IETF Logo Mail Archive

Re: [Iot-directorate] Iotdir last call review of draft-ietf-roll-turnon-rfc8138-09

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Wed, 05 August 2020 11:35 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: iot-directorate@ietfa.amsl.com
Delivered-To: iot-directorate@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 802F83A0D6A; Wed, 5 Aug 2020 04:35:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=BLyh4cf4; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ZGo4AuLE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kwYibp9b7bNy; Wed, 5 Aug 2020 04:35:04 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE28F3A03F6; Wed, 5 Aug 2020 04:35:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=40310; q=dns/txt; s=iport; t=1596627303; x=1597836903; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Ccmf+bNWl7qhcTLw/utVhz/aKP3aQ2DZnOeQEsJLedU=; b=BLyh4cf4Rv7muJJSrIooE1d97Yd/6m+ZqAn/w8cLXfraUiFh7C4cOn66 yScx25UzYoOTAgDgJ+9z+0hig7S4iwqY6lYcZnHKE0Ku+3wFftzs0wAAH kQabbKpvSbeMCvNi0fFRQpw+wYxuZA6on0FmG3l9oMS8NhlqwRGr0cA4b E=;
IronPort-PHdr: 9a23:Gp3LWBCTaMDrO6yRxB31UyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qw31g3EW5nW77RZk+GQvqz9CiQM4peE5XYFdpEEFxoIkt4fkAFoBsmZQVb6I/jnY21ffoxCWVZp8mv9PR1TH8DzNFDUvnC2qyMKEVPyORcmbujwE5TZ2sKw0e368pbPYgJO0Ty6Z746LBi/oQjL8McMho43IacqwRyPqXxNKOk=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CsBQArmSpf/51dJa1gDg4BAQEBAQEHAQESAQEEBAEBggqBIy9RB29YLyyDdUCDRgONU4ECl2CBQoERA1UDCAEBAQwBASUIAgQBAYRMAheCEAIkOBMCAwEBCwEBBQEBAQIBBgRthVwMhXEBAQEDAQwGEQoTAQEyBQEECwIBBgI4AQkCAgIwJQIEAQ0NGoMFgX5NAw4gAQ6XSZBoAoE5iGF2gTKDAQEBBYEzAQMCg3sYgg4DBoE4gnCDX0qBdoE0gksagUE/gRFDUYFHNT6CXAEBA4EZKgoRK4JqM4ItizmHQYZfi1qPa34KgmKIYYtIhgOCfIlPjX+FM5IoijOUdAIEAgQFAg4BAQWBaiOBQg4HcBWDJFAXAg2OH4NxhRSFBD50CywCAwMBBwEBAwl8jGiBZGABAQ
X-IronPort-AV: E=Sophos;i="5.75,436,1589241600"; d="scan'208,217";a="538121221"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 05 Aug 2020 11:34:58 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id 075BYw9j015919 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 5 Aug 2020 11:34:58 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 5 Aug 2020 06:34:58 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 5 Aug 2020 07:34:57 -0400
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 5 Aug 2020 07:34:57 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hRdQ/sLbFsSi3JvMG8569bJRMo4AKtUam96oqoxd4sfjTUtus1cz0v0tYKC2BcohmwNXsiInTcUuv4soTcIOh/S01QaTThJ/s4/XbS8B5NXOWoBfpV5H9QVSXwsuoZ/hEhRU4c/zEKaiCwvYHmgnLFM2Vpbi8Xr4gDrCakh5XprJ7Rghgft0qrWBDsq2oTNNHYcEvZOppoKDZwV30VxhEJN5ZfPVlxuUUioxWFF0ROwuaX/Fr8ApX0iSwOmKD55fGJpSTN9CYRKoDC0GS3U8ybUJpx+jwjjJZsfGjHF2MMl+3jB1sFuC3g+kH5+2x3fxkVa8uYY/nmG4rNarVWbPRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ccmf+bNWl7qhcTLw/utVhz/aKP3aQ2DZnOeQEsJLedU=; b=JCT/W3miv/DSqXXBVwpKTNdAjxjWYjthabq363EZE6jbBSLKtfrJVKY3S/yFvKZnEkZlpT7XEoKPgD+ZKuf63q5VGTI9lBGCWLUYGAPGVfOXOEY+rJxx81iKQbtbioVqdIdiVyHK6bGdNtJlVTLwzRLVpeArBgHtgYh8fnKREJq+ilmNXRLALaoSg+BpIGoP8YCpvUQLPg/oV38sKOqtaMQlxMrquwXFfqaFbPQYDphO7q0COAnveKAaqdQJ2uzt1x1ombJNa9fAJhsaMoYAVBXul1WfFMK2Cv6qsrOyMMhNaXCAeU6nwqQUsVhteZhS3lQy11GBAqn4y1QsCkvxLQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ccmf+bNWl7qhcTLw/utVhz/aKP3aQ2DZnOeQEsJLedU=; b=ZGo4AuLEJOl7fZuOzCthpo0R9q+p79+Kg30p1NlzMdmHqSlON2y4POm6kYC5W0BRHyHfk5C3Hn9UPahR+VJ0RUoP5glgoHR1KYFMA1POcn0SsoIJJoVaVt8Juj0eQkpqQO5TFAlECAm2YSlRBqo26Pjc/4KQLliISkMI0p+g0Nc=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (2603:10b6:208:ea::31) by MN2PR11MB3711.namprd11.prod.outlook.com (2603:10b6:208:fa::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.21; Wed, 5 Aug 2020 11:34:55 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::a53e:5801:92cc:3204]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::a53e:5801:92cc:3204%5]) with mapi id 15.20.3261.018; Wed, 5 Aug 2020 11:34:55 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Carles Gomez <carlesgo@entel.upc.edu>, "iot-directorate@ietf.org" <iot-directorate@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-roll-turnon-rfc8138.all@ietf.org" <draft-ietf-roll-turnon-rfc8138.all@ietf.org>, "roll@ietf.org" <roll@ietf.org>
Thread-Topic: Iotdir last call review of draft-ietf-roll-turnon-rfc8138-09
Thread-Index: AQHWavnDeHVaGW91MUm0zwVCQmyTTakpL2vg
Date: Wed, 05 Aug 2020 11:34:32 +0000
Deferred-Delivery: Wed, 5 Aug 2020 11:33:59 +0000
Message-ID: <MN2PR11MB3565FFD7AECC524F6A1D6F8ED84B0@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <159661239313.30550.10499047705190236121@ietfa.amsl.com>
In-Reply-To: <159661239313.30550.10499047705190236121@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: entel.upc.edu; dkim=none (message not signed) header.d=none;entel.upc.edu; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2a01:cb15:25e:cc00:2903:be44:50f2:ed57]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ece2767e-940c-4f50-9d76-08d839339396
x-ms-traffictypediagnostic: MN2PR11MB3711:
x-microsoft-antispam-prvs: <MN2PR11MB3711468052DB3DE99C939376D84B0@MN2PR11MB3711.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hSmIY9w33IsJx4uTdvri/6zbq29B9ttZMhSaBcf1BW0Z7t29B5H8sLATo7b2aKr8iE40EqTmKxdLBmhXVK2E3GbRJ1e36Ua3B5TMjAA7hdniYCpxDVjmGB/T36VYsZOug/kiIyp4PUq2fzHtPNfD33DEC/2k6Zm2HF37No21PUZEp52LGq5pmvD3el+cls4peHpDqYFxxo5WqdWvQNpuKGxRPqnIFBKs//ivyOURbp2gqCJ9hL10PH3bc6OFR1dp/pm3SQ03HVJgkTefG+jLcoN8EjCeB5ntDfEDoun42J42oDNvNrcs5z4GZzaUCOl9yngF8AQHa+jbobfAl0jQk5LCvWEOGwCkDaN9gt7piErwKCjPJEDONMBnH8J5+rYoemWtLLzNwZcigDv+xIZf+A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3565.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(346002)(376002)(136003)(396003)(366004)(110136005)(54906003)(8936002)(4326008)(66574015)(316002)(7696005)(71200400001)(83380400001)(6666004)(5660300002)(166002)(64756008)(66946007)(76116006)(9686003)(478600001)(6506007)(2906002)(8676002)(86362001)(33656002)(186003)(66556008)(66446008)(55016002)(966005)(66476007)(52536014); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: SBEC6U8nTyDC7tKAyzmMczxpPU8fbyA6gT3584zsJjsSrhK2Lf+heV/6UKNDdQEMcUVS6t6amQZwqVFw7rdAE/6Wb3kJJq0WiA+ckp0Xb3FHIa11QyONYgBHhzBua2wVcmkVgFoKD7TIYlx0hY17BdsE9AeBtQEkbpZXh/2MgC3+fKS2VXJkyDc53wI2ycVlOwEvgBtY/q9jG0j07aG3xVf7WTOebny2VYkV2fWe+Zi34lEyjIPPXrw10n9Ke5mmoKnYka36ghJrcVle264nUx+T5zMk0VtmSfgeV5SULRSXSz6SVr+H9YUVWba+QS76CSIGZk3zl9vjnIAFr2ULX0PWfEgVZjNxrJruCPuwarMd2RI+nSQQ0canEHG5wV/ubLt1XA/eU1QC8xCSxOkrSbYonX4pbpFwkIJZFm2BHo4DWoY6mg+OIMyzVHdE58UcyTysWDyCprQpQK7/8wxKrXMX7ntu84Bb/uSdTj2eIKU3von7qaJ7Fpa4hZz29EjV00zv8VW8eVzNeKXlI/5V4zpFDE3gjIirqy8AYCQD3PyrFKTm4LqWwR7ahlzO0vqWO07DVz0gBoY1ONZJ4ZudA6L2u3fflFA6cyFAym6299OzD7Xlv3saRqhIQJ9vNBz3eoeVeIpuUJFoNqpDq+f6z/f4LfzB0RHPktVxg5/pA8ShX0adHFSoRcWD5UnAGOBbfF9Frc1YwQWPy3F0WeTTeg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3565FFD7AECC524F6A1D6F8ED84B0MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB3565.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ece2767e-940c-4f50-9d76-08d839339396
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Aug 2020 11:34:55.3592 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cin3LHqfdNyIXOBA7bCX2q0T/Vp2SchUQiNPGmlMwQ0PHVYfWWcDBexuDBfvF4B2zapS4f+N8ABDxNBl8t85Hw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3711
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-directorate/3QUPVtxsi_XD2zIMgOKy08M3T9A>
Subject: Re: [Iot-directorate] Iotdir last call review of draft-ietf-roll-turnon-rfc8138-09
X-BeenThere: iot-directorate@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list for the IoT Directorate Members <iot-directorate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-directorate/>
List-Post: <mailto:iot-directorate@ietf.org>
List-Help: <mailto:iot-directorate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2020 11:35:07 -0000

Many thanks for your review Carles!



Please see below:



> Some nits/questions/comments follow:

>

> - Section 2.1, 1st paragraph:  s/The Terminology/The terminology

>

> - Section 2.1, 2nd paragraph, first line: s/"RPL Instance”/and “RPL Instance”

>

> - Section 2.1, 3rd paragraph: s/RPL Aware Leaf/RPL-Aware Leaf



Done



>

> - Section 2.2: note that the use of hyphens in the expanded forms of RAL and

> RUL are different from those in draft-ietf-roll-useofrplinfo. (I think the correct

> form is the one in the turnon-rfc8138 document, but I guess this will be

> confirmed at subsequent stages…)



See also https://tools.ietf.org/html/draft-ietf-roll-unaware-leaves-18

We need to converge and I agree that the hyphened version is correct.

Let us start here 😊





> - Section 3: “A MOP value of 7 and above”. If the MOP is a 3-bit field, the

> highest MOP value is 7 (assuming that the lowest value is 0). Why state here

> "and above"? Are there plans to extend the MOP field size?



Yes, there is. See https://tools.ietf.org/html/draft-ietf-roll-mopex-01. This is why. Yet what you are saying makes sense, as written it cannot go beyond 7. I can change to "(and above when extended)"





> - Section 3, after “A MOP value of 7 and above”. s/MUST use

> compression/indicates that compression MUST be used



The following text

"

   Section 6.3.1 of [RFC6550] defines a 3-bit Mode of Operation (MOP)

   in the DIO Base Object.  For MOP values 0 to 6, the use of compression is

   as specified in this document.  A MOP value of 7 MUST use compression by

   default and ignore the setting of the “T” flag.



"

was suggested by Alvaro during his A-D review. But I believe that your proposal does not alter the meaning so I'm picking it.



Resulting sentence:

"

   Section 6.3.1 of [RFC6550] defines a 3-bit Mode of Operation (MOP) in

   the DIO Base Object.  This specification applies to MOP values 0 to

   6.  For a MOP value of 7 (and above when extended), the compression

   MUST be used by default regardless of the setting of the "T" flag."





> - Section 4, 1st paragraph: “if and only if the "T" flag is set.” Should we

> perhaps append “or if the MOP value is 7.”  ?



With the change above, I believe that we are good.





> - Section 4, 1st paragraph: s/implementations/implementation



Done



> - Section 4, 3rd paragraph: What is the "RPL border router"? I couldn't find a

> definition in the Terminology section or in other documents...  May the "RPL

> border router" and the Root run in the same physical device? May the "RPL

> border router" and the Root run in different physical devices?



Here we mean by border router the 6LR that serves the external route at the leaf edge.



Proposed Clarification:

"

   An external target [USEofRPLinfo] is not expected to support

   [RFC8138].  In most cases, packets from and to an external target are

   tunneled back and forth between the border router (referred to as

   6LR) that serves the external target and the Root, regardless of the

   MOP used in the RPL DODAG.  The inner packet is typically not

   compressed with [RFC8138], so for outgoing packets, the border router

   just needs to decapsulate the (compressed) outer header and forward

   the (uncompressed) inner packet towards the external target.

"





> - Section 4, 3rd paragraph: the last sentence is written only from the “from”

> perspective, whereas the previous one is keeps the double "from/to"

> perspective.



True



>

> - Section 4, last paragraph, 1st sentence. Please remove the blank space at the

> end of the sentence.



Done



>

> - Section 5, 1st paragraph, 2nd sentence. Perhaps prepend the following:

> “Without this specification, ”



Generalizing to any signaling:

"

                                    Enabling the [RFC8138] compression

   without a turn-on signaling requires a "flag day"; all nodes must be

   upgraded, and then the network can be rebooted with the [RFC8138]

   compression turned on.

"





"

>

> - Section 7, last sentence. Might this still be exploited as an attack (e.g. to

> battery-operated devices) based on depleting energy at a faster rate? If

> appropriate, please briefly discuss whether this might be significant or not.



Added

"

    An attacker in the middle of the network may reset the "T" flag to cause

    extra energy spending in its subDAG. Conversely it may set the "T" flag, so

    that nodes located downstream would compress when that it is not desired,

    potentially resulting in the loss of packets. In a tree structure, the

    attacker would be in position to drop the packets from and to the attacked

    nodes. So the attacks above would be more complex and more visible than

    simply dropping selected packets. The downstream node may have other

    parents and see both settings, which could raise attention.

"



Does that work?



I pushed the diffs here:



https://github.com/roll-wg/roll-turnon-rfc8138/commit/9f5b90e44c45f2a5003e50cf927c2047ee6fbdbf



Again, many thanks Carles!



Pascal

v2.23.0 | Report a Bug | By Email