IETF Logo Mail Archive

Re: [ipwave] Intdir early review of draft-ietf-ipwave-ipv6-over-80211ocb-34 - shortening the opaque IID text

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Mon, 08 April 2019 13:20 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BBA61200F5; Mon, 8 Apr 2019 06:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=DAz4hPgX; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=dK+F9c9x
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zc1fTMoauuZG; Mon, 8 Apr 2019 06:20:14 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49D29120312; Mon, 8 Apr 2019 06:20:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8634; q=dns/txt; s=iport; t=1554729600; x=1555939200; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ih4blewVVs9wG59D6+FptezME93QtQ1bTg0AC+ldruk=; b=DAz4hPgXfhd5I3TietSdHN0gHnHIE8UJYwn77K9E4ob2KS25qagapoJF ymXx7b1i/ci36fnsRlqQGBqFKnC4DhzIOH2azf51leE3BJ0wU1s+PWcyI LL81tnfhEcJMKqNwEsee1iNj25fKv3VCJcM0mb9hqFCzWPBwmKrKJT5Kp E=;
IronPort-PHdr: 9a23:m60RVRBB/r4gDTe440vmUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qs03kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHwQAld1QmgUhBMCfDkiuNOLqciY3BthqX15+9Hb9Ok9QS47z
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BjAACoSatc/4ENJK1bChwBAQEEAQEHBAEBgVEHAQELAYE9KScDaFQgBAsnhA6DRwOEUopUgleJOI1ggS6BJANUDgEBHw2EQAIXhU4iNAkNAQEDAQEJAQIBAm0cDIVKAQEBAQIBIxEMAQE3AQsEAgEIEQQBAQMCHwcCAgIfERUICAIEDgUIgxuBXQMNCAECDKJMAooUcYEvgnkBAQWEeA0LggwDBYELJQGIfIJKF4FAP4ERRoJMPoIaRwEBA4EzLRWCczGCJoo8B4JTmD02CQKIAYQehB6BGYJFggWGFgWMPIgpKYkjgUSMGAIEAgQFAg4BAQWBTziBVnAVgyeCCgwXFG0BCYJBhRSFP3KBKI9FAQE
X-IronPort-AV: E=Sophos;i="5.60,325,1549929600"; d="scan'208";a="534051329"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Apr 2019 13:19:59 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id x38DJxuN015187 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 8 Apr 2019 13:19:59 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Apr 2019 08:19:58 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Apr 2019 08:19:56 -0500
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 8 Apr 2019 08:19:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ih4blewVVs9wG59D6+FptezME93QtQ1bTg0AC+ldruk=; b=dK+F9c9x5gtVAWBE0BXZzSMxcqDSISWbZDAD1FVEJ9LnECIyGzEGipSl/2FM1ndXB95RBX1wowSSN0aUQZ2A5QfU5/j6y3irZ2OMrFPMWZgLtqDPcMjVxZ2Bi3tE//bzLbH7NC2F7/KTLXI41vVtDwfmKnwpEGgKzLlGJK4xdNo=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4111.namprd11.prod.outlook.com (20.179.150.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1730.16; Mon, 8 Apr 2019 13:19:55 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::8cde:9e01:ad20:d10e]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::8cde:9e01:ad20:d10e%6]) with mapi id 15.20.1771.021; Mon, 8 Apr 2019 13:19:55 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
CC: "int-dir@ietf.org" <int-dir@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "its@ietf.org" <its@ietf.org>, "draft-ietf-ipwave-ipv6-over-80211ocb.all@ietf.org" <draft-ietf-ipwave-ipv6-over-80211ocb.all@ietf.org>
Thread-Topic: Intdir early review of draft-ietf-ipwave-ipv6-over-80211ocb-34 - shortening the opaque IID text
Thread-Index: AQHU7fQIVaHGwG+ffkibvBhhQmJZCaYyOwlwgAADCQCAAAEb0A==
Date: Mon, 08 Apr 2019 13:19:46 +0000
Deferred-Delivery: Mon, 8 Apr 2019 13:19:42 +0000
Message-ID: <MN2PR11MB3565696CF4CBA3EA8830FBA5D82C0@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <155169869045.5118.3508360720339540639@ietfa.amsl.com> <00ae8801-883d-8228-8551-ede699833fc9@gmail.com> <MN2PR11MB3565EF63249F8EDEF45ED310D82C0@MN2PR11MB3565.namprd11.prod.outlook.com> <9b56d00b-02cf-fe16-e0b3-cd7b986bbf99@gmail.com>
In-Reply-To: <9b56d00b-02cf-fe16-e0b3-cd7b986bbf99@gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:c0c0:1005::2b3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d1754f80-8e00-429d-b750-08d6bc24e42e
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600139)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MN2PR11MB4111;
x-ms-traffictypediagnostic: MN2PR11MB4111:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB411130939D093A7315A195B3D82C0@MN2PR11MB4111.namprd11.prod.outlook.com>
x-forefront-prvs: 0001227049
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(346002)(376002)(136003)(39860400002)(366004)(189003)(13464003)(199004)(14444005)(33656002)(71190400001)(74316002)(9686003)(6436002)(316002)(53936002)(66574012)(305945005)(106356001)(81156014)(6246003)(81166006)(8676002)(8936002)(25786009)(5660300002)(55016002)(6916009)(6306002)(229853002)(105586002)(76176011)(46003)(4326008)(6666004)(7736002)(7696005)(486006)(256004)(68736007)(186003)(54906003)(478600001)(476003)(53546011)(97736004)(52536014)(2906002)(446003)(99286004)(14454004)(6506007)(11346002)(86362001)(93886005)(71200400001)(966005)(102836004)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4111; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: hfYHK9nSBEhJESWNWma1BnG62NHfBFK+NyRyH0LRJLe32OW7TV+44Ls46CYlz3fDDDT0MJvIaXPQA/4f8YW9UDEmCJUB/glK8O5piC6QL7L7N/XFoycqqSxZEJr8oZViFN5deqbb/z4/biBwuZzIHRzUpFvzl/e35rM03HPl3iWIhrziN6729r3WK3cO/mABL4w/bMmY7Tv0tilRCY5eoi6g+L3oL0Dbdjs4S0sTifL5b3hix+S1rC4J6XKy2+fx4expToqrCYEW/pscbQqmN0Rt41cxk07EXhDHgpbFTDknUAzL7nehgeTMcaL23UWwl+tpmzSjAKDUNjiuO5yku8k8+JaR4Cqu4o20CN9uwvvFNvKxKiW8ZS1SVeSQaOnW8ld5mV2g4l7RhU45xCzM51alJwZCWkt+shwdrIn0RE4=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d1754f80-8e00-429d-b750-08d6bc24e42e
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2019 13:19:54.6921 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4111
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/L58OqH510bzBJhO6el2YKgNvXdg>
Subject: Re: [ipwave] Intdir early review of draft-ietf-ipwave-ipv6-over-80211ocb-34 - shortening the opaque IID text
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2019 13:20:17 -0000

Yes, that 's just to say OK with me.

All the best,

Pascal

> -----Original Message-----
> From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
> Sent: lundi 8 avril 2019 21:14
> To: Pascal Thubert (pthubert) <pthubert@cisco.com>
> Cc: int-dir@ietf.org; ietf@ietf.org; its@ietf.org; draft-ietf-ipwave-ipv6-over-
> 80211ocb.all@ietf.org
> Subject: Re: Intdir early review of draft-ietf-ipwave-ipv6-over-80211ocb-34 -
> shortening the opaque IID text
> 
> I think 'WFM' means 'Works For Me', so I am happy if it works for you.
> 
> Alex
> 
> Le 08/04/2019 à 15:05, Pascal Thubert (pthubert) a écrit :
> > WFM
> >
> > All the best,
> >
> > Pascal
> >
> >> -----Original Message-----
> >> From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
> >> Sent: lundi 8 avril 2019 18:15
> >> To: Pascal Thubert (pthubert) <pthubert@cisco.com>
> >> Cc: int-dir@ietf.org; ietf@ietf.org; its@ietf.org;
> >> draft-ietf-ipwave-ipv6-over- 80211ocb.all@ietf.org
> >> Subject: Re: Intdir early review of
> >> draft-ietf-ipwave-ipv6-over-80211ocb-34 - shortening the opaque IID
> >> text
> >>
> >>
> >> Le 04/03/2019 à 12:24, Pascal Thubert a écrit :
> >>> Reviewer: Pascal Thubert
> >>> Review result: Not Ready
> >> [...]
> >>> "
> >>> If semantically
> >>>      opaque Interface Identifiers are needed, a potential method for
> >>>      generating semantically opaque Interface Identifiers with IPv6
> >>>      Stateless Address Autoconfiguration is given in [RFC7217].
> >>>
> >>>      Semantically opaque Interface Identifiers, instead of meaningful
> >>>      Interface Identifiers derived from a valid and meaningful MAC address
> >>>      ([RFC2464], section 4), MAY be needed in order to avoid certain
> >>>      privacy risks.
> >>>
> >>> ...
> >>>
> >>>      In order to avoid these risks, opaque Interface Identifiers MAY be
> >>>      formed according to rules described in [RFC7217].  These opaque
> >>>      Interface Identifiers are formed starting from identifiers different
> >>>      than the MAC addresses, and from cryptographically strong material.
> >>>      Thus, privacy sensitive information is absent from Interface IDs, and
> >>>      it is impossible to calculate the initial value from which the
> >>>      Interface ID was calculated.
> >>>
> >>> "
> >>> Duplicate and mis ordered text, isn't it?
> >>
> >> Indeed.  The duplication comes from multiple discussions and
> >> expresses support of many people to the use of opaque identifiers.
> >>
> >> To my defense, there is however a notion of going from generic to
> particular.
> >> In first occurences of opaque IIDs we just refer to the RFC, then
> >> tell how, and so on.
> >>
> >> But of course it is a bit long, and worse, it refers twice to the
> >> RFC7217, which may disturb.
> >>
> >> If you dont mind, I shorten it like this:
> >>
> >> NEW:
> >>>     Semantically opaque Interface Identifiers, instead of meaningful
> >>>     Interface Identifiers derived from a valid and meaningful MAC address
> >>>     ([RFC2464], section 4), help avoid certain privacy risks (see the
> >>>     paragraph below).  If semantically opaque Interface Identifiers are
> >>>     needed, they MAY be generated using the method for generating
> >>>     semantically opaque Interface Identifiers with IPv6 Stateless Address
> >>>     Autoconfiguration given in [RFC7217].  Typically, an opaque Interface
> >>>     Identifier is formed starting from identifiers different than the MAC
> >>>     addresses, and from cryptographically strong material.  Thus, privacy
> >>>     sensitive information is absent from Interface IDs, because it is
> >>>     impossible to calculate back the initial value from which the
> >>>     Interface ID was first generated (intuitively, it is as hard as
> >>>     mentally finding the square root of a number, and as impossible as
> >>>     trying to use computers to identify quickly whether a large number is
> >>>     prime).
> >>>
> >>>     The privacy risks of using MAC addresses displayed in Interface
> >>>     Identifiers are important.  The IPv6 packets can be captured easily
> >>>     in the Internet and on-link in public roads.  For this reason, an
> >>>     attacker may realize many attacks on privacy.  One such attack on
> >>>     802.11-OCB is to capture, store and correlate Company ID information
> >>>     present in MAC addresses of many cars (e.g. listen for Router
> >>>     Advertisements, or other IPv6 application data packets, and record
> >>>     the value of the source address in these packets).  Further
> >>>     correlation of this information with other data captured by other
> >>>     means, or other visual information (car color, others) MAY constitute
> >>>     privacy risks.
> >>
> >> Alex
> >>
> >>
> >>>
> >>> " For this reason, an attacker may realize many
> >>>      attacks on privacy.
> >>> "
> >>> Do we attack privacy? Maybe say that privacy is a real concern, and
> >>> maybe move that text to security section?
> >>>
> >>> "
> >>>      The way Interface Identifiers are used MAY involve risks to privacy,
> >>>      as described in Section 5.1.
> >>> "
> >>> Also duplicate
> >>>
> >>> Nits
> >>> ------
> >>>
> >>> "
> >>>      IP packets MUST be transmitted over 802.11-OCB media as QoS Data
> >>>      frames whose format is specified in IEEE Std 802.11.
> >>> "
> >>> Please add link to the reference
> >>>
> >>> " the 802.11 hidden node"
> >>> Do not use 802.11 standalone (multiple occurrences).
> >>> => "the IEEE Std. 802.11 [ ref ] hidden node", or just "the hidden
> terminal".
> >>>
> >>> BCP 14 text:
> >>>
> >>> Suggest to use this text:
> >>> “
> >>>      The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
> >> NOT",
> >>>      "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
> RECOMMENDED",
> >> "MAY", and
> >>>      "OPTIONAL" in this document are to be interpreted as described in
> >>>      https://tools.ietf.org/html/bcp14 https://tools.ietf.org/html/bcp14
> >>>      [https://tools.ietf.org/html/rfc2119][RFC8174] when, and only when,
> they
> >>>      appear in all capitals, as shown here.
> >>>
> >>> “
> >>>
> >>> All the best
> >>>
> >>> Pascal
> >>>
> >>>
> >>>

v2.23.0 | Report a Bug | By Email