Re: [ipwave] [secdir] Secdir telechat review of draft-ietf-ipwave-vehicular-networking-27
Daniel Migault <daniel.migault@ericsson.com> Wed, 02 March 2022 19:39 UTC
Return-Path: <daniel.migault@ericsson.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 019083A0B18; Wed, 2 Mar 2022 11:39:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.111
X-Spam-Level:
X-Spam-Status: No, score=-2.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mtgdePLhURHc; Wed, 2 Mar 2022 11:39:23 -0800 (PST)
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam07on2060a.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e83::60a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9ED173A0C2A; Wed, 2 Mar 2022 11:39:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dAM92mHPUmxfijs41N2IKmsQgl7Aqglr/cJxKNlhwM49Vk84xzQQ5xsT2RFYYUhF3u/XTLKMcDZiTKfqwo7HZznxUIHXYdIJzy7GYpuIcCYC2w6QDcUis9SSn8mf/DuhujQb6xc+oRLW44Oz66g+PFlpIfpTGIYhtS+dIymQMVFoiu7jqT4yZsiMiC0h/zHT5Niy50oot0Ffb9N5xQhxBov4Tcf92Ay+KKI3soMnly7FWIlPYIGhxNlikTZSsdCFW8jbSxst5P6a0bwXM5sMXgKTam1OiFFAVa1RDl5LSl6vb8e/N1RjrfDeWy0WHS2vrTjdfwbNC+xW+WWARL+4EA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZHqvt6Mtv23UwmhgLt9qdsKEHdf7Gi+ueQ3q7aDOqsQ=; b=RKA82OgsqZEEAU5z8zZSNqcVHPtiEkcBF0MZbo6xIJ5Lz4Ro2EJWqD7MmXRdmVPGxnJsgh6ueoSF5s7wygrh59LokoV+8GevN9w6+FRRzaxXUDSGbcVF/58Glas4k/n51vTwEpB+ige7GSJt+trJiNv7dMeg1WYcH86Y6TKBRWtxITyb7u982fpTNRW83IOlCkgxzlDAH73vIFBorlAUwMVRNYK2nmdzNlJGll4zTkN632ru2YTt3xU3qDxHjQJeC23hyWCF+XJYd7ngLLo+hgUC2IiUKqrKMsR80z0OGcCsIWmZilDZnAgmXbkqlBfOEbvXirpqJqA5RP1t9+tE9w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZHqvt6Mtv23UwmhgLt9qdsKEHdf7Gi+ueQ3q7aDOqsQ=; b=u+xG9oOcxVUBDHNGSFHgaKsdV1AFz7NjEK4INvse8BnIgYjkhiOWrujkh8ksCHn2w3WAS6bNGFMH9xw7q9Ckn8EGa2f1J3AdvO04a/8AXTnd4c2BB5eTZ4mfEdh6k6laURlt6mhlsHkbemq9UwGMMJHcyUT8KjBraqfIyU7BJh4=
Received: from DM6PR15MB3689.namprd15.prod.outlook.com (2603:10b6:5:1fb::27) by BYAPR15MB3351.namprd15.prod.outlook.com (2603:10b6:a03:10c::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.25; Wed, 2 Mar 2022 19:39:16 +0000
Received: from DM6PR15MB3689.namprd15.prod.outlook.com ([fe80::d542:7780:3a29:cf56]) by DM6PR15MB3689.namprd15.prod.outlook.com ([fe80::d542:7780:3a29:cf56%4]) with mapi id 15.20.5038.014; Wed, 2 Mar 2022 19:39:16 +0000
From: Daniel Migault <daniel.migault@ericsson.com>
To: "secdir@ietf.org" <secdir@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>
CC: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-ipwave-vehicular-networking.all@ietf.org" <draft-ietf-ipwave-vehicular-networking.all@ietf.org>, "its@ietf.org" <its@ietf.org>
Thread-Topic: [secdir] Secdir telechat review of draft-ietf-ipwave-vehicular-networking-27
Thread-Index: AQHYLmzjyiXrno/3REmSlYn8+b1mvaysfSbp
Date: Wed, 02 Mar 2022 19:39:16 +0000
Message-ID: <DM6PR15MB368990AB8B44D06252BAA3F9E3039@DM6PR15MB3689.namprd15.prod.outlook.com>
References: <164624978894.17953.13607898323269640268@ietfa.amsl.com>
In-Reply-To: <164624978894.17953.13607898323269640268@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: 4a108539-8d1c-9392-812f-f0aadfae4aa2
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c2b25344-aeec-4baf-2b9f-08d9fc845624
x-ms-traffictypediagnostic: BYAPR15MB3351:EE_
x-microsoft-antispam-prvs: <BYAPR15MB3351990E7CF7E1DD147E46AFE3039@BYAPR15MB3351.namprd15.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wHMAiwtyoeLxDrgWShp//fCVANZog+emdG3bTyae8TOst1JTN42tVDSSVasH0lX7LrJdVhQuNuAAT9J2dnddKSQfota+oA/WYQTs/tITabtFf/HEO0VJdigTVJ/knqolXCrLU0fWZBCaI0f18yoKCcqIXq5FQS1IgLyGFodPg15z68G7ZlDzuTR2vgbxa+KfENcjBytuZ5uwQZ4onNvZ6stAz+XZkPa32786brgtgATyy9UU775TxO6kPDkB7KfyR19Ynxt/tFpuauf67m621cUfZ4PwTrEbWWPXkm5cmFwdCsdaN4ZUiX6lqTRH8q5J/Czo0sRG/GbgIf6Q4dYPOktyrHuPv8H+SGEF/qadLexqkoOqld2jAIpRoOKUY6jKcqGytjQhY+69O3Oh7Bn3lQY0dJQ/S8uwzhFhJKI4za6i0LVRTyzYcd7IFETjiI5WVJ76X7unE4Fp0wF1DHZh2afpRxN4JakOcgTWZlICtQTCk3PGwmc80eY7A+RzxRgqpsMbLhOdHX8XYs6CPLQCVPIOPWKmKNQTJk3ERhVlDi3gSQSoUPE5K9AnsYUVYIo3FDVWnVAutRESPwWlnBToy0n1YSZRDXhWtBTQBwA6goNUyIjrCUHXcWuslp0gVCFefxseyGADIHgy9v920ggILAr913VcYgW7yYDweW3n9Abf3lrGidirNvLeIZM8sSOWmu91OhuiJTuqcboqjM6kPGB194w4cGtruv7ZxIxcgF1Lr0Qj1o1bQ71pnb9a8Qo+zMVv7/XGZXkAOC4/XpbeGImhf/j1877ym2srSy2OdOs=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR15MB3689.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(316002)(91956017)(66446008)(122000001)(4326008)(64756008)(83380400001)(66476007)(66556008)(76116006)(54906003)(66946007)(110136005)(8676002)(450100002)(52536014)(55016003)(966005)(38100700002)(5660300002)(8936002)(26005)(186003)(86362001)(44832011)(82960400001)(71200400001)(38070700005)(33656002)(53546011)(6506007)(7696005)(2906002)(9686003)(508600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: K+KTh3SM0ZI9sXFlCJdRU5zrZkB8lZ/wB8rSW3Y/AENCOSvHl4XiyrD+pgA36apaKOJlJFEkACp6djMA0znuYWWod6ndL4beUjPGjYP5mCi6ZiF5DfPXgAJncqdcL38f79iPSN3PFtFQ9m3iE93BgA/uvcrW977HNQv06zLfGPHBrXq0NRoY6OeO1dqnM5vuPkWmy33ur0rQ8ddSBUO4DtISLlldQY8kG7Ytb1tHHFO4ZqnrUAFArPrvA4WIB+UCtT5zUu16p9tHicX/EDTTGggyNz7U+yKAetIL5tTY4EYUoYEbqK3mPEmgBp9ABsnGiu47C+/6ulYMgbvhee6VCIdLFNAKZ3QSmz7ROYXusnxhAcjHtclr6fikM/mjch7JHoWYZYnQGWviYubw65Azj5zSXsKCu1gApwOv7lqqEedIaFuifJitdC3mKitEzKP9WTAnqfrkGaxmH/8Ye7oFn4b1kaoABlrz7AchFFCw/4xZ/52m4JeYPS0qonxtoqFu7T58QsLGBv404FzmOMrdC+n+FwG41Y1xzwSVeRfO2KAQL58TmFXtp3Q/LmfYSWJZAMFogpVJzpyVSdjqA+mp06qUpBabAbuAkYgymoMsIpveiN7+USL1g1oc10gTZJrI15u1VmH3/8Prp9mdwQ+ksYZw0YutT14D03R0loHIgKehrsQybCbmk7xGyeh1JCwEExuUwMU73qg8/7mepn69t13Dy5kI8/0cxhegey9ioJ00o77uU/VtsaPYnynTGeNsyB9Wu7PMuGwkgFraCGwpOBWq2kEAnznv4PPKqihMJqGyJ2AIGcit6430Y8BvMCgUQPoG8AcP3VLFelkSsHKWDMuKqXUJx+H+t3kytib81k37kpChhQZVGDVE3N+/7LLZR8Kn9N7gbsIGTvUIK0xx739IDzU5q2g47N0FbonjloHDXkW89zlBCyFQB0mVz06AaxoenE/Rs0JsCuL6k2wj+nIGONnwPh5x9HYDqMiA3MdPbmxYg1fzmsfpCD7LPGGOGppZYPCZw8yEqbGzCOk+Wo4w4GObk44QVHe0Y/iRwHOLnjBd9fVDNT1vPRkfD45GGepG+X4u6/wt55IO+LFv9/QPCwE3s8MbfeZtK09uMguWpfNUfp+7l3bVl2iyw1Hgf0VaEShW1tHukf5g1E25DXhFSY4HZV6Tbg0Ciqs+SqqU54asRXy4k2UZw6e5/SIbRcuIGc12sB8Yy7ipVRJA6fdPQN8pNutSEDI1OgC6JAObTl0G3PVYjUIbMWEUD9fBb7NVwLe6qjVN5bxwXrzrM9CYKFBJWL1n4hSuFmZqT1Z/B/vk3gxa4IOXFt0B2W344n//5xbz1UiSR0ifpKBRX9F+NHA/Q9NcEMfTd0nnvzYafwzGNKDEsXSMHqUWyr5I40d0kM30nHV1wB2mcYTSmkZUqwmOcC91IQ/gPH29fBybEF+o0IpKLb0rmlQU4WmjIMGDwvBmTtknIansMu102EAMN08Uu4icKQu3WzEOhaOIY3jk9gjOaFMa3F0Bpa3fvTJAwr8AL0Hn2e22po7o0/UHOrkSgTaEZ4sRjSrI8/ZJIBg8ioSoZYyv9bNmwH4jN/z3PR2Fg16lydwn11e2g3EWIVfYWVlftmqu0vgxOcqq8RsVPj+efaslR4aMhTVp15TYzRzhNFU7yIcYJDBz/w==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR15MB3689.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c2b25344-aeec-4baf-2b9f-08d9fc845624
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2022 19:39:16.0260 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wXF47nmfUOfANd6Ko9mrDNYTBJPMl551bPUECmG+qXalpi69VMuaCxINSwOjig/r6LC8iprD7heSA5epA5pfWEieW4ZNyObigh98kRhem6U=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB3351
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/tOSK-jVNDYNb6i8ywIhs7aekhJM>
Subject: Re: [ipwave] [secdir] Secdir telechat review of draft-ietf-ipwave-vehicular-networking-27
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2022 19:39:28 -0000
-- clicking too fast Reviewer: Daniel Migault Review result: Has Issues Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Please find my comments below: 1. Introduction Vehicular networking studies have mainly focused on improving safety and efficiency, and also enabling entertainment in vehicular networks. The Federal Communications Commission (FCC) in the US allocated wireless channels for Dedicated Short-Range Communications (DSRC) [DSRC] in the Intelligent Transportation Systems (ITS) with the frequency band of 5.850 - 5.925 GHz (i.e., 5.9 GHz band). DSRC- based wireless communications can support vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to-everything (V2X) networking. The European Union (EU) allocated radio spectrum for safety-related and non-safety-related applications of ITS with the frequency band of 5.875 - 5.905 GHz, as part of the Commission Decision 2008/671/EC [EU-2008-671-EC]. <mglt> I am wondering US/EU covers all spectrum allocation worldwide ? </mglt> 3.2. V2I The emergency communication between accident vehicles (or emergency vehicles) and a TCC can be performed via either IP-RSU or 4G-LTE networks. The First Responder Network Authority (FirstNet) [FirstNet] is provided by the US government to establish, operate, and maintain an interoperable public safety broadband network for safety and security network services, e.g., emergency calls. The construction of the nationwide FirstNet network requires each state in the US to have a Radio Access Network (RAN) that will connect to the FirstNet's network core. The current RAN is mainly constructed using 4G-LTE for the communication between a vehicle and an infrastructure node (i.e., V2I) [FirstNet-Report], but it is expected that DSRC-based vehicular networks [DSRC] will be available for V2I and V2V in the near future. <mglt> Is this use case restricted to the US or do we have any equivalent in EU for example ? <mglt> 3.3. V2X The use case of V2X networking discussed in this section is for a pedestrian protection service. <mglt> I do have an issue with such use case - of course if my understanding is correct. My understanding from the description is that the use case explains how pedestrian can advertise its presence to a vehicle so avoid the vehicle to hit that pedestrian. Such assumption does not seem to me acceptable as not everyone has a phone, and their security - from a vehicle perspective - MUST NOT be provided by such a mechanism as it would given a false sense of security. If a vehicle is not able to detect a pedestrian unless this pedestrian has a working smartphone with a specific application, the problem is bigger and out of scope of the IETF. I can also see that in some countries, it will become the pedestrian's fault if it is hit without its application. As I understand it, I find this use case extremely dangerous, so my request would be to remove it or if I misunderstood it to clarify its scope. <mglt> ________________________________________ From: secdir <secdir-bounces@ietf.org> on behalf of Daniel Migault via Datatracker <noreply@ietf.org> Sent: Wednesday, March 2, 2022 2:36 PM To: secdir@ietf.org Cc: last-call@ietf.org; draft-ietf-ipwave-vehicular-networking.all@ietf.org; its@ietf.org Subject: [secdir] Secdir telechat review of draft-ietf-ipwave-vehicular-networking-27 Reviewer: Daniel Migault Review result: Has Issues 1. Introduction Vehicular networking studies have mainly focused on improving safety and efficiency, and also enabling entertainment in vehicular networks. The Federal Communications Commission (FCC) in the US allocated wireless channels for Dedicated Short-Range Communications (DSRC) [DSRC] in the Intelligent Transportation Systems (ITS) with the frequency band of 5.850 - 5.925 GHz (i.e., 5.9 GHz band). DSRC- based wireless communications can support vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to-everything (V2X) networking. The European Union (EU) allocated radio spectrum for safety-related and non-safety-related applications of ITS with the frequency band of 5.875 - 5.905 GHz, as part of the Commission Decision 2008/671/EC [EU-2008-671-EC]. <mglt> I am wondering US/EU covers all spectrum allocation worldwide ? </mglt> 3.2. V2I The emergency communication between accident vehicles (or emergency vehicles) and a TCC can be performed via either IP-RSU or 4G-LTE networks. The First Responder Network Authority (FirstNet) [FirstNet] is provided by the US government to establish, operate, and maintain an interoperable public safety broadband network for safety and security network services, e.g., emergency calls. The construction of the nationwide FirstNet network requires each state in the US to have a Radio Access Network (RAN) that will connect to the FirstNet's network core. The current RAN is mainly constructed using 4G-LTE for the communication between a vehicle and an infrastructure node (i.e., V2I) [FirstNet-Report], but it is expected that DSRC-based vehicular networks [DSRC] will be available for V2I and V2V in the near future. <mglt> Is this use case restricted to the US or do we have any equivalent in EU for example ? <mglt> 3.3. V2X The use case of V2X networking discussed in this section is for a pedestrian protection service. <mglt> I do have an issue with such use case - of course if my understanding is correct. My understanding from the description is that the use case explains how pedestrian can advertise its presence to a vehicle so avoid the vehicle to hit that pedestrian. Such assumption does not seem to me acceptable as not everyone has a phone, and their security - from a vehicle perspective - MUST NOT be provided by such a mechanism as it would given a false sense of security. If a vehicle is not able to detect a pedestrian unless this pedestrian has a working smartphone with a specific application, the problem is bigger and out of scope of the IETF. I can also see that in some countries, it will become the pedestrian's fault if it is hit without its application. As I understand it, I find this use case extremely dangerous, so my request would be to remove it or if I misunderstood it to clarify its scope. <mglt> _______________________________________________ secdir mailing list secdir@ietf.org https://www.ietf.org/mailman/listinfo/secdir wiki: https://trac.ietf.org/trac/sec/wiki/SecDirReview
- [ipwave] Secdir telechat review of draft-ietf-ipw… Daniel Migault via Datatracker
- Re: [ipwave] [secdir] Secdir telechat review of d… Daniel Migault
- Re: [ipwave] [secdir] Secdir telechat review of d… Mr. Jaehoon Paul Jeong