Re: [ipwave] Review of https://tools.ietf.org/html/draft-ietf-ipwave-vehicular-networking-14
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Tue, 21 April 2020 16:14 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 378BB3A0D67 for <its@ietfa.amsl.com>; Tue, 21 Apr 2020 09:14:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Li-J7wC4p3rq for <its@ietfa.amsl.com>; Tue, 21 Apr 2020 09:14:06 -0700 (PDT)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E2CF3A0D76 for <its@ietf.org>; Tue, 21 Apr 2020 09:14:03 -0700 (PDT)
Received: by mail-lf1-x12d.google.com with SMTP id u10so11556290lfo.8 for <its@ietf.org>; Tue, 21 Apr 2020 09:14:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vsiasvi/59gMuM8I2JofvcpL+vYIa6N9Sv2DpxV8hdc=; b=XxRBXC/9G40BF5HdwViOV1ufwnggR8lHo6dXGEhFKDfVH4cGlXuk1H6n0tkv6REQiI Lto8rw+oY+/DF69YgIs0frSs8UIgS/+R4lnK05Ozn36MMiU4bFsZHNcSX/98Ge9dQHq+ Emhmm5DzH09ImiAfs+c/dx0edXBWME/76AJziErpBdB2KaDTenGtEE0Vm5UXzCdcmxqS P3UjQ8tcc0FyM4j74FYlplA880SpjZ7hWMhhdUK3KlfzNAmwq6Xw7bEslE/PKQKvf6Hk +uMQ3+kHQMs9ywYp5yiy/SHc4Rg1HnTqNEVLDYLLQoLiwf1KtufNpnPyHLuyKeAoap1d JOiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vsiasvi/59gMuM8I2JofvcpL+vYIa6N9Sv2DpxV8hdc=; b=TMSp0kg+7+uqwSUIXgshIeepGfuIiVdpJ4F+94Dnra1u+KOV9DNouCIqj0EOeZ0lSa y1yXZU2eaFcHbTL9nUPN8WjdMcy/JL4M1iPYUNco352M/9wmM/Pne/MybT3kXUnMtCvN dZtxTHVhObTPGYmSYpukbN+ZE5d3+19vLI99L2GYnelD4O2EdSbbDKCzcqPL+1qlCd8y efZyBq0TJSmyR6vmWpfBPnhlE0P8hRWMYRSJZighhEOj/rAiwyJ+9m/Je5I98uf8uprG Dsc+NB/QFgo5W5boy/UC6vzCoEP8188osmvnapN926j2OEUxy5e/TxNVKcs7zTmTC5Yo TbiA==
X-Gm-Message-State: AGi0PuY+6mWrg8eUvxcddejbUUt8QloCYxK2RmaT8/8575HLNYtJ57dU BeuHxVUvH/aqDX3AW1HLZ2C5CXJ+OEZv1rHhjC4=
X-Google-Smtp-Source: APiQypJo7ZyDa+/Y1uF+SefzLOU3LqSdoYxH2pFi3fSXn/7AOPZlq1DaatOoCVTYZA/NizMHRGJoN6WjqVxsyJodgKU=
X-Received: by 2002:a19:4843:: with SMTP id v64mr14366352lfa.155.1587485640166; Tue, 21 Apr 2020 09:14:00 -0700 (PDT)
MIME-Version: 1.0
References: <7D0EF658-DC5D-4598-9685-6C810D1C5B54@cisco.com>
In-Reply-To: <7D0EF658-DC5D-4598-9685-6C810D1C5B54@cisco.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Wed, 22 Apr 2020 01:13:53 +0900
Message-ID: <CAPK2DewU+5LX6-9MN=hsG05OhH=n8aE9TWOdMDyYF-HsEkU8uA@mail.gmail.com>
To: "Nancy Cam-Winget (ncamwing)" <ncamwing=40cisco.com@dmarc.ietf.org>
Cc: "its@ietf.org" <its@ietf.org>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000ab13e105a3cf4d3f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/aphF7tNO97qfOqxhkodHctr8thQ>
Subject: Re: [ipwave] Review of https://tools.ietf.org/html/draft-ietf-ipwave-vehicular-networking-14
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2020 16:14:12 -0000
Hi Nancy, I sincerely appreciate your super good comments. Most of your comments seem to be useful to improve our IPWAVE PS draft. I will try to reflect your comments and questions on the revision. Thanks. Best Regards, Paul On Tue, Apr 21, 2020 at 9:58 AM Nancy Cam-Winget (ncamwing) <ncamwing= 40cisco.com@dmarc.ietf.org> wrote: > Hi, > > I have reviewed > https://tools.ietf.org/html/draft-ietf-ipwave-vehicular-networking-14 and > have quite a few comments. > > Most of them relate to whether this document is meant to lay out > challenges of using current IPv6 standards+extensions > > In vehicular networks only, or if requirements are to be listed. The > abstract and intro elude to requirements, but I didn’t > > see these listed out or if they did, they were not placed in any > consistent way…. > > > > Terminology: > > V2D vs. V2P: it would be good to better classify the “device” as IoT > device types are many similarly for “person”. Of interest here, especially > for security and privacy considerations, is a device a M2M device or is it > one where one can expect to be driven by a human (e.g. mobile phone). I am > presuming it is the former as you have V2P and I’m not sure the intent is > that the vehicle communicates directly to a human but rather to a device > that is being controlled by a human. > > > > There is a typo in “Edge Network (EN) : In” the “In” should be EN. > > > > Section 3: > > This sentence is awkward: > > “Thus, the IPv6 > > for these use cases should be extended for vehicular IPv6 such that > > the IPv6 can support the functions of the network layer protocol such > > as Vehicular Neighbor Discovery (VND), Vehicular Mobility Management > > (VMM), and Vehicular Security and Privacy (VSP) in vehicular > > networks.” > > I think the intent is for this document to describe the motivation for why > IPv6 and its protocols need to be extended in order to support “vehicular > networks”. I would suggest reworking this paragraph and the next to > something like: > > “The use cases presented in this section serve as the description and > motivation for the need to extend IPv6 and its protocols to facilitate > ‘vehicular IPv6’. Section 5 summarizes the overall problem statement and > IPv6 requirements.” > > > > Section 3.1 > > · “ navigation for driving safety” : should that be “safely” or > “for providing driving safety plans”? > > > > The 2nd paragraph of this section doesn’t provide a rationale for why > IPv6 needs to support single-hop or multi-hop in a wireless medium. The > wireless hops are controlled at the link not MAC layer (e.g. IPv6). There > is more clarification or description that better highlights why IPv6 (as a > dependency with the link layer?) is relevant. > > - While these use cases are relevant, the descriptions merely describe > the uses for the application layer signaling. I presume that for > efficiency and expediency (e.g. to deal with minimal latency), the services > for establishing neighbors in a V2V topology it is best done at the IPv6 > layer, vs. the 802.11p layer? But that is not really well described or > clarified other than “Since IP is widely used among various computing > devices in the Internet, it is expected that the use cases in this section > need to work on top of IPv6 as the network layer protocol.” In the > beginning of this full section. More motivation at the beginning of the > section for why it has to be at IPv6 layer should help to address the > neighbor discovery, but also a better description for why the security > scope for these scenarios will help provide the reasoning for why security > extensions in IPv6 are needed. > > > > Section 3.2 and 3.3 > > · Similar to Section 3.1 a better explanation for why the > “multi-hop” is required at IPv6 vs. at the link layer. Some mesh networks > establish the hops at the link layer….then there’s RPL (RFC 6550) that > speaks to constrained connected entities needing to establish > connectivity. Their motivation is clear, while I’m not sure RPL can be > used “as is”, their motivations seem similar so would expect to see some > rationale for why the vehicular space is different than those listed in > RFC6550 to help motivate the need for further work. > > > > Section 4.1 > > Is the Traffic Control Center “all of the Vehicular Cloud” or is it meant > to be 1 application or service in the cloud? They way it is depicted, it > equated TCC = Vehicle cloud but the description in this section “…(TCC) is > connected to the Vehicular Cloud for the management of IP-RSUs and vehicles > in the road network” infers that it is an application in the cloud used to > manage the connections between IP-RSUs and vehicles, is that correct? > > Perhaps just use one of the terms (e.g. TCC) and define it as “TCC is a > cloud application used to manage connections….” > > > > Section 5 > > · There should be a space between “abovementioned” > > · I might argue that timing constraints for a session between 2 > vehicles or a moving vehicle to an IP-RSU would be in the same order of > magnitude. The presumption made, which should be made explicit, is that > IP-RSU’s are geographically fixed and are not expected to move, where are > vehicles are highly mobile. > > · I also believe the lifetime (or time-to-live) of a session > should vary depending on the types of sessions being established, are there > no considerations for these? > > · From the descriptions, I would tease out that the problem and > challenges arise from: (1) highly mobile environments, to differentiate > this from voice calls or cellular mobility, there are considerations to the > packet delivery and to the session establishment (2) the “units” (whether > OBU or RSU) are highly constrained in cpu and memory (3) both the mobility > and constrained environments should also bring in the considerations of the > session lifetimes and key management used for these sessions. If this is > the case, I would prefer to see these requirements made more explicit. > > · But I am not seeing how these challenges provide a set of > requirements. A section that summarizes or turns these challenges to > requirements would help; the alternative is to make these subsections > crisper into the requirements needed to address the challenges or gaps > presented in IPv6 of each section. > > Section 5.1 > > · I am not sure what requirements or challenges the use cases are > faced with to warrant IPv6 neighbor discovery. Given the > requirements/challenges I listed in a previous bullet, by the time you get > a IPv6 ND packet and process it, that particular entity may be out of > reach. So, I think the problem or challenge faced here is that for these > use cases, what is required is for a mechanism/protocol that allows for > these nodes to securely advertise themselves (at the IP layer) with > globally unique IPv6 addresses. I might counter that vehicle speed and > density may be irrelevant if the goal for this requirement is to be able to > get enough of the identity of the node you may want to connect to. Having > the long prose description of the problems is OK (although much of this I > believe is also already in RFC 8691), but it is hard to determine what is > actually needed to fulfil these use cases. > > Section 5.1.1 > > · “wheh” should be “when” > > · Perhaps I’m being too literal, “…can have multiple links > between pairs of vehicles with wireless communication range, as shown in > Figure 4.” I only see a single link between each vehicle pair? > > > > Section 6 > > · Should this section follow the style of the “here are the > requirements” that are not met in IPv6 security based on the challenges > described? Or should this be more to provide the set of potential attacks > that need to be addressed when considering the requirements (e.g. IPv6 > “vehicular” deployment scenarios)? Neither come across strongly in this > section. > > · 2nd paragraph “ Vehicles and infrastructure must be authorized > in order to participate in vehicular networking.” (e.g. must vs. need). > Also, I see authorized, what about authenticated? The receiver must have > assurances that the information is authentic, perhaps using privacy > preserving techniques. > > · The last sentence of the paragraph needs to be qualified; that > is, as this is the security considerations section, there needs to be at > minimum examples (not necessarily exhaustive) of the types of attacks > possible. > > · Do vehicular networks need to provide confidentiality? For > privacy reasons, I think this is a hard requirement? But there are some > IEEE 1609 messages that are not encrypted? > > · 3rd paragraph is somewhat confusing, I think it is trying to > state: “Strong security measures against lying nodes are required. As > nodes communicate information that can be used by safety applications, > protections to ensure the communication is authentic, protected from > forgery and originates from an authorized node.” The “authorized node” will > require special considerations given the nature of the highly transient > connections. I would argue that just because it is a valid certificate, > does not make a vehicle “good”, but perhaps you are trying to state that > the assessment of what makes a “good” or “trusted” vehicle is outside the > scope of this charter? Or is this meant to be a segue to the next > paragraph, though that paragraph refutes using “valid certs” only. > > · I disagree that an unauthenticated VIN number is not sufficient > to identify a car (note that there are instances in which VINs have changed > when a vehicle’s engine, for instance, gets replaced). Tighter > requirements should be imposed as to when it is a Vehicle vs. a user on a > device. The draft describes a Vehicle as having its own network so it > would seem that each element in that network should be authenticated….there > needs to be a better description of this in the security section. When > describing a “Vehicle” are you identifying that network? A particular > component of that network? A particular application in the host of the > vehicle? Authentication is strong requirement, both at the message, > transport and entity level; these need to be distinctly called out. > > · Is the paragraph on pseudonym trying to assert that “In order > to propagate the notion of pseudonym, the IPv6 address must also be updated > periodically?” This is the first paragraph where there is mention of a > “long-living transport-layer session”. The document should make clear the > types of connections and their expected lifetimes….especially as it relates > to pseudonyms and the expectation that an infrastructure (mobility case) > would have to cache and manage these. > > > > Let me know if the comments need further elaboration or clarification. > > > > Warm regards, Nancy > > > > > _______________________________________________ > its mailing list > its@ietf.org > https://www.ietf.org/mailman/listinfo/its > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Associate Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com, pauljeong@skku.edu Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [ipwave] Review of https://tools.ietf.org/html/dr… Nancy Cam-Winget (ncamwing)
- Re: [ipwave] Review of https://tools.ietf.org/htm… Mr. Jaehoon Paul Jeong
- Re: [ipwave] Review of https://tools.ietf.org/htm… Nancy Cam-Winget (ncamwing)