Re: [lp-wan] Comments on draft-barthel-schc-oam-schc-03
Laurent Toutain <laurent.toutain@imt-atlantique.fr> Thu, 15 February 2024 09:22 UTC
Return-Path: <laurent.toutain@imt-atlantique.fr>
X-Original-To: lp-wan@ietfa.amsl.com
Delivered-To: lp-wan@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF4F4C151538; Thu, 15 Feb 2024 01:22:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=imt-atlantique.fr
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z1lP2kcJsntt; Thu, 15 Feb 2024 01:22:49 -0800 (PST)
Received: from zproxy2.enst.fr (zproxy2.enst.fr [IPv6:2001:660:330f:2::dd]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEC92C14F6E2; Thu, 15 Feb 2024 01:22:46 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by zproxy2.enst.fr (Postfix) with ESMTP id 362C4805AE; Thu, 15 Feb 2024 10:22:43 +0100 (CET)
Received: from zproxy2.enst.fr ([IPv6:::1]) by localhost (zproxy2.enst.fr [IPv6:::1]) (amavis, port 10032) with ESMTP id yfvTIRD4imBy; Thu, 15 Feb 2024 10:22:42 +0100 (CET)
Received: from localhost (localhost [IPv6:::1]) by zproxy2.enst.fr (Postfix) with ESMTP id 5DDAE8067C; Thu, 15 Feb 2024 10:22:42 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.10.3 zproxy2.enst.fr 5DDAE8067C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=imt-atlantique.fr; s=50EA75E8-DE22-11E6-A6DE-0662BA474D24; t=1707988962; bh=BZCi8pBg6OO1JtR43PtCvo5WqKGcAChd/BrVA/CvJxI=; h=MIME-Version:From:Date:Message-ID:To; b=fe+S7VysDzueMj2Caq4OdT+zrTUkDmmYde51VGUvPNtcM2v8q5y4mhbqp3n97+mMw oGVTTXjI+js+o5w2lADuIX+VcYjOg4brKqTylliZ2fiNO+qxdB86DBjo4gY51RSL0W laDgT3rxP62BuCRyZfxjumc0cMeAszr7jInQnFGU=
X-Virus-Scanned: amavis at enst.fr
Received: from zproxy2.enst.fr ([IPv6:::1]) by localhost (zproxy2.enst.fr [IPv6:::1]) (amavis, port 10026) with ESMTP id XzIluUpB7YIf; Thu, 15 Feb 2024 10:22:42 +0100 (CET)
Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by zproxy2.enst.fr (Postfix) with ESMTPSA id 2F3C9805AE; Thu, 15 Feb 2024 10:22:42 +0100 (CET)
Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-412255afa19so762055e9.3; Thu, 15 Feb 2024 01:22:42 -0800 (PST)
X-Forwarded-Encrypted: i=1; AJvYcCWNKDyMGa0+hNI4MstFyLkCZzo4Zd8fZ+QpXGu1o2Tekb7+YGAuI7VC1Ei3+z8N7H1oHmIEtwWcWazd4kTJgjQUd8LF4gSxwsHgpLpHqH0=
X-Gm-Message-State: AOJu0YzNBSgcTiAJVW6nvcg+9yTwrjvovUwfOu9CouaYnrkd+sR54t99 ZZNkjp7QBvsoiWupq8aY4yi+NDi3rGpzVY+S22/pbvMiYd9UKhMROq699PqenwustU3pp6tS6Pb MZdguNwREIEsChdRxOQki5c8Tbu8=
X-Google-Smtp-Source: AGHT+IHWmVxOHCFMmk7+67W6np/iouusV935Yn7EvwD+fFXlKl8m/EonFFI5WkFJwi9z0SaMl1Troci2BQP4b04idGg=
X-Received: by 2002:a05:600c:4511:b0:411:c3d3:94dd with SMTP id t17-20020a05600c451100b00411c3d394ddmr820787wmo.28.1707988961808; Thu, 15 Feb 2024 01:22:41 -0800 (PST)
MIME-Version: 1.0
References: <CAOPRf-c75xwMD=hDZn8SXFfcHqmMxMt7ai9vrY3hdqEYskDQzA@mail.gmail.com>
In-Reply-To: <CAOPRf-c75xwMD=hDZn8SXFfcHqmMxMt7ai9vrY3hdqEYskDQzA@mail.gmail.com>
From: Laurent Toutain <laurent.toutain@imt-atlantique.fr>
Date: Thu, 15 Feb 2024 10:22:04 +0100
X-Gmail-Original-Message-ID: <CABONVQZkN3kT4SPEY-dhDe=JzYsRWa1SrFtVECqbVyEQB90BzA@mail.gmail.com>
Message-ID: <CABONVQZkN3kT4SPEY-dhDe=JzYsRWa1SrFtVECqbVyEQB90BzA@mail.gmail.com>
To: anaminaburo@gmail.com
Cc: BARTHEL Dominique IMT/OLPS <dominique.barthel@orange.com>, schc <schc@ietf.org>, lp-wan <lp-wan@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005958470611682b23"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lp-wan/YgviFo_XRp1P6TsDeCXdOBlfyuA>
Subject: Re: [lp-wan] Comments on draft-barthel-schc-oam-schc-03
X-BeenThere: lp-wan@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Low-Power Wide Area Networking \(LP-WAN\), also known as LPWA or Low-Rate WAN \(LR-WAN\)" <lp-wan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lp-wan/>
List-Post: <mailto:lp-wan@ietf.org>
List-Help: <mailto:lp-wan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Feb 2024 09:22:54 -0000
On Tue, Feb 13, 2024 at 11:41 AM Ana Minaburo <anaminaburo@gmail.com> wrote: > Dear Laurent and Dominique, > I've read your draft. Here, you will find some comments and open questions > to discuss. > > Thank you Ana for the careful reading, our comments are in-line. > 1. This draft gives new features that augment SCHC. > - It creates two new MO/CDA > - Creates a new item in the Rule to achieve an operation, called ACTION > > 2. It also gives some feathery strategies for compressing the Type and > Code of the ICMPv6 header fields. > - In section 4.2.1, when introducing the example, you want to define > something different using only the RuleID. Please let me know if I need to > correct something. > But here we can discuss some points: > What is the idea of creating a Rule per Type or doing a general Rule for > all Types? > That's depend of level of precision you want to inform the device. A very constrain device, may be satisfied by the information, an error occurs when I'm sending my measurement, so I will increase my sending period to same energy. Some other devices may be interested by the nature of the error. If the prefix is unknown, it may mean a routing error, that will be corrected quickly and a port unavailable, will inform that the server is not running and may take longuer time to repair. Then the device can update its sending perdio differently. > Do you mean a RuleID format that implicitly adds the type/code? > This is very interesting, but I think we need to open a new discussion > about it. > No, if a device receives a SCHC packet containing only the ruleID this means that the incoming packet matched the rule, so the TV were in the Fields. But I agree to discuss if needed :-) > 4. Also, when you describe Ping, you only describe the use for LPWAN, and > I think you need to open the use of Ping to all networks—perhaps giving one > special section to LPWAN. > In my opinion, but maybe it should be more carefully written in the draft, the ping with just compression is covered by the generic ICMPv6 compression in § 4.1 Ping-proxy action SHOULD be used only in LPWAN networks. > 5. Using the proxy. > How is the security assured here? How does the proxy know the device is > alive? > That's a good question, ping is not really protected and to the best of my knowledge there is no encryption for ICMPv6, so using a proxy also to anticipate the Device answer. An attacker will have to take control of the core SCHC and that's no more a problem of ICMP. In openSCHC, the SoR is timestamped when one of its rule is used for decompression. In the proxy-ping action in the rule, there is a parameter telling the keep-a-live duration. When a ping request arrives to the core SCHC, the proxy check the different between the current time and the SoR timestamp. if less than the duration parameter it generates an answer, if higher, the request is discarded. Note that we can trigger the compression if the delay is over and a compress ping request will arrive to the device. > You need to keep the trust between the proxy and the device by doing some > control instances and keeping this in the Rule. > If you use encryption, then the proxying is not possible in the core, as compression or decompression. If you don't have encryption, the information is available. More generally for action, an action may not change the SCHC packet but trigger some mechanisms managing the rule, so it is more a meta mechanisms. I don't understand the point. There is a kind of trust in SCHC since both ends share the same rules. This trust may be reinforced by signing an canonical representation of the rule (for instance using CORECORE representation). Before starting the exchange, both entities ensure the rules are correct, but this part is not covered by ICMPv6 compression. > > I think that as you have defined it, you identify which Rule may accept > the ACTION. That identifies the Rule and allows the proxy to answer a > request, avoiding a waste of resources for an LPWAN device. The > device executes a control update and releases the constraint network for > ICMP traffic. > That's the rule designer who decide to add an action to protect his link if he wants to ping the device. > > 6. To be explicit, you must > => separate ICMPv6 compression from Ping usage. Make two separate parts of > your draft. > This is done, but not is a very clean way. Section 4.1 is for generic compression and 4.2 for and example. But 4.3 targets constrained network. I propose to have 4.3 in a new section dedicated to constrained devices. > => Change the title to only ICMPv6, which could represent your work. OAM > also implies traceroute, mtrace, BFD, IPPM, MPLS-TP, and SNMP. > I agree, we look with Dominique about traceroute, but it is difficult to write a generic document, since the implementation of traceroute differs. I suppose that the strategy for the others also differs when you are in an LPWAN. > => Add a new section to update RFC8724 with the two MO/CDA dedicated to > ICMP and Actions > I think it is better tp augment RFC9363 with a YANG DM for ICMPv6 fields and new MO/CDA and he introduction of the Action leaf.. and of course the architecture document for proxies. > => Change the Introduction. By omitting OAM. > > Ok. Laurent > Ana > > > > >
- [lp-wan] Comments on draft-barthel-schc-oam-schc-… Ana Minaburo
- Re: [lp-wan] Comments on draft-barthel-schc-oam-s… Laurent Toutain