ceA/vgFpaLdKGzQI ETJdeZRG8ezTha1iurL2HGHMiLuFTltbqhz7OLCQRlqShqb35p6PmFSaq6xM+CSqFMz9Rn2241E DlTFW76+1oXMUjdSpFZVUprilJgcFov7RQibmJSFIRA38P/dwbhjTE1ofkwPbXp6Nu391+bM5d9 n04fLNZhxNahPmmSH+EG4tJ9m3jKw7qx9KsdZAWJN3sInxtjDTbv16+gil4jeuZgEQHmeEHHROw AUH8TPXw6Kt9Wk1Fg/ayvaN4jh4oHDICbPFvtnTgpZKjtaL0DsrHkgIan9a0Szt4/lw8JZDGwRE UTS8dqOAhi2NdOBY8imut2kzSj+ZCNmyKN5cwZb0hv/rD7WVZGNEEvUVjfzxW+jwVKpqvlK/s+h ACWeyuSM5BJR/sbr9X4Iqit5vfH3BXlkPaxAt1ayBo9Jaui9GzJmqByfAaS2XaXn+/c+l2o9Mar 5N16CnaB+AA4s32d/PGxTEDd5xrgzT4Da6T1AdXP5rFAucBUHomPrNi98UBIq+0i/fJckJmPNBC Xo4WRvNzqdZGrVMeDb4SXR6Jt6oPT0YPZFiof3FlCgYxEaGEyGi0ftsSkQylL1/3IuU47LyRSYb sU5DczNk7MduL6bQdXDaI7cYxfwYENqGQiXbqbxygpRxo4696Jlwb2gbuk6EK56YanVQ3LYuEWh 6aGQuRFUZgMrEu5kX26VyMvtMOksimGEcVY8yKqbRTxCI1HRnxnFvoCSPiglbhF7ZTanLQfwG8R GLZ1TnzlXMYw4XMAGLeSok4rrZbdTuPa9VRGvEQdG7H66TyOk/y0w7JiZo
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/lH8UOzS-JKPp_-gl8BijE0TcMW8
Cc: 'ietf' <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Nov 2014 18:07:52 -0000
Hello again, >>> 3- The draft proposes to update two IETF standards but does not show >>> any testings information. It is prefered to test the standard >>> performance by IETF before published. >> >> "It is preferred" presumably means you would prefer it? > > Yes but usually meaning readers with prefer clarifying it because it > is a standard and updating a new standard RFC7181. If I am > implementing the new 7181 and then find out that there are > new updates I will be worried what is happening within IETF > publications and tests. I *do* hear your stated preference, but I disagree with it. I *do* hear that changes and additions to published RFCs worries you, but that is a normal and very beneficial part of the IETF process. You should, perhaps, worry less. The point about the new update being optional might help to sooth you. >> The document shepherd write-up confirms that there are multiple >> implementations of this specification. I assume, therefore, that you >> are suggesting that the modulus of the optimization be tested. Isn't >> that obvious, however? You can quantify this very exactly simply by >> looking at the protocol exchanges. > > When we notice that OLSR is already an optimised routing and then > another update is for optimisation, that make me worry. Well, like I said: try not to worry about stuff. > What is optimisation, usually there is better performance, but why did > not IETF find this feature before issuing 7181, the test will help us find > our the best optimisation is it 7181 (OLSRv2) or this proposal standard. The document is very clear what optimisation is relevant here. It is the speed of recovery of state without the need to wait for a retransmitted message. Why didn't the IETF find this feature before? Must be because we are human. Yes, you are very welcome to publish the performance figures for your implementation. >>> 4- The draft states:- >>> As such, this protocol introduces no new security considerations >>> to an implementation of [RFC6130] or of any other protocol >>> that uses it, such as RFC7181]. >>> >>> [AB] The standard is based on the use of link quality in such >>> optimization, however, the proposed standard can be attacked >>> (requires considerations) if the link quality is attacked frequently. >>> The proposed choice of the quality-threashold and its acceptance >>> decisions are very important to the proposed standard to function >>> successfully, therefore, the reviewer suggests to remove the >>> above text from the draft and to add some security considerations. >> >> Haven't you got this exactly the wrong way around? >> That is, without this optimization, an attack on the stability of the >> link (such as by radio interference) can cause disruption to 2-hop >> neighbors (or at least to their robustness). >> This document makes these neighbors more able to rapidly recover >> when the link is restored. > > The link quality is optional in RFC7181, but when used there can be > attacks, however in this proposal there is higher possibility for attacking > links. No. You are at least half wrong. Yes, the use of link quality in 7181 allows for a link that is attacked to be noticed. But failing to notice an attack on a link is *worse* than noticing it. That is, if you don't notice you will continue to send traffic to a link that is under attack with the result that the traffic is not delivered. While, if you use the link quality to prune the link then you will route traffic through another part of the network. This document makes no difference to the possibility of attacking a link. The attack is not carried out using the protocol so no change to the protocol could make any difference to that. What *can* happen is that the protocol can react to or even amplify the attack. As noted, reacting to the attack is a good thing because you want to route around attacks. However, what the authors of this draft have discovered was that 7181 included a minor amplification of the attack, and this work provides a way to close that hole. The document makes the security behaviour slightly better. Definitely not worse. [Hint: if you remain convinced that it is worse, please construct a scenario where this can be demonstrated and send it to us. Such a scenario would be a topology and a series of events showing behaviour with and without this extension.] >> This point was already made by me in my review and in the >> Sec Dir review by Charlie Kaufmann and lead one of the authors >> to propose including a simple statement that "It may sometimes >> provide a small improvement in availability against attacks such >> as short bursts of deliberate interference" although it was also >> discussed that this is not a very substantial security improvement >> given that it is a second (or even third) order effect compared to >> the basic attack on the link. > > There was no security consideration with in the section. So do > you still think that this proposal needs no consideration for > security? I find your question hard to interpret in the context of what I said. You can read exactly what security considerations are documented in Section 7 of the I-D. The author has proposed an additional sentence to include in the document as stated above. Yes, I think it is a good idea to add that. A
- Re: [manet] Last Call: <draft-ietf-manet-nhdp-opt… Abdussalam Baryun
- RE: Last Call: <draft-ietf-manet-nhdp-optimizatio… Adrian Farrel
- RE: Last Call: <draft-ietf-manet-nhdp-optimizatio… Dearlove, Christopher (UK)
- Re: Last Call: <draft-ietf-manet-nhdp-optimizatio… Thomas Clausen
- Re: Last Call: <draft-ietf-manet-nhdp-optimizatio… Abdussalam Baryun
- Re: Last Call: <draft-ietf-manet-nhdp-optimizatio… Abdussalam Baryun
- RE: Last Call: <draft-ietf-manet-nhdp-optimizatio… Adrian Farrel
- RE: Last Call: <draft-ietf-manet-nhdp-optimizatio… Dearlove, Christopher (UK)