IETF Logo Mail Archive

Re: [ipwave] Intdir early review of draft-ietf-ipwave-ipv6-over-80211ocb-34 - shortening the opaque IID text

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Mon, 08 April 2019 13:05 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7491A1202F2; Mon, 8 Apr 2019 06:05:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=GyRiBf7z; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=GL8LpPGj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GHlDIqFirvOa; Mon, 8 Apr 2019 06:05:30 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF8E81202EC; Mon, 8 Apr 2019 06:05:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7272; q=dns/txt; s=iport; t=1554728730; x=1555938330; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=5WLuRSQ6jJphoq6FuAeLyfX7oyWidFfq7CgVusfjChg=; b=GyRiBf7zDrQEAwlF0wnOwN5avwlnV2EgOn0vuwLhWz1v42l3FUtaSkio ntAEGHDDx3LBzNhn6jJXmZp5u7vNrrBPbkHUMrhNoHluew3Nd1Vl7YLwB Q/fH00xw6JzEVtg0LgjCYDmfp6uy4ZoZxTSE3cegRzik49hTsgWm3NUlt 4=;
IronPort-PHdr: 9a23:SKltmBX5d6vhELsJPZToAYNBi3LV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSA9yJ8OpK3uzRta2oGXcN55qMqjgjSNRNTFdE7KdehAk8GIiAAEz/IuTtankiAMRfXlJ/41mwMFNeH4D1YFiB6nA=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BjAADnRatc/4UNJK1bChwBAQEEAQEHBAEBgVEHAQELAYE9KScDaFQgBAsnhA6DRwOEUopUgleJOI1ggS6BJANUDgEBHw2EQAIXhU4iNAkNAQEDAQEJAQIBAm0cDIVKAQEBAQMjEQwBATcBCwQCAQgRBAEBAwIfBwICAh8RFQgIAgQOBQiDG4FdAxUBAgyiPAKKFHGBL4J5AQEFhHgNC4IMAwWBCyUBiHyCSheBQD+BEUaCTD6CGkcBAQOBMy0VgnMxgiaKPAeCU5g9NgkCiAGEHoQegRmCRYIFhhYFjDyIKSmJI4FEjBgCBAIEBQIOAQEFgU84gVZwFYMnggoMFxRtAQmCQYUUhT9ygSiPRQEB
X-IronPort-AV: E=Sophos;i="5.60,325,1549929600"; d="scan'208";a="255894927"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Apr 2019 13:05:28 +0000
Received: from XCH-ALN-011.cisco.com (xch-aln-011.cisco.com [173.36.7.21]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id x38D5SvD000919 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 8 Apr 2019 13:05:28 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-011.cisco.com (173.36.7.21) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Apr 2019 08:05:27 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Apr 2019 08:05:26 -0500
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 8 Apr 2019 09:05:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5WLuRSQ6jJphoq6FuAeLyfX7oyWidFfq7CgVusfjChg=; b=GL8LpPGjEOVJoQtrWZLJ2bmNTRI5EPrebtRlokl7XXF8fu3t89SRBdaayX5U+tuZiIeF8/I/DQbyLSXAsurRevbPKR+frsy/Hxb11f2X5MqpF8I2AsTLd+QiA/7tdTXrAM92Ma70+1JlX5UUbV7yA32bOF/aCw2sw+XP46FAbQE=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.21; Mon, 8 Apr 2019 13:05:24 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::8cde:9e01:ad20:d10e]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::8cde:9e01:ad20:d10e%6]) with mapi id 15.20.1771.021; Mon, 8 Apr 2019 13:05:24 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
CC: "int-dir@ietf.org" <int-dir@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "its@ietf.org" <its@ietf.org>, "draft-ietf-ipwave-ipv6-over-80211ocb.all@ietf.org" <draft-ietf-ipwave-ipv6-over-80211ocb.all@ietf.org>
Thread-Topic: Intdir early review of draft-ietf-ipwave-ipv6-over-80211ocb-34 - shortening the opaque IID text
Thread-Index: AQHU7fQIVaHGwG+ffkibvBhhQmJZCaYyOwlw
Date: Mon, 08 Apr 2019 13:05:15 +0000
Deferred-Delivery: Mon, 8 Apr 2019 13:04:41 +0000
Message-ID: <MN2PR11MB3565EF63249F8EDEF45ED310D82C0@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <155169869045.5118.3508360720339540639@ietfa.amsl.com> <00ae8801-883d-8228-8551-ede699833fc9@gmail.com>
In-Reply-To: <00ae8801-883d-8228-8551-ede699833fc9@gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:c0c0:1005::2b3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 855f0bd0-7441-4b65-d11d-08d6bc22dd4a
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:MN2PR11MB3565;
x-ms-traffictypediagnostic: MN2PR11MB3565:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB3565CDDEA74E2B940478201CD82C0@MN2PR11MB3565.namprd11.prod.outlook.com>
x-forefront-prvs: 0001227049
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(346002)(376002)(39860400002)(136003)(396003)(199004)(189003)(13464003)(8676002)(316002)(71200400001)(71190400001)(81156014)(105586002)(14444005)(25786009)(81166006)(256004)(5660300002)(106356001)(4326008)(6306002)(9686003)(6116002)(55016002)(8936002)(97736004)(14454004)(86362001)(2906002)(53546011)(6506007)(6916009)(186003)(478600001)(68736007)(476003)(966005)(99286004)(33656002)(7736002)(53936002)(6246003)(6436002)(305945005)(76176011)(486006)(74316002)(52536014)(102836004)(446003)(54906003)(6666004)(7696005)(66574012)(11346002)(229853002)(46003); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3565; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: T9KvBnMGjlDhqJtiR2hiZV5G/7OxVz3y6NX0tpimw7yPcuxN553jCU/hE9vQ2IfoxXlj/GSnnwRz3avEmbx8fFOfFQXlhw68Oz9Tt/jCmwVMovgH8KGZ1GAGBeEi9i+tVSgZMEeplu8IzNQ49GnWnN+Hj5WytX20LZKqGRVxY/m59wIwEr45t38ItDqmc3Jcgle65u9fuD/WJ/wkPGEBj56O+LsTvHZvgcVtsUGbmSJhyT0JHkPLNmBoNGJS9q9EIbAGY370Wz5opDkjqVYIQNUAYvJVAH5jnVJk8S8X/gQiI19BhvPAAz3w73zlhHM/TErlXBS0oNkVhsjs7SP02dw949nFHiEc8+HB2871o5S0YKnJuQ0yGhLGdjxuA2Oi4JRBvJ09RIee9GldmLv/+aanyPYf81RF6TAJmrMr07k=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 855f0bd0-7441-4b65-d11d-08d6bc22dd4a
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2019 13:05:24.5820 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3565
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.21, xch-aln-011.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/wBiEB7SE-pveNEngfPqzS4nkIt4>
Subject: Re: [ipwave] Intdir early review of draft-ietf-ipwave-ipv6-over-80211ocb-34 - shortening the opaque IID text
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2019 13:05:33 -0000

WFM

All the best,

Pascal

> -----Original Message-----
> From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
> Sent: lundi 8 avril 2019 18:15
> To: Pascal Thubert (pthubert) <pthubert@cisco.com>
> Cc: int-dir@ietf.org; ietf@ietf.org; its@ietf.org; draft-ietf-ipwave-ipv6-over-
> 80211ocb.all@ietf.org
> Subject: Re: Intdir early review of draft-ietf-ipwave-ipv6-over-80211ocb-34 -
> shortening the opaque IID text
> 
> 
> Le 04/03/2019 à 12:24, Pascal Thubert a écrit :
> > Reviewer: Pascal Thubert
> > Review result: Not Ready
> [...]
> > "
> > If semantically
> >     opaque Interface Identifiers are needed, a potential method for
> >     generating semantically opaque Interface Identifiers with IPv6
> >     Stateless Address Autoconfiguration is given in [RFC7217].
> >
> >     Semantically opaque Interface Identifiers, instead of meaningful
> >     Interface Identifiers derived from a valid and meaningful MAC address
> >     ([RFC2464], section 4), MAY be needed in order to avoid certain
> >     privacy risks.
> >
> > ...
> >
> >     In order to avoid these risks, opaque Interface Identifiers MAY be
> >     formed according to rules described in [RFC7217].  These opaque
> >     Interface Identifiers are formed starting from identifiers different
> >     than the MAC addresses, and from cryptographically strong material.
> >     Thus, privacy sensitive information is absent from Interface IDs, and
> >     it is impossible to calculate the initial value from which the
> >     Interface ID was calculated.
> >
> > "
> > Duplicate and mis ordered text, isn't it?
> 
> Indeed.  The duplication comes from multiple discussions and expresses
> support of many people to the use of opaque identifiers.
> 
> To my defense, there is however a notion of going from generic to particular.
> In first occurences of opaque IIDs we just refer to the RFC, then tell how, and
> so on.
> 
> But of course it is a bit long, and worse, it refers twice to the RFC7217, which
> may disturb.
> 
> If you dont mind, I shorten it like this:
> 
> NEW:
> >    Semantically opaque Interface Identifiers, instead of meaningful
> >    Interface Identifiers derived from a valid and meaningful MAC address
> >    ([RFC2464], section 4), help avoid certain privacy risks (see the
> >    paragraph below).  If semantically opaque Interface Identifiers are
> >    needed, they MAY be generated using the method for generating
> >    semantically opaque Interface Identifiers with IPv6 Stateless Address
> >    Autoconfiguration given in [RFC7217].  Typically, an opaque Interface
> >    Identifier is formed starting from identifiers different than the MAC
> >    addresses, and from cryptographically strong material.  Thus, privacy
> >    sensitive information is absent from Interface IDs, because it is
> >    impossible to calculate back the initial value from which the
> >    Interface ID was first generated (intuitively, it is as hard as
> >    mentally finding the square root of a number, and as impossible as
> >    trying to use computers to identify quickly whether a large number is
> >    prime).
> >
> >    The privacy risks of using MAC addresses displayed in Interface
> >    Identifiers are important.  The IPv6 packets can be captured easily
> >    in the Internet and on-link in public roads.  For this reason, an
> >    attacker may realize many attacks on privacy.  One such attack on
> >    802.11-OCB is to capture, store and correlate Company ID information
> >    present in MAC addresses of many cars (e.g. listen for Router
> >    Advertisements, or other IPv6 application data packets, and record
> >    the value of the source address in these packets).  Further
> >    correlation of this information with other data captured by other
> >    means, or other visual information (car color, others) MAY constitute
> >    privacy risks.
> 
> Alex
> 
> 
> >
> > " For this reason, an attacker may realize many
> >     attacks on privacy.
> > "
> > Do we attack privacy? Maybe say that privacy is a real concern, and
> > maybe move that text to security section?
> >
> > "
> >     The way Interface Identifiers are used MAY involve risks to privacy,
> >     as described in Section 5.1.
> > "
> > Also duplicate
> >
> > Nits
> > ------
> >
> > "
> >     IP packets MUST be transmitted over 802.11-OCB media as QoS Data
> >     frames whose format is specified in IEEE Std 802.11.
> > "
> > Please add link to the reference
> >
> > " the 802.11 hidden node"
> > Do not use 802.11 standalone (multiple occurrences).
> > => "the IEEE Std. 802.11 [ ref ] hidden node", or just "the hidden terminal".
> >
> > BCP 14 text:
> >
> > Suggest to use this text:
> > “
> >     The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
> NOT",
> >     "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
> "MAY", and
> >     "OPTIONAL" in this document are to be interpreted as described in
> >     https://tools.ietf.org/html/bcp14 https://tools.ietf.org/html/bcp14
> >     [https://tools.ietf.org/html/rfc2119][RFC8174] when, and only when, they
> >     appear in all capitals, as shown here.
> >
> > “
> >
> > All the best
> >
> > Pascal
> >
> >
> >

v2.23.0 | Report a Bug | By Email