Re: [ipwave] Roman Danyliw's Discuss on draft-ietf-ipwave-vehicular-networking-29: (with DISCUSS and COMMENT)
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Mon, 24 October 2022 17:29 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8544AC14CF1F; Mon, 24 Oct 2022 10:29:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01, T_HK_NAME_FM_MR_MRS=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N4ra5QmrhFp0; Mon, 24 Oct 2022 10:29:17 -0700 (PDT)
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABD51C14F74D; Mon, 24 Oct 2022 10:29:17 -0700 (PDT)
Received: by mail-pj1-x1029.google.com with SMTP id f5-20020a17090a4a8500b002131bb59d61so1643782pjh.1; Mon, 24 Oct 2022 10:29:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=VRd2g86PwjUEk5l5zZb2BNWiYZ8nALFgk4WpxBtDh7A=; b=GOOfDCQJ/h0W5BmjJCZCpWOjnIeE/Xej+mHAygNF+wxgxxMQNI0BLb2UglVG8Azy/7 Cw/wOaodqO3EcXcrKesTxAIW6bJ54aO6MAINCsJxlA3R+R1dg/v5k73kNr6VrlltrH6U 1U09kn62uKbsw0uDlJWqXuDZgymKQlsyABAy7ZfDjIdSskkd4Ppj3sJwDUONUeTZm0j8 e/ZnRGltjwwYYTjOpjC/hfqAbaUY2cifU6ZRi4IoixTzljfnUdGKwqWL+hbTYBdgsNC8 Cn+yNaXUNkeZUtARDTOuYHl3JFshNrWWyGwxnHMmjeSDSS9oGVZNjJCCFEg1MwQsurBq 6F/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VRd2g86PwjUEk5l5zZb2BNWiYZ8nALFgk4WpxBtDh7A=; b=byU7NdtOpgE+FNw3EjOHS864bC4aZ9rg/73WyH6+FXFs9nMFU0FuYDRcwqAPYweoSc mOL1hJGlsyHiFEKHUN2sgPONOSRNUBp9ikenG+egxbOXwzRAM1UNQl2scrAchwTeH+Ks 6/VxfjZi8yp2nLr39lOleiNUD+L3nWmb+WikqWk5wMrRu62KnWCuJ5E5mlr6VILHuyRI mQZOnwydi9XP3ec9v3Rqpjw/gz1AGT7mH6grQ9JQScmSdDFc2JJJY9ArWIy6A1ihCgqN Ao8UYg3960m5Fj/3+LD7ADxR76C5kdXfJtoiBE+tbli/h10gFW0KSMQ/vC2ZB1glCjwf Tq5Q==
X-Gm-Message-State: ACrzQf2fZ5lYA/yq1+2F9vkhgCPecwlVgHochBeR7/phqKbU0GPT9mlW F4FG9fX9TFHm/sulc42vyYh8aVp32gyNSGZe8u4=
X-Google-Smtp-Source: AMsMyM60Tx/36WA+b7y+NURDe5E/gsARyO+BjreQrOn2iNNnxyDhNM1UopDS0hHRIujaFfNq3Pta32HGHshfFJqvhuQ=
X-Received: by 2002:a17:902:8a90:b0:186:b145:f5ec with SMTP id p16-20020a1709028a9000b00186b145f5ecmr4023935plo.103.1666632556171; Mon, 24 Oct 2022 10:29:16 -0700 (PDT)
MIME-Version: 1.0
References: <166394909530.62950.16481124958317213050@ietfa.amsl.com>
In-Reply-To: <166394909530.62950.16481124958317213050@ietfa.amsl.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Tue, 25 Oct 2022 02:28:38 +0900
Message-ID: <CAPK2Dezmt3h3tDXwaLGEpDe=BPDA05kzL-QoqRr9tb+j0WSHiw@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>, its@ietf.org, Carlos Bernardos <cjbc@it.uc3m.es>, Russ Housley <housley@vigilsec.com>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: multipart/mixed; boundary="0000000000007b7da705ebcb2148"
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/zPOLidVo9PobYlA9n8fSXZOB06w>
Subject: Re: [ipwave] Roman Danyliw's Discuss on draft-ietf-ipwave-vehicular-networking-29: (with DISCUSS and COMMENT)
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2022 17:29:21 -0000
Hi Roman, Here is the revision of IPWAVE PS Draft: https://datatracker.ietf.org/doc/html/draft-ietf-ipwave-vehicular-networking-30 I attach the revision letter for your convenience. If you have something to improve in this draft, please let me know. Thanks. Best Regards, Paul On Sat, Sep 24, 2022 at 1:05 AM Roman Danyliw via Datatracker < noreply@ietf.org> wrote: > Roman Danyliw has entered the following ballot position for > draft-ietf-ipwave-vehicular-networking-29: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ipwave-vehicular-networking/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thanks for all of the changes in -29 to address the DISCUSS points noted > for > -28. To help us talk these through the remaining issues, I have updated my > ballot to remove issues that have already been resolved. I have also > provided > feedback on the new text in -29 intended to resolve the original DISCUSS > points. > > (1) The Privacy Considerations are under-specified: > > (1.a) [per -28] Section 6.3 suggests the needs for logging, “To deal with > this > kind of security issue, for monitoring suspicious behaviors, vehicles' > communication activities can be recorded in either a central way through a > logging server (e.g., TCC) in the vehicular cloud or a distributed way > (e.g., > blockchain [Bitcoin]) along with other vehicles or infrastructure. To > solve > the issue ultimately, we need a solution where, without privacy > breakage, > …”. Some discussion on the “privacy breakage” is needed. What exactly > would > be the trade offs between a centralized vs. distributed log? Who would > get to > see this information? What is sensitive about this information? > > >From -29: > Alternatively, for > completely secure vehicular networks, we shall embrace the concept of > "zero-trust" for vehicles in which no vehicle is trustable and > verifying every message (such as IPv6 control messages including ND, > DAD, NUD, and application layer messages) is necessary. In this way, > a failure to prevent a cyberattack shall never happen on a vehicular > network. Thus, we need to have an efficient zero-trust framework or > mechanism for vehicular networks. > > I’m speculating that the second from last sentence, “[i]n this way, a > failure > to prevent a cyberattack shall never happen on a vehicular network” was > added > to partially respond to the above feedback. Saying that an attack will > “never” > success due to a zero-trust framework is not plausible. Could this please > rephrased. > > (1.b) [per -28] Section 3.3 notes a V2P use case where the pedestrian’s > smart-phone is sharing unspecified information. Does that include location > information? Who gets it? What kind of identifiers are shared? > > Thanks for adding the following text -29: > > The location information of a VRU from a smart device is multicasted > only to the nearby vehicles. The true identifiers of a VRU's > smartphone shall be protected, and only the type of the VRU, such as > pedestrian, cyclist, and scooter, is disclosed to the nearby > vehicles. > > To clarify, this “multicasted” in the IPv6 sense? The VRU’s smartphone is > using some kind of “fake identifier” (source address?) to announce its > presence > so as not to reveal its “true identifier”? Is there a security > consideration > (attack) that these “fake identifiers” multicasting to nearby vehicles > could > convince that vehicle that they are surrounded by pedestrians (e.g., > roughly > > https://www.abc.net.au/news/2020-02-04/man-creates-fake-traffic-jam-on-google-maps-by-carting-99-phones/11929136 > )? > > Can we state the security properties or provide a reference to handle this > issue. I see the following text later in the section: > > To support applications of these V2X use cases, the required > functions of IPv6 include IPv6-based packet exchange, transport-layer > session continuity, and secure, safe communication between a vehicle > and a pedestrian either directly or indirectly via an IP-RSU. > > I don’t recognize the desired properties of protecting identifiers as being > congruent with the above text. > > (2) Section 4.2 > > Note that it is dangerous if the > internal network of a vehicle is controlled by a malicious party. To > minimize this kind of risk, an reinforced identification and > verification protocol shall be implemented. > > -- [per -28] Who are the parties in this verification protocol? What > security > properties is this verification providing? > > [new per -29] Thanks for adding this new text in -29 in response: > > To minimize this kind of risk, > an augmented identification and verification protocol with extra > means shall be implemented. These extra means can be certificate- > based, biometric, credit-based, and one-time passcode (OTP) > approaches in addition to a used approach [RFC8002]. The > verification shall provide security properties such as > confidentiality, integrity, authentication, authorization, and > accounting [RFC7427]. > > I’m having trouble understanding this guidance. The architecture is > suggesting > “augmented identification and verification with extra means.” I don’t > follow > what “augmented means” or “extra” -- augmented or extra from what > baseline? > The security properties this provides is “confidentiality, integrity, > authentication, authorization and accounting” don’t seem to match > authentication and identity topics. > > To the specific examples, how does “credit-based” provide the stated > security > properties? I have the same question for the others. > > ** [per -28 and same for -29] The need for safety properties (very > helpful) is > asserted multiple times but not further discussed in the Security > Considerations: > > -- Section 3: > In addition, IPv6 > security needs to be extended to support those V2V use cases in a > safe, secure, privacy-preserving way. > > -- Section 3.1: > To support applications of these V2V use cases, the required > functions of IPv6 include IPv6-based packet exchange and secure, > safe communication between two vehicles. > > -- Section 3.3: > To support applications of these V2X use cases, the required > functions of IPv6 include IPv6-based packet exchange, transport-layer > session continuity, and secure, safe communication between a vehicle > and a pedestrian either directly or indirectly via an IP-RSU. > > The explanation from the authors noted that the following text was added to > Section 4.2 -29: > > “A malicious party can be a group of hackers, a criminal group, and a > competitor for industrial espionage or sabotage.” > > “The verification shall provide security properties such as > confidentiality, > integrity, authentication, authorization, and accounting [RFC7427].” > > I’m having trouble understanding how this text addresses the safety > properties. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you to Daniel Migault for the SECDIR review. > > Thanks for addressing the other COMMENTs in -29. > > ** Section 6.3. Per the proposed use of blockchain for "IPv6 transaction", > thanks for making a few edits per the more granular feedback on -28. I > leave > it to the WG, but I think this guidance seems speculative, > under-specified, and > one of only a number of candidate architectures. It seems misplaced to be > calling it out here. > > > > _______________________________________________ > its mailing list > its@ietf.org > https://www.ietf.org/mailman/listinfo/its >
- [ipwave] Roman Danyliw's Discuss on draft-ietf-ip… Roman Danyliw via Datatracker
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Mr. Jaehoon Paul Jeong
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Erik Kline
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Mr. Jaehoon Paul Jeong
- Re: [ipwave] Roman Danyliw's Discuss on draft-iet… Mr. Jaehoon Paul Jeong