Re: [ipwave] Roman Danyliw's Discuss on draft-ietf-ipwave-ipv6-over-80211ocb-49: (with DISCUSS and COMMENT)
Alexandre Petrescu <alexandre.petrescu@gmail.com> Wed, 10 July 2019 13:05 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B8A5120142 for <its@ietfa.amsl.com>; Wed, 10 Jul 2019 06:05:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.631
X-Spam-Level:
X-Spam-Status: No, score=-2.631 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jajzC5MgfolV for <its@ietfa.amsl.com>; Wed, 10 Jul 2019 06:05:33 -0700 (PDT)
Received: from oxalide-smtp-out.extra.cea.fr (oxalide-smtp-out.extra.cea.fr [132.168.224.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1171812013F for <its@ietf.org>; Wed, 10 Jul 2019 06:05:32 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x6AD5Ug9083125 for <its@ietf.org>; Wed, 10 Jul 2019 15:05:30 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 7965420836D for <its@ietf.org>; Wed, 10 Jul 2019 15:05:30 +0200 (CEST)
Received: from muguet1-smtp-out.intra.cea.fr (muguet1-smtp-out.intra.cea.fr [132.166.192.12]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 7280620832F for <its@ietf.org>; Wed, 10 Jul 2019 15:05:30 +0200 (CEST)
Received: from [132.166.86.101] ([132.166.86.101]) by muguet1-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x6AD5U3f018459 for <its@ietf.org>; Wed, 10 Jul 2019 15:05:30 +0200
To: its@ietf.org
References: <156270262382.15819.8454309099280995022.idtracker@ietfa.amsl.com> <CAD8vqFdf7yTAVFeiz7t4qazhcrYjDcMOPPbvfwQy2xcA9GjQ2A@mail.gmail.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <9d12653d-1102-6b3e-d86c-f1194ef0716f@gmail.com>
Date: Wed, 10 Jul 2019 15:05:30 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <CAD8vqFdf7yTAVFeiz7t4qazhcrYjDcMOPPbvfwQy2xcA9GjQ2A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/n8Z3mL3dpI36K15pFz2M67ue55M>
Subject: Re: [ipwave] Roman Danyliw's Discuss on draft-ietf-ipwave-ipv6-over-80211ocb-49: (with DISCUSS and COMMENT)
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 13:05:37 -0000
Le 10/07/2019 à 13:36, Nabil Benamar a écrit : > Hi Roman, > > Thank you for your detailed review. Let me start with the 'DISCUSS' > comments. > > Please see my answers below. > > On Tue, Jul 9, 2019 at 9:03 PM Roman Danyliw via Datatracker > <noreply@ietf.org <mailto:noreply@ietf.org>> wrote: > > Roman Danyliw has entered the following ballot position for > draft-ietf-ipwave-ipv6-over-80211ocb-49: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ipwave-ipv6-over-80211ocb/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > A few items per the text in the Security Considerations (Section 5): > > (1) Section 5. Per “A previous work at SAVI WG identifies some threats > [RFC6959], while SeND presented in [RFC3971] and [RFC3972] is a solution > against address theft but it is complex and not deployed.”, a few > questions: > > ** What specific threats from RFC6959 are of concern? Which > mitigations for > them are being proposed? > > Since there is no Layer 2 security in OCB, anyone can join the same > subnet and impersonate any only else, to source traffic and get the > traffic back. ____ > > There is no mitigation in this specification because it is limited > to RFC 4861 and 4862 and SeND is not available in the current stacks. > > ** Why mention SeND if it is “complex and not deployed”? > > > This was informational because it may be the only pertinent remediation. We worked a few months to get SeND working with IPv6 on OCB. We were not successful. We reported the open source tools tried here on the list. At this time our IPv6-over-OCB trial is unsecured. Alex > > > (2) Section 5. Per “More IETF protocols are available in the > toolbox of the IP > security protocol designer. Some ETSI protocols related to security > protocols > in ITS are described in [ETSI-sec-archi].”: > > ** Are there specific protocols to mention here? Would they be > different/OCB-specific than what was already noted in the beginning > of the > section -- “Any security mechanism as the IP layer or above that may > be carried > out …”? > > ** What specific ETSI protocols are being recommended from > [ETSI-sec-archi]? > > > This sentence is just informational. I propose to remove the whole sentence. > > > (3) Section 5.2. Per “An Interface ID SHOULD be of length specified > in other > documents”, what other documents? > > I'm afraid no other documents as mentioned by Alex in its reply. To be > removed. > > > (4) Section 5.3 I’m having trouble following this section – is this a > discussion of a threat or mitigation? The references to Section 4.4 > and 5.0 > didn’t clarity this for me. > > ** What is meant by the drivers’ identity in this case? What is the > pseudonym > scheme is being used to protect it or what requirements are being > set for it? > > ** What are the specific challenges of concern around > pseudo-anonymization > approaches to which an allusion is made? > > ** Who is the trusted third parted needed? > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > (5) Section 1. Per “The resulting stack inherits from IPv6 over > Ethernet > [RFC2462], but operates over …”, what exactly is being inherited? > What does > “inherited” mean in this case? > > (6) Section 4.3. Per “Among these types of addresses only the IPv6 > link-local > addresses can be formed using an EUI-64 identifier, in particular during > transition time”, the meaning of the “in particular during > transition time > isn’t clear to me. > > (7) Section 5. Per “The OCB operation is stripped off of …”, is > this sentence > saying that OCB operations doesn’t use 802.11 link layer security > mechanisms, > or does the OCB operation actively remove (i.e., strips) 802.11 link > layer > security mechanisms? I’m getting caught up in the use of “stripped > off”. > > (8) Section 5, Per “Any attacker can therefore just sit in the near > range of > vehicles ... and performs attacks without needing to physically > break any > wall”, I’d recommend revising this sentence to reflect that it isn’t > just > vehicles and that active attacks are possible: > > NEW: > Therefore, an attacker can sniff or inject traffic while within > range of a > vehicle or IP-RSU (by setting an interface card’s frequency to the > proper > range). > > (9) Section 5. What is “protected 802.11” mentioned in “Such a link > is less > protected …”? > > (10) Section 5.2. SHA256 needs a reference. > > (11) Editorial Nits > ** Table of Contents. There is odd spacing in the title of Appendix C > > ** Section 1. Typo. s/Appendicies/Appendices/ > > ** Section 1. Typo. s/Concretly/Concretely/ > > ** Section 1. Editorial. s/[RFC1042], [RFC2464] ./[RFC1042 and > [RFC2464]./ > > ** Multiple sections. Editorial, to make an RFC citation a reference. > s/RFC2464/[RFC2464]/ and s/RFC 7217/[RFC7217]/ > > ** Section 4.5. Typo. s/.A A future/. A future/ > > ** Section 4.6. Typo. s/links; The/links. The/ > > ** Section 5.1. Typo. s/Futhermore/Furthermore/ > > ** Section 5.1. Typo. s/pricavy/privacy/ > > ** Section 5.2. Typo. s/admninistered/ administered/ > > ** Appendix B. s/Ammendment/Amendment/ > > ** Appendix H. Duplicate word. s/section Section 2/Section 2/ > > ** Appendix I. Typo. s/specificed/specified/ > > ** Appendix I. Typo. s/Moreoever/Moreover/ > > > > > -- > > Best Regards > > Nabil Benamar > Associate Professor > Department of Computer Sciences > School of Technology > Moulay Ismail University > Meknes. Morocco > > > > _______________________________________________ > its mailing list > its@ietf.org > https://www.ietf.org/mailman/listinfo/its >
- [ipwave] Roman Danyliw's Discuss on draft-ietf-ip… Roman Danyliw via Datatracker
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Alexandre Petrescu
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Nabil Benamar
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Alexandre Petrescu
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Nabil Benamar
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Roman Danyliw
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Nabil Benamar
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Roman Danyliw
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Alexandre Petrescu