Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 Security of WSMP and WSA is FYI only
William Whyte <wwhyte@securityinnovation.com> Sat, 11 February 2017 11:01 UTC
Return-Path: <wwhyte@securityinnovation.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3730129410 for <its@ietfa.amsl.com>; Sat, 11 Feb 2017 03:01:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=securityinnovation.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RVjjBRdJAQZB for <its@ietfa.amsl.com>; Sat, 11 Feb 2017 03:01:18 -0800 (PST)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31A13127601 for <its@ietf.org>; Sat, 11 Feb 2017 03:01:18 -0800 (PST)
Received: by mail-io0-x229.google.com with SMTP id j13so67176897iod.3 for <its@ietf.org>; Sat, 11 Feb 2017 03:01:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=securityinnovation.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mXnbcMFuC5Y5kvfLM41wuxA6uteQgf+mQV7ynmonhwY=; b=UR2CLGEMbEF/TpPbZ0uNo4fEq0khFu27gWuJnPlV9pNFL5iFb0sGwR37kOEk9q/wMQ Ybea/OPNGWJoAsb5D7C6ffDjsdsNgY14LTdi5FMZ7iBq88EcBFE9osaNvAH8dKYW9N4/ AxvRckkvYKMGd6rVjmmHdzJZ7KKVI1AxV87kU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mXnbcMFuC5Y5kvfLM41wuxA6uteQgf+mQV7ynmonhwY=; b=E26477md79RJ30iID3XEQm1emfeqSO50w6USMM92j3bNeI02KO4GW/QjhtPhHL0SXu JxkwlmUjnoyuTEN4l07o3lTG/mm3cGO77B4/DK+uUs9q8raavqISIJXC9wk2ZRA2nopi 2RjMFNjwUEfVBn3wzFIHSc6haXIx/x4YAAIIrek1M6DvRD2rlVEtg/Cv8bEmjoqyYq9t Mfz/SlT2jqDGCJNMw4v4UE7ArE8qMgDynwW9xJVeDTwIL6VpDDc/NuG92T5VqhHwJfRx MyGr106v9+6/gXz3JFLlzULITRnGjWBe8iuKYrVEFR2xS2gpRO+5v3NjGVpFkRIPtS30 HKvg==
X-Gm-Message-State: AMke39kS2gAP6ud7ytncJ+kviEX1GB6y3XAKRycvBPziRsyFVFRKAk3RLAF3euNYOEJrCNXnhuuNN4kmFg9lHHLQ
X-Received: by 10.107.160.140 with SMTP id j134mr14336106ioe.180.1486810877284; Sat, 11 Feb 2017 03:01:17 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.176.209 with HTTP; Sat, 11 Feb 2017 03:01:15 -0800 (PST)
In-Reply-To: <EFF8E744B9DA464EB36A5DB4CCF455E2@SRA6>
References: <148052970170.9607.12043916621198119260.idtracker@ietfa.amsl.com> <d5a73f15-9658-dc0d-3706-13dc11dd484f@cea.fr> <CACz1E9qAtpgt=ZMTZGpu7dXJBbTaP5bveOHc8WCfqvFfX7Y76g@mail.gmail.com> <EFF8E744B9DA464EB36A5DB4CCF455E2@SRA6>
From: William Whyte <wwhyte@securityinnovation.com>
Date: Sat, 11 Feb 2017 03:01:15 -0800
Message-ID: <CACz1E9qp=0RYEK42tXZM_tmtEzWa6b+TP06T4pwUemty4D1=hw@mail.gmail.com>
To: Dick Roy <dickroy@alum.mit.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/BPBwDfMLd9B7mCKgje-kMI37bTQ>
Cc: Alexandre Petrescu <alexandre.petrescu@gmail.com>, its@ietf.org
Subject: Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 Security of WSMP and WSA is FYI only
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Feb 2017 11:01:20 -0000
I wasn't that tired :-) 1609.3 section 6.2.4.2.1 specifies how a WSA can be protected with 1609.2 mechanisms. 1609.3 Annex H gives the 1609.2 security profile for WSA. So I think it's accurate to say that 1609.3 specifies security mechanisms, which are defined in 1609.2, to protect WSA. 1609.2 only mentions WSA twice, once in an example, once in an informative annex. So I think "1609.3 specifies security mechanisms (from 1609.2)" is an accurate way to say this, just as if WSAs were sent over TLS, "1609.3 specifies security mechanisms (from TLS)" would be accurate. The reason why this matters is that it emphasizes that when you're going over WSMP, it's up to the specification of the higher layer entity (in this case, the WME) to specify the security; WSMP itself doesn't provide any security, and 1609.2 is just a set of tools that have to be explicitly referenced in the higher layer entity specification. Cheers, William On Fri, Feb 10, 2017 at 9:20 PM, Dick Roy <dickroy@alum.mit.edu> wrote: > William is a bit tired ... it was a long flight! The security mechanisms > are found in 1609.2, not 1609.3 :^))) Other than that, he is absolutely > right as usual, if for no other reason than he was and still is the most > significant contributor to this effort. > > Cheers, > > RR > > -----Original Message----- > From: William Whyte [mailto:wwhyte@securityinnovation.com] > Sent: Friday, February 10, 2017 8:32 AM > To: Alexandre Petrescu > Cc: its@ietf.org > Subject: Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 Security of > WSMP and WSA is FYI only > > To be clear, WSMP has no inbuilt security. Higher layer entities that > use WSMP may send secured payloads but this is part of the application > specification, not provided by WSMP. > > WSA is an example of such a higher layer entity; 1609.3 specifies > security mechanisms (from 1609.2) that are applied before sending the > WSA over WSMP. Note that whether or not to use the 1609.3 security > approach is up to individual deployments -- a private deployment, for > example, could conceivably decide to use different security or no > security, but the recommended approach is the one in 1609.3. > > Cheers, > > William > > On Fri, Feb 10, 2017 at 2:52 AM, Alexandre Petrescu > <alexandre.petrescu@gmail.com> wrote: >> draft-ietf-ipwave-ipv6-over-80211ocb-00 >> Security of WSMP and WSA is FYI only >> >> Hello IPWAVErs, >> >> We received a comment suggesting that our mentioning of IEEE WSMP and >> WSA being secure should be FYI only (i.e. not req on IEEE, nor a >> statement about IEEE mechanism). As such I remove the following > paragraph: >> >> old: >>> >>> The WAVE protocol stack provides for strong security when using the >>> WAVE Short Message Protocol and the WAVE Service Advertisement >>> [ieeep1609.2-D17]. >> >> >> Alex >> >> >> >> _______________________________________________ >> its mailing list >> its@ietf.org >> https://www.ietf.org/mailman/listinfo/its >> > > >
- [its] I-D Action: draft-petrescu-ipv6-over-80211p… internet-drafts
- Re: [its] I-D Action: draft-petrescu-ipv6-over-80… Alexandre Petrescu
- Re: [its] I-D Action: draft-petrescu-ipv6-over-80… Russ Housley
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Nabil BENAMAR
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Dr. Hans-Joachim Fischer
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Dr. Hans-Joachim Fischer
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Dr. Hans-Joachim Fischer
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… François Simon
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Nabil BENAMAR
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… John Kenney
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jerome Haerri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jerome Haerri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Russ Housley
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… John Kenney
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… François Simon
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… William Whyte
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Michelle Wetterwald
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… François Simon
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Rex Buddenberg
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Michelle Wetterwald
- [ipwave] ITS RDE and packet dumps Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Nabil Benamar
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Tony Li
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… William Whyte
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… William Whyte
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… John Kenney
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Rex Buddenberg
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… François Simon
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… William Whyte
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… William Whyte
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Rex Buddenberg
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… John Kenney
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Dr. Hans-Joachim Fischer
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Dr. Hans-Joachim Fischer
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… José Santa Lozano
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… José Santa Lozano
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… François Simon
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Dr. Hans-Joachim Fischer
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… François Simon
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Jérôme Härri
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… François Simon
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… José Santa Lozano
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Michelle Wetterwald
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… José Santa Lozano
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… François Simon
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 … Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu
- Re: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb… Alexandre Petrescu