Re: [ipwave] Roman Danyliw's Discuss on draft-ietf-ipwave-ipv6-over-80211ocb-49: (with DISCUSS and COMMENT)
Nabil Benamar <n.benamar@est.umi.ac.ma> Fri, 12 July 2019 05:00 UTC
Return-Path: <n.benamar@est.umi.ac.ma>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44F4A120077 for <its@ietfa.amsl.com>; Thu, 11 Jul 2019 22:00:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=est-umi-ac-ma.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GtlmZqUHvETr for <its@ietfa.amsl.com>; Thu, 11 Jul 2019 22:00:39 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F5721200F8 for <its@ietf.org>; Thu, 11 Jul 2019 22:00:35 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id k20so17631112ios.10 for <its@ietf.org>; Thu, 11 Jul 2019 22:00:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est-umi-ac-ma.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ePDqRbgJ5Xz10w7vUnmN/v6STRwJAVB1CYy/f2YNpN8=; b=ife0pTqiKHaTPiJ6XxYNVSTRvJHbehyHOQ22IvN7/uXJBpWopM8vYEKlKWTNEFWqe5 aQF9go6/92FOw2WaM5VMFitPcuKB1fODIA8jahzMADEhqKcd1iocu7erx053gJrH+IBb UCelUj+8u12Da5ML9rm6As2P6JRLWtFPVTdYbpaw368zHGTE0bLSZX/dJ0GdJCMWs1mL Btc10/TL9kG4ggWv7CJdUIa3gPc8Z/9f+sr3SqYa+UshXmhwE4mPJuGyfSsqNkrgNrHH 4EHsyLL49k/UXdrF8DjrtkDOHmmyb2mOEXodgDjQjzWylCOxKPN1Yj5+O3MzLu+36LAX pHiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ePDqRbgJ5Xz10w7vUnmN/v6STRwJAVB1CYy/f2YNpN8=; b=aBJfULgAEHEMSSRnClYPmf9gqPfAGmXHQset5j0rX6P9n+2NTCnqHPRzbKsgEe2+gG jg1chkJQeeI4EaR/w/8AoB2GY4ee/CdKebNowQH6LyUK8HJWGL9DAGGDKNfEfgStEunI iJJ0n0muegC7uGZevYe42OiY/gD8H66cjCBT2N9JmU5ykaI7mcZk5eOCYid94nneRJPy AdzQt9+rWcKwbw5tL188nkng+esXO6PETaYx/1qzqUIxT2F/tZukRTzgvIqWN9N6QUa6 KMh+XKRD50s64wWdp0Mvmik0PLMgkl5LZv2SuvrkrTRGM+L5aXd9/oDdLheTg03thn6E nQZA==
X-Gm-Message-State: APjAAAXq1a/mWwV+79RxtGL03NaJy41qugpZbVAEdwnedPY6PwXiDO2D SVkVHY2X52VO6CSZNRmwvr5JnxLYdwit85JcAY8h6Q==
X-Google-Smtp-Source: APXvYqyfqXuaQp9GKayz6QNPU2Gzxe2gAGy0dslCbm6d80BvXLt/X8+O31WkeypZ2IlqmAxHtjFssQBVFtXXPBXo/9I=
X-Received: by 2002:a5d:8890:: with SMTP id d16mr8292787ioo.274.1562907634427; Thu, 11 Jul 2019 22:00:34 -0700 (PDT)
MIME-Version: 1.0
References: <156270262382.15819.8454309099280995022.idtracker@ietfa.amsl.com> <CAD8vqFdf7yTAVFeiz7t4qazhcrYjDcMOPPbvfwQy2xcA9GjQ2A@mail.gmail.com> <359EC4B99E040048A7131E0F4E113AFC01B33CE293@marchand>
In-Reply-To: <359EC4B99E040048A7131E0F4E113AFC01B33CE293@marchand>
From: Nabil Benamar <n.benamar@est.umi.ac.ma>
Date: Fri, 12 Jul 2019 06:00:58 +0100
Message-ID: <CAD8vqFexwdsqFQ4tUGdQpxvV=wWb1Y4GpZZtjCuyHZbH=vOqwA@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: IESG <iesg@ietf.org>, draft-ietf-ipwave-ipv6-over-80211ocb@ietf.org, Carlos Bernardos <cjbc@it.uc3m.es>, "ipwave-chairs@ietf.org" <ipwave-chairs@ietf.org>, "its@ietf.org" <its@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005e003b058d74ca5f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/-3n1fj6489VdMabkol0s-frzVxQ>
Subject: Re: [ipwave] Roman Danyliw's Discuss on draft-ietf-ipwave-ipv6-over-80211ocb-49: (with DISCUSS and COMMENT)
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 05:00:42 -0000
Hi Roman, Thank you for your review. I agree on the text you added, and the parts that should be removed. I will update the draft as soon as the window is opened. I guess during Montreal meeting. Thanks again. Yours. On Fri, Jul 12, 2019, 02:50 Roman Danyliw <rdd@cert.org> wrote: > > > > > *From:* Nabil Benamar [mailto:n.benamar@est.umi.ac.ma] > *Sent:* Wednesday, July 10, 2019 7:37 AM > *To:* Roman Danyliw <rdd@cert.org> > *Cc:* The IESG <iesg@ietf.org>; > draft-ietf-ipwave-ipv6-over-80211ocb@ietf.org; Carlos Bernardos < > cjbc@it.uc3m.es>; ipwave-chairs@ietf.org; its@ietf.org > *Subject:* Re: Roman Danyliw's Discuss on > draft-ietf-ipwave-ipv6-over-80211ocb-49: (with DISCUSS and COMMENT) > > > > Hi Roman, > > > > Thank you for your detailed review. Let me start with the 'DISCUSS' > comments. > > > > Please see my answers below. > > > > On Tue, Jul 9, 2019 at 9:03 PM Roman Danyliw via Datatracker < > noreply@ietf.org> wrote: > > Roman Danyliw has entered the following ballot position for > draft-ietf-ipwave-ipv6-over-80211ocb-49: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ipwave-ipv6-over-80211ocb/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > A few items per the text in the Security Considerations (Section 5): > > (1) Section 5. Per “A previous work at SAVI WG identifies some threats > [RFC6959], while SeND presented in [RFC3971] and [RFC3972] is a solution > against address theft but it is complex and not deployed.”, a few > questions: > > ** What specific threats from RFC6959 are of concern? Which mitigations > for > them are being proposed? > > Since there is no Layer 2 security in OCB, anyone can join the same subnet and impersonate any only else, to source traffic and get the traffic back. > > > > [Roman] In this case, perhaps something more precise could be said: > > > > OLD: > > The potential attack vectors are: MAC address spoofing, IP address > > and session hijacking, and privacy violation Section 5.1. A previous > > work at SAVI WG identifies some threats [RFC6959], while SeND > > presented in [RFC3971] and [RFC3972] is a solution against address > > theft but it is complex and not deployed. > > > > NEW: > > When using OCB, no layer 2 security is provided. Therefore, any node can join a subnet, directly communicate with any nodes on the subset to include potentially impersonating another node. This design allows for a number of threats outlined in Section 3 of [RFC6959]. While not widely deployed, SeND [RFC3971] [RFC3972] is a solution that can address <insert qualifying statements on which subset of the threats in Section 3>” > > END > > > > There is no mitigation in this specification because it is limited to RFC 4861 and 4862 and SeND is not available in the current stacks. > > > > ** Why mention SeND if it is “complex and not deployed”? > > > > This was informational because it may be the only pertinent remediation. > > > > > (2) Section 5. Per “More IETF protocols are available in the toolbox of > the IP > security protocol designer. Some ETSI protocols related to security > protocols > in ITS are described in [ETSI-sec-archi].”: > > ** Are there specific protocols to mention here? Would they be > different/OCB-specific than what was already noted in the beginning of the > section -- “Any security mechanism as the IP layer or above that may be > carried > out …”? > > ** What specific ETSI protocols are being recommended from > [ETSI-sec-archi]? > > > > This sentence is just informational. I propose to remove the whole > sentence. > > > > [Roman] That works for me. > > > > > (3) Section 5.2. Per “An Interface ID SHOULD be of length specified in > other > documents”, what other documents? > > I'm afraid no other documents as mentioned by Alex in its reply. To be > removed. > > > > [Roman] Removing the text works for me. > > > > Thanks, > > Roman > > > > > (4) Section 5.3 I’m having trouble following this section – is this a > discussion of a threat or mitigation? The references to Section 4.4 and > 5.0 > didn’t clarity this for me. > > ** What is meant by the drivers’ identity in this case? What is the > pseudonym > scheme is being used to protect it or what requirements are being set for > it? > > ** What are the specific challenges of concern around pseudo-anonymization > approaches to which an allusion is made? > > ** Who is the trusted third parted needed? > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > (5) Section 1. Per “The resulting stack inherits from IPv6 over Ethernet > [RFC2462], but operates over …”, what exactly is being inherited? What > does > “inherited” mean in this case? > > (6) Section 4.3. Per “Among these types of addresses only the IPv6 > link-local > addresses can be formed using an EUI-64 identifier, in particular during > transition time”, the meaning of the “in particular during transition time > isn’t clear to me. > > (7) Section 5. Per “The OCB operation is stripped off of …”, is this > sentence > saying that OCB operations doesn’t use 802.11 link layer security > mechanisms, > or does the OCB operation actively remove (i.e., strips) 802.11 link layer > security mechanisms? I’m getting caught up in the use of “stripped off”. > > (8) Section 5, Per “Any attacker can therefore just sit in the near range > of > vehicles ... and performs attacks without needing to physically break any > wall”, I’d recommend revising this sentence to reflect that it isn’t just > vehicles and that active attacks are possible: > > NEW: > Therefore, an attacker can sniff or inject traffic while within range of a > vehicle or IP-RSU (by setting an interface card’s frequency to the proper > range). > > (9) Section 5. What is “protected 802.11” mentioned in “Such a link is > less > protected …”? > > (10) Section 5.2. SHA256 needs a reference. > > (11) Editorial Nits > ** Table of Contents. There is odd spacing in the title of Appendix C > > ** Section 1. Typo. s/Appendicies/Appendices/ > > ** Section 1. Typo. s/Concretly/Concretely/ > > ** Section 1. Editorial. s/[RFC1042], [RFC2464] ./[RFC1042 and > [RFC2464]./ > > ** Multiple sections. Editorial, to make an RFC citation a reference. > s/RFC2464/[RFC2464]/ and s/RFC 7217/[RFC7217]/ > > ** Section 4.5. Typo. s/.A A future/. A future/ > > ** Section 4.6. Typo. s/links; The/links. The/ > > ** Section 5.1. Typo. s/Futhermore/Furthermore/ > > ** Section 5.1. Typo. s/pricavy/privacy/ > > ** Section 5.2. Typo. s/admninistered/ administered/ > > ** Appendix B. s/Ammendment/Amendment/ > > ** Appendix H. Duplicate word. s/section Section 2/Section 2/ > > ** Appendix I. Typo. s/specificed/specified/ > > ** Appendix I. Typo. s/Moreoever/Moreover/ > > > > > -- > > > Best Regards > > > > Nabil Benamar > > Associate Professor > > Department of Computer Sciences > > School of Technology > > Moulay Ismail University > > Meknes. Morocco > > > > >
- [ipwave] Roman Danyliw's Discuss on draft-ietf-ip… Roman Danyliw via Datatracker
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Alexandre Petrescu
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Nabil Benamar
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Alexandre Petrescu
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Nabil Benamar
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Roman Danyliw
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Nabil Benamar
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Roman Danyliw
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Alexandre Petrescu