IETF Logo Mail Archive

Re: [ipwave] Roman Danyliw's Discuss on draft-ietf-ipwave-ipv6-over-80211ocb-49: (with DISCUSS and COMMENT)

Alexandre Petrescu <alexandre.petrescu@gmail.com> Wed, 10 July 2019 13:05 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B8A5120142 for <its@ietfa.amsl.com>; Wed, 10 Jul 2019 06:05:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.631
X-Spam-Level:
X-Spam-Status: No, score=-2.631 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jajzC5MgfolV for <its@ietfa.amsl.com>; Wed, 10 Jul 2019 06:05:33 -0700 (PDT)
Received: from oxalide-smtp-out.extra.cea.fr (oxalide-smtp-out.extra.cea.fr [132.168.224.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1171812013F for <its@ietf.org>; Wed, 10 Jul 2019 06:05:32 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x6AD5Ug9083125 for <its@ietf.org>; Wed, 10 Jul 2019 15:05:30 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 7965420836D for <its@ietf.org>; Wed, 10 Jul 2019 15:05:30 +0200 (CEST)
Received: from muguet1-smtp-out.intra.cea.fr (muguet1-smtp-out.intra.cea.fr [132.166.192.12]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 7280620832F for <its@ietf.org>; Wed, 10 Jul 2019 15:05:30 +0200 (CEST)
Received: from [132.166.86.101] ([132.166.86.101]) by muguet1-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x6AD5U3f018459 for <its@ietf.org>; Wed, 10 Jul 2019 15:05:30 +0200
To: its@ietf.org
References: <156270262382.15819.8454309099280995022.idtracker@ietfa.amsl.com> <CAD8vqFdf7yTAVFeiz7t4qazhcrYjDcMOPPbvfwQy2xcA9GjQ2A@mail.gmail.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <9d12653d-1102-6b3e-d86c-f1194ef0716f@gmail.com>
Date: Wed, 10 Jul 2019 15:05:30 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <CAD8vqFdf7yTAVFeiz7t4qazhcrYjDcMOPPbvfwQy2xcA9GjQ2A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/n8Z3mL3dpI36K15pFz2M67ue55M>
Subject: Re: [ipwave] Roman Danyliw's Discuss on draft-ietf-ipwave-ipv6-over-80211ocb-49: (with DISCUSS and COMMENT)
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 13:05:37 -0000


Le 10/07/2019 à 13:36, Nabil Benamar a écrit :
> Hi Roman,
> 
> Thank you for your detailed review. Let me start with the 'DISCUSS' 
> comments.
> 
> Please see my answers below.
> 
> On Tue, Jul 9, 2019 at 9:03 PM Roman Danyliw via Datatracker 
> <noreply@ietf.org <mailto:noreply@ietf.org>> wrote:
> 
>     Roman Danyliw has entered the following ballot position for
>     draft-ietf-ipwave-ipv6-over-80211ocb-49: Discuss
> 
>     When responding, please keep the subject line intact and reply to all
>     email addresses included in the To and CC lines. (Feel free to cut this
>     introductory paragraph, however.)
> 
> 
>     Please refer to
>     https://www.ietf.org/iesg/statement/discuss-criteria.html
>     for more information about IESG DISCUSS and COMMENT positions.
> 
> 
>     The document, along with other ballot positions, can be found here:
>     https://datatracker.ietf.org/doc/draft-ietf-ipwave-ipv6-over-80211ocb/
> 
> 
> 
>     ----------------------------------------------------------------------
>     DISCUSS:
>     ----------------------------------------------------------------------
> 
>     A few items per the text in the Security Considerations (Section 5):
> 
>     (1) Section 5.  Per “A previous work at SAVI WG identifies some threats
>     [RFC6959], while SeND presented in [RFC3971] and [RFC3972] is a solution
>     against address theft but it is complex and not deployed.”, a few
>     questions:
> 
>     ** What specific threats from RFC6959 are of concern?  Which
>     mitigations for
>     them are being proposed?
> 
>     Since there is no Layer 2 security in OCB, anyone can join the same
>     subnet and impersonate any only else, to source traffic and get the
>     traffic back. ____
> 
>     There is no mitigation in this specification because it is limited
>     to RFC 4861 and 4862 and SeND is not available in the current stacks.
> 
>     ** Why mention SeND if it is “complex and not deployed”?
> 
> 
> This was informational because it may be the only pertinent remediation.

We worked a few months to get SeND working with IPv6 on OCB.  We were 
not successful.  We reported the open source tools tried here on the list.

At this time our IPv6-over-OCB trial is unsecured.

Alex

> 
> 
>     (2) Section 5.  Per “More IETF protocols are available in the
>     toolbox of the IP
>     security protocol designer.  Some ETSI protocols related to security
>     protocols
>     in ITS are described in [ETSI-sec-archi].”:
> 
>     ** Are there specific protocols to mention here?  Would they be
>     different/OCB-specific than what was already noted in the beginning
>     of the
>     section -- “Any security mechanism as the IP layer or above that may
>     be carried
>     out …”?
> 
>     ** What specific ETSI protocols are being recommended from
>     [ETSI-sec-archi]?
> 
> 
> This sentence is just informational. I propose to remove the whole sentence.
> 
> 
>     (3) Section 5.2.  Per “An Interface ID SHOULD be of length specified
>     in other
>     documents”, what other documents?
> 
> I'm afraid no other documents as mentioned by Alex in its reply. To be 
> removed.
> 
> 
>     (4) Section 5.3  I’m having trouble following this section – is this a
>     discussion of a threat or mitigation?  The references to Section 4.4
>     and 5.0
>     didn’t clarity this for me.
> 
>     ** What is meant by the drivers’ identity in this case?  What is the
>     pseudonym
>     scheme is being used to protect it or what requirements are being
>     set for it?
> 
>     ** What are the specific challenges of concern around
>     pseudo-anonymization
>     approaches to which an allusion is made?
> 
>     ** Who is the trusted third parted needed?
> 
> 
>     ----------------------------------------------------------------------
>     COMMENT:
>     ----------------------------------------------------------------------
> 
>     (5) Section 1.  Per “The resulting stack inherits from IPv6 over
>     Ethernet
>     [RFC2462], but operates over …”, what exactly is being inherited? 
>     What does
>     “inherited” mean in this case?
> 
>     (6) Section 4.3.  Per “Among these types of addresses only the IPv6
>     link-local
>     addresses can be formed using an EUI-64 identifier, in particular during
>     transition time”, the meaning of the “in particular during
>     transition time
>     isn’t clear to me.
> 
>     (7) Section 5.  Per “The OCB operation is stripped off of …”, is
>     this sentence
>     saying that OCB operations doesn’t use 802.11 link layer security
>     mechanisms,
>     or does the OCB operation actively remove (i.e., strips) 802.11 link
>     layer
>     security mechanisms?  I’m getting caught up in the use of “stripped
>     off”.
> 
>     (8) Section 5, Per “Any attacker can therefore just sit in the near
>     range of
>     vehicles ... and performs attacks without needing to physically
>     break any
>     wall”, I’d recommend revising this sentence to reflect that it isn’t
>     just
>     vehicles and that active attacks are possible:
> 
>     NEW:
>     Therefore, an attacker can sniff or inject traffic while within
>     range of a
>     vehicle or IP-RSU (by setting an interface card’s frequency to the
>     proper
>     range).
> 
>     (9) Section 5.  What is “protected 802.11” mentioned in “Such a link
>     is less
>     protected …”?
> 
>     (10) Section 5.2.  SHA256 needs a reference.
> 
>     (11) Editorial Nits
>     ** Table of Contents.  There is odd spacing in the title of Appendix C
> 
>     ** Section 1.  Typo.  s/Appendicies/Appendices/
> 
>     ** Section 1.  Typo.  s/Concretly/Concretely/
> 
>     ** Section 1.  Editorial.  s/[RFC1042], [RFC2464] ./[RFC1042 and
>     [RFC2464]./
> 
>     ** Multiple sections. Editorial, to make an RFC citation a reference.
>     s/RFC2464/[RFC2464]/ and s/RFC 7217/[RFC7217]/
> 
>     ** Section 4.5.  Typo.  s/.A  A future/.  A future/
> 
>     ** Section 4.6. Typo.  s/links; The/links.  The/
> 
>     ** Section 5.1.  Typo.  s/Futhermore/Furthermore/
> 
>     ** Section 5.1.  Typo.  s/pricavy/privacy/
> 
>     ** Section 5.2. Typo.  s/admninistered/ administered/
> 
>     ** Appendix B.  s/Ammendment/Amendment/
> 
>     ** Appendix H.  Duplicate word. s/section Section 2/Section 2/
> 
>     ** Appendix I.  Typo.  s/specificed/specified/
> 
>     ** Appendix I. Typo.  s/Moreoever/Moreover/
> 
> 
> 
> 
> -- 
> 
> Best Regards
> 
> Nabil Benamar
> Associate Professor
> Department of Computer Sciences
> School of Technology
> Moulay Ismail University
> Meknes. Morocco
> 
> 
> 
> _______________________________________________
> its mailing list
> its@ietf.org
> https://www.ietf.org/mailman/listinfo/its
>

v2.23.0 | Report a Bug | By Email