Re: [ipwave] [secdir] Secdir telechat review of draft-ietf-ipwave-vehicular-networking-27

Daniel Migault <daniel.migault@ericsson.com> Wed, 02 March 2022 19:39 UTC

Return-Path: <daniel.migault@ericsson.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 019083A0B18; Wed, 2 Mar 2022 11:39:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.111
X-Spam-Level:
X-Spam-Status: No, score=-2.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mtgdePLhURHc; Wed, 2 Mar 2022 11:39:23 -0800 (PST)
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam07on2060a.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e83::60a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9ED173A0C2A; Wed, 2 Mar 2022 11:39:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dAM92mHPUmxfijs41N2IKmsQgl7Aqglr/cJxKNlhwM49Vk84xzQQ5xsT2RFYYUhF3u/XTLKMcDZiTKfqwo7HZznxUIHXYdIJzy7GYpuIcCYC2w6QDcUis9SSn8mf/DuhujQb6xc+oRLW44Oz66g+PFlpIfpTGIYhtS+dIymQMVFoiu7jqT4yZsiMiC0h/zHT5Niy50oot0Ffb9N5xQhxBov4Tcf92Ay+KKI3soMnly7FWIlPYIGhxNlikTZSsdCFW8jbSxst5P6a0bwXM5sMXgKTam1OiFFAVa1RDl5LSl6vb8e/N1RjrfDeWy0WHS2vrTjdfwbNC+xW+WWARL+4EA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZHqvt6Mtv23UwmhgLt9qdsKEHdf7Gi+ueQ3q7aDOqsQ=; b=RKA82OgsqZEEAU5z8zZSNqcVHPtiEkcBF0MZbo6xIJ5Lz4Ro2EJWqD7MmXRdmVPGxnJsgh6ueoSF5s7wygrh59LokoV+8GevN9w6+FRRzaxXUDSGbcVF/58Glas4k/n51vTwEpB+ige7GSJt+trJiNv7dMeg1WYcH86Y6TKBRWtxITyb7u982fpTNRW83IOlCkgxzlDAH73vIFBorlAUwMVRNYK2nmdzNlJGll4zTkN632ru2YTt3xU3qDxHjQJeC23hyWCF+XJYd7ngLLo+hgUC2IiUKqrKMsR80z0OGcCsIWmZilDZnAgmXbkqlBfOEbvXirpqJqA5RP1t9+tE9w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZHqvt6Mtv23UwmhgLt9qdsKEHdf7Gi+ueQ3q7aDOqsQ=; b=u+xG9oOcxVUBDHNGSFHgaKsdV1AFz7NjEK4INvse8BnIgYjkhiOWrujkh8ksCHn2w3WAS6bNGFMH9xw7q9Ckn8EGa2f1J3AdvO04a/8AXTnd4c2BB5eTZ4mfEdh6k6laURlt6mhlsHkbemq9UwGMMJHcyUT8KjBraqfIyU7BJh4=
Received: from DM6PR15MB3689.namprd15.prod.outlook.com (2603:10b6:5:1fb::27) by BYAPR15MB3351.namprd15.prod.outlook.com (2603:10b6:a03:10c::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.25; Wed, 2 Mar 2022 19:39:16 +0000
Received: from DM6PR15MB3689.namprd15.prod.outlook.com ([fe80::d542:7780:3a29:cf56]) by DM6PR15MB3689.namprd15.prod.outlook.com ([fe80::d542:7780:3a29:cf56%4]) with mapi id 15.20.5038.014; Wed, 2 Mar 2022 19:39:16 +0000
From: Daniel Migault <daniel.migault@ericsson.com>
To: "secdir@ietf.org" <secdir@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>
CC: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-ipwave-vehicular-networking.all@ietf.org" <draft-ietf-ipwave-vehicular-networking.all@ietf.org>, "its@ietf.org" <its@ietf.org>
Thread-Topic: [secdir] Secdir telechat review of draft-ietf-ipwave-vehicular-networking-27
Thread-Index: AQHYLmzjyiXrno/3REmSlYn8+b1mvaysfSbp
Date: Wed, 02 Mar 2022 19:39:16 +0000
Message-ID: <DM6PR15MB368990AB8B44D06252BAA3F9E3039@DM6PR15MB3689.namprd15.prod.outlook.com>
References: <164624978894.17953.13607898323269640268@ietfa.amsl.com>
In-Reply-To: <164624978894.17953.13607898323269640268@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: 4a108539-8d1c-9392-812f-f0aadfae4aa2
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c2b25344-aeec-4baf-2b9f-08d9fc845624
x-ms-traffictypediagnostic: BYAPR15MB3351:EE_
x-microsoft-antispam-prvs: <BYAPR15MB3351990E7CF7E1DD147E46AFE3039@BYAPR15MB3351.namprd15.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wHMAiwtyoeLxDrgWShp//fCVANZog+emdG3bTyae8TOst1JTN42tVDSSVasH0lX7LrJdVhQuNuAAT9J2dnddKSQfota+oA/WYQTs/tITabtFf/HEO0VJdigTVJ/knqolXCrLU0fWZBCaI0f18yoKCcqIXq5FQS1IgLyGFodPg15z68G7ZlDzuTR2vgbxa+KfENcjBytuZ5uwQZ4onNvZ6stAz+XZkPa32786brgtgATyy9UU775TxO6kPDkB7KfyR19Ynxt/tFpuauf67m621cUfZ4PwTrEbWWPXkm5cmFwdCsdaN4ZUiX6lqTRH8q5J/Czo0sRG/GbgIf6Q4dYPOktyrHuPv8H+SGEF/qadLexqkoOqld2jAIpRoOKUY6jKcqGytjQhY+69O3Oh7Bn3lQY0dJQ/S8uwzhFhJKI4za6i0LVRTyzYcd7IFETjiI5WVJ76X7unE4Fp0wF1DHZh2afpRxN4JakOcgTWZlICtQTCk3PGwmc80eY7A+RzxRgqpsMbLhOdHX8XYs6CPLQCVPIOPWKmKNQTJk3ERhVlDi3gSQSoUPE5K9AnsYUVYIo3FDVWnVAutRESPwWlnBToy0n1YSZRDXhWtBTQBwA6goNUyIjrCUHXcWuslp0gVCFefxseyGADIHgy9v920ggILAr913VcYgW7yYDweW3n9Abf3lrGidirNvLeIZM8sSOWmu91OhuiJTuqcboqjM6kPGB194w4cGtruv7ZxIxcgF1Lr0Qj1o1bQ71pnb9a8Qo+zMVv7/XGZXkAOC4/XpbeGImhf/j1877ym2srSy2OdOs=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR15MB3689.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(316002)(91956017)(66446008)(122000001)(4326008)(64756008)(83380400001)(66476007)(66556008)(76116006)(54906003)(66946007)(110136005)(8676002)(450100002)(52536014)(55016003)(966005)(38100700002)(5660300002)(8936002)(26005)(186003)(86362001)(44832011)(82960400001)(71200400001)(38070700005)(33656002)(53546011)(6506007)(7696005)(2906002)(9686003)(508600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: K+KTh3SM0ZI9sXFlCJdRU5zrZkB8lZ/wB8rSW3Y/AENCOSvHl4XiyrD+pgA36apaKOJlJFEkACp6djMA0znuYWWod6ndL4beUjPGjYP5mCi6ZiF5DfPXgAJncqdcL38f79iPSN3PFtFQ9m3iE93BgA/uvcrW977HNQv06zLfGPHBrXq0NRoY6OeO1dqnM5vuPkWmy33ur0rQ8ddSBUO4DtISLlldQY8kG7Ytb1tHHFO4ZqnrUAFArPrvA4WIB+UCtT5zUu16p9tHicX/EDTTGggyNz7U+yKAetIL5tTY4EYUoYEbqK3mPEmgBp9ABsnGiu47C+/6ulYMgbvhee6VCIdLFNAKZ3QSmz7ROYXusnxhAcjHtclr6fikM/mjch7JHoWYZYnQGWviYubw65Azj5zSXsKCu1gApwOv7lqqEedIaFuifJitdC3mKitEzKP9WTAnqfrkGaxmH/8Ye7oFn4b1kaoABlrz7AchFFCw/4xZ/52m4JeYPS0qonxtoqFu7T58QsLGBv404FzmOMrdC+n+FwG41Y1xzwSVeRfO2KAQL58TmFXtp3Q/LmfYSWJZAMFogpVJzpyVSdjqA+mp06qUpBabAbuAkYgymoMsIpveiN7+USL1g1oc10gTZJrI15u1VmH3/8Prp9mdwQ+ksYZw0YutT14D03R0loHIgKehrsQybCbmk7xGyeh1JCwEExuUwMU73qg8/7mepn69t13Dy5kI8/0cxhegey9ioJ00o77uU/VtsaPYnynTGeNsyB9Wu7PMuGwkgFraCGwpOBWq2kEAnznv4PPKqihMJqGyJ2AIGcit6430Y8BvMCgUQPoG8AcP3VLFelkSsHKWDMuKqXUJx+H+t3kytib81k37kpChhQZVGDVE3N+/7LLZR8Kn9N7gbsIGTvUIK0xx739IDzU5q2g47N0FbonjloHDXkW89zlBCyFQB0mVz06AaxoenE/Rs0JsCuL6k2wj+nIGONnwPh5x9HYDqMiA3MdPbmxYg1fzmsfpCD7LPGGOGppZYPCZw8yEqbGzCOk+Wo4w4GObk44QVHe0Y/iRwHOLnjBd9fVDNT1vPRkfD45GGepG+X4u6/wt55IO+LFv9/QPCwE3s8MbfeZtK09uMguWpfNUfp+7l3bVl2iyw1Hgf0VaEShW1tHukf5g1E25DXhFSY4HZV6Tbg0Ciqs+SqqU54asRXy4k2UZw6e5/SIbRcuIGc12sB8Yy7ipVRJA6fdPQN8pNutSEDI1OgC6JAObTl0G3PVYjUIbMWEUD9fBb7NVwLe6qjVN5bxwXrzrM9CYKFBJWL1n4hSuFmZqT1Z/B/vk3gxa4IOXFt0B2W344n//5xbz1UiSR0ifpKBRX9F+NHA/Q9NcEMfTd0nnvzYafwzGNKDEsXSMHqUWyr5I40d0kM30nHV1wB2mcYTSmkZUqwmOcC91IQ/gPH29fBybEF+o0IpKLb0rmlQU4WmjIMGDwvBmTtknIansMu102EAMN08Uu4icKQu3WzEOhaOIY3jk9gjOaFMa3F0Bpa3fvTJAwr8AL0Hn2e22po7o0/UHOrkSgTaEZ4sRjSrI8/ZJIBg8ioSoZYyv9bNmwH4jN/z3PR2Fg16lydwn11e2g3EWIVfYWVlftmqu0vgxOcqq8RsVPj+efaslR4aMhTVp15TYzRzhNFU7yIcYJDBz/w==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR15MB3689.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c2b25344-aeec-4baf-2b9f-08d9fc845624
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2022 19:39:16.0260 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wXF47nmfUOfANd6Ko9mrDNYTBJPMl551bPUECmG+qXalpi69VMuaCxINSwOjig/r6LC8iprD7heSA5epA5pfWEieW4ZNyObigh98kRhem6U=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB3351
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/tOSK-jVNDYNb6i8ywIhs7aekhJM>
Subject: Re: [ipwave] [secdir] Secdir telechat review of draft-ietf-ipwave-vehicular-networking-27
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2022 19:39:28 -0000

-- clicking too fast

Reviewer: Daniel Migault
Review result: Has Issues

Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Please find my comments below:

1.  Introduction

   Vehicular networking studies have mainly focused on improving safety
   and efficiency, and also enabling entertainment in vehicular
   networks.  The Federal Communications Commission (FCC) in the US
   allocated wireless channels for Dedicated Short-Range Communications
   (DSRC) [DSRC] in the Intelligent Transportation Systems (ITS) with
   the frequency band of 5.850 - 5.925 GHz (i.e., 5.9 GHz band).  DSRC-
   based wireless communications can support vehicle-to-vehicle (V2V),
   vehicle-to-infrastructure (V2I), and vehicle-to-everything (V2X)
   networking.  The European Union (EU) allocated radio spectrum for
   safety-related and non-safety-related applications of ITS with the
   frequency band of 5.875 - 5.905 GHz, as part of the Commission
   Decision 2008/671/EC [EU-2008-671-EC].

<mglt>
I am wondering US/EU covers all spectrum allocation worldwide ?
</mglt>

3.2.  V2I

   The emergency communication between accident vehicles (or emergency
   vehicles) and a TCC can be performed via either IP-RSU or 4G-LTE
   networks.  The First Responder Network Authority (FirstNet)
   [FirstNet] is provided by the US government to establish, operate,
   and maintain an interoperable public safety broadband network for
   safety and security network services, e.g., emergency calls.  The
   construction of the nationwide FirstNet network requires each state
   in the US to have a Radio Access Network (RAN) that will connect to
   the FirstNet's network core.  The current RAN is mainly constructed
   using 4G-LTE for the communication between a vehicle and an
   infrastructure node (i.e., V2I) [FirstNet-Report], but it is expected
   that DSRC-based vehicular networks [DSRC] will be available for V2I
   and V2V in the near future.

<mglt>
Is this use case restricted to the US or do we have any equivalent in EU for
example ? <mglt>

3.3.  V2X

   The use case of V2X networking discussed in this section is for a
   pedestrian protection service.

<mglt>
I do have an issue with such use case - of course if my understanding is
correct. My understanding from the description is that the use case explains
how pedestrian can advertise its presence to a vehicle so avoid the vehicle to
hit that pedestrian. Such assumption does not seem to me acceptable as not
everyone has a phone, and their security - from a vehicle perspective - MUST
NOT be provided by such a mechanism as it would given a false sense of
security. If a vehicle is not able to detect a pedestrian unless this
pedestrian has a working smartphone with a specific application, the problem is
bigger and out of scope of the IETF. I can also see that in some countries, it
will become the pedestrian's fault if it is hit without its application. As I
understand it, I find this use case extremely dangerous, so my request would be
to remove it or if I misunderstood it to clarify its scope. <mglt>


________________________________________
From: secdir <secdir-bounces@ietf.org> on behalf of Daniel Migault via Datatracker <noreply@ietf.org>
Sent: Wednesday, March 2, 2022 2:36 PM
To: secdir@ietf.org
Cc: last-call@ietf.org; draft-ietf-ipwave-vehicular-networking.all@ietf.org; its@ietf.org
Subject: [secdir] Secdir telechat review of draft-ietf-ipwave-vehicular-networking-27

Reviewer: Daniel Migault
Review result: Has Issues

1.  Introduction

   Vehicular networking studies have mainly focused on improving safety
   and efficiency, and also enabling entertainment in vehicular
   networks.  The Federal Communications Commission (FCC) in the US
   allocated wireless channels for Dedicated Short-Range Communications
   (DSRC) [DSRC] in the Intelligent Transportation Systems (ITS) with
   the frequency band of 5.850 - 5.925 GHz (i.e., 5.9 GHz band).  DSRC-
   based wireless communications can support vehicle-to-vehicle (V2V),
   vehicle-to-infrastructure (V2I), and vehicle-to-everything (V2X)
   networking.  The European Union (EU) allocated radio spectrum for
   safety-related and non-safety-related applications of ITS with the
   frequency band of 5.875 - 5.905 GHz, as part of the Commission
   Decision 2008/671/EC [EU-2008-671-EC].

<mglt>
I am wondering US/EU covers all spectrum allocation worldwide ?
</mglt>

3.2.  V2I

   The emergency communication between accident vehicles (or emergency
   vehicles) and a TCC can be performed via either IP-RSU or 4G-LTE
   networks.  The First Responder Network Authority (FirstNet)
   [FirstNet] is provided by the US government to establish, operate,
   and maintain an interoperable public safety broadband network for
   safety and security network services, e.g., emergency calls.  The
   construction of the nationwide FirstNet network requires each state
   in the US to have a Radio Access Network (RAN) that will connect to
   the FirstNet's network core.  The current RAN is mainly constructed
   using 4G-LTE for the communication between a vehicle and an
   infrastructure node (i.e., V2I) [FirstNet-Report], but it is expected
   that DSRC-based vehicular networks [DSRC] will be available for V2I
   and V2V in the near future.

<mglt>
Is this use case restricted to the US or do we have any equivalent in EU for
example ? <mglt>

3.3.  V2X

   The use case of V2X networking discussed in this section is for a
   pedestrian protection service.

<mglt>
I do have an issue with such use case - of course if my understanding is
correct. My understanding from the description is that the use case explains
how pedestrian can advertise its presence to a vehicle so avoid the vehicle to
hit that pedestrian. Such assumption does not seem to me acceptable as not
everyone has a phone, and their security - from a vehicle perspective - MUST
NOT be provided by such a mechanism as it would given a false sense of
security. If a vehicle is not able to detect a pedestrian unless this
pedestrian has a working smartphone with a specific application, the problem is
bigger and out of scope of the IETF. I can also see that in some countries, it
will become the pedestrian's fault if it is hit without its application. As I
understand it, I find this use case extremely dangerous, so my request would be
to remove it or if I misunderstood it to clarify its scope. <mglt>



_______________________________________________
secdir mailing list
secdir@ietf.org
https://www.ietf.org/mailman/listinfo/secdir
wiki: https://trac.ietf.org/trac/sec/wiki/SecDirReview