IETF Logo Mail Archive

Re: [lp-wan] Fwd: draft-architecture-02-inputs "better match"

"Ivan Martinez Bolivar (Nokia)" <ivan.martinez_bolivar@nokia-bell-labs.com> Wed, 07 June 2023 12:56 UTC

Return-Path: <ivan.martinez_bolivar@nokia-bell-labs.com>
X-Original-To: lp-wan@ietfa.amsl.com
Delivered-To: lp-wan@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D6D7C153CA0; Wed, 7 Jun 2023 05:56:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia-bell-labs.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ndca7637vI4G; Wed, 7 Jun 2023 05:56:30 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2109.outbound.protection.outlook.com [40.107.20.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC302C152F3B; Wed, 7 Jun 2023 05:56:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nCSBL/nA1KEG7DhZ9aRSlUrj9IOborBr9bi7KoLw2c2mwW8H/yYTA8xEAfEMi5LMQr+APR/72oUhMSL8Pmwxx6xqOYDKf79DeaoYABeZqLPA4oJRTKS/dLM8DiaTjoO6tjO4y8s/hmeYyS1ft/XPt2onulmRdXxo+eK0UxGhAgEX7qVWP/e9dClHoFeS3ZMP0yRBMhjuF0BAlGtJpQSySlX3RMsw0nPi61NLTUyf6O0PFPck6YginOARBNH7vKChWxSWrvok/uhfwBk4S7NGUATGvg5IOEuFnYdCTgP/muKguQECjlCuFMrxSm1urb2mVKo+zyOTfetioEGUnA3Pxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8txw6+kjXBkPGHlJwqu59P8AqBr93pk61PiJmd2o6R0=; b=L7IB2ycFHjrBYy8u5dUzvg7aYWKvy3H25XkaKLtlgiYUNRN6IdgGnjVIYnWmKdSnFMOh83E5k21IeCAa18I5DuIiChX9Kr+0ucVgBO1LxADxTVEMsqTzeED4Ef3LhVBeuI8cK5jVXfgGfLECq5dn5XUM9yQ9sEEH8r28l7Fq2t1rFS1KY3APHjJhzFseF0NOb4JMNqDH64JLsW8Lt4MhdBsQceBRvvtT+mOxhJs5bBBrbDpp4GgDulk/xLTSlhA/xfJ9rYQXm0EjK/jFs1DqcSgRqw8EX9LjLj2YsW/imY/SovHJV7iQWEudxwsMuz8qKhO9HxclCAxpP8fe12eMDA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia-bell-labs.com; dmarc=pass action=none header.from=nokia-bell-labs.com; dkim=pass header.d=nokia-bell-labs.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia-bell-labs.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8txw6+kjXBkPGHlJwqu59P8AqBr93pk61PiJmd2o6R0=; b=rIvqzOumbE/yzCPOeMmjBPi66ncjhvDs0EmMUiiXiDPGz/k+oEd0Z+1nr4LB+AVOCSG7fm5ed1yZJYvkYbG7eXUPK9gnHYRmfuUFiMh/Pj4wGtj3kV26qoQcaWxPx4c9T3N/BLzcjNzsSRkz4kzDyvoAtbze42FKY1teZbCYH6lA6ZTUFtV93Y2mp5C+XqAAcX4FYXzmDeY+Qj4j4iviSzZBWMOWi57/9/Fo/4YCw/qrbicS9ZwrAX3VMrFLiKag4gnbgrXqrB2Y0P8MpUZQdOFUCI3wAjzv3XXPL03nVlt2mAQGSSI7k+gAbo9YVvdvGf6BoaRezAo8LQbtgL0H2w==
Received: from AS5PR07MB9895.eurprd07.prod.outlook.com (2603:10a6:20b:680::16) by DBAPR07MB6823.eurprd07.prod.outlook.com (2603:10a6:10:193::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.32; Wed, 7 Jun 2023 12:56:26 +0000
Received: from AS5PR07MB9895.eurprd07.prod.outlook.com ([fe80::3a40:77f3:9d8c:20ac]) by AS5PR07MB9895.eurprd07.prod.outlook.com ([fe80::3a40:77f3:9d8c:20ac%3]) with mapi id 15.20.6455.030; Wed, 7 Jun 2023 12:56:25 +0000
From: "Ivan Martinez Bolivar (Nokia)" <ivan.martinez_bolivar@nokia-bell-labs.com>
To: "schc@ietf.org" <schc@ietf.org>, "lp-wan@ietf.org" <lp-wan@ietf.org>
Thread-Topic: [lp-wan] Fwd: draft-architecture-02-inputs "better match"
Thread-Index: AQHZmTtVHNnA2U3X1EuHM3fM/D33W69/RE2x
Date: Wed, 07 Jun 2023 12:56:25 +0000
Message-ID: <AS5PR07MB98950764AD18D7E865ACBBBAD253A@AS5PR07MB9895.eurprd07.prod.outlook.com>
References: <CAAbr+nQ0k4Ny=sPy+EpeEo=fBxQQqo0ZY3s1ajQUNz_J7CkqAg@mail.gmail.com> <CAAbr+nSbfq9kJ_rZVR-GmGyk1iaBse=r=Cv1p74dy4zZZ3CHOA@mail.gmail.com> <CAKUuZYQPSU72TaSEN_c=ZgteqTZ3J2SHHrCz1a0AQ+rfPCy_4Q@mail.gmail.com>
In-Reply-To: <CAKUuZYQPSU72TaSEN_c=ZgteqTZ3J2SHHrCz1a0AQ+rfPCy_4Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia-bell-labs.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS5PR07MB9895:EE_|DBAPR07MB6823:EE_
x-ms-office365-filtering-correlation-id: 9eae8a18-0811-4f38-fe35-08db67569a60
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: yoFVr77DZ0gKjSY/2vDcT0ivV8YyZzbmCsDDft3LszFden6znfm25O001vQ85um1BVJupLJrL3EOx3RO6Im6t7npHWfsbiL4VZU3rk6KAWNhTp+7mS0iALFqPll3mvwMGVucRFz2q1joahCfeyZDKLbzgP8Q9pR72GxBu77zigWiI4RWjeNGRUsOtdHpIJMxvmkPH1XyiKuL+jWYB9sPlaZU6eLgdB2ZkdURsuBlmzVvIB/5agoYptp8zqI4KGkxgdn0vYrzB7JxA2qtnr129v1i4y4mhJBKKsygn3p4sTv8F+3+sgvKmB7XdMbo3HOSoaioXn7zmBNazT+KTjjyvsMs8/wedtX9+HfW21QE0xFTF6Pai1HUodXvL0l/aTssa9a9xI9FXh0wVX66lbvnsmqP+091OY0w5RAPUFFM3PohbsdKnm6PmGU5R1iDHR2jIxbfdlETgRQdNkq3TBRSPtgsBKSKDwaZLrIQNqHVzJ5sqALjCcH46bW5uu6Cdmcw/W85xw+EwPAOLafrqgM3bpEBKc5is856vzYmLD729ZQ5jsddWmVTJryvSOZvjUJUzR1eRrPfjfD+k7WykvCfAMncJFDb6V1EAOO9ypRaiFIHICCDrBY28K51BqsidzNx5nqN8Ygg4Yfj0vqGhc3CWg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS5PR07MB9895.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(376002)(366004)(396003)(39860400002)(346002)(136003)(451199021)(450100002)(66476007)(66946007)(76116006)(66446008)(2906002)(478600001)(91956017)(8936002)(19627405001)(64756008)(8676002)(110136005)(41300700001)(316002)(66556008)(52536014)(5660300002)(7696005)(71200400001)(53546011)(6506007)(26005)(9686003)(966005)(38100700002)(82960400001)(186003)(55016003)(83380400001)(86362001)(166002)(33656002)(38070700005)(122000001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: TCddw5Am9ZBbUfRI4ptvLUEpUOEkEEvEw+QoTCowdiaA4V28DfbvoAu8MLiM9lxoNOPPkJPoqGx7stIJ6pBcwcd99YMB7kX4R3+J1qbMvJuimQHkV7mQFYeA0JUlmroZ6Fg0Fyt/YJsnmwjBFlII3q6WJk0n5h+XC/l6eeWl/d/qCRRbeYqGW9lWEhZYEocyxZpVy9oa6ZRqIxFat8kdQTAucThPh7TTLKsrA9BvdUmy/vwuPqF1eNDTahu2i4qtTHBn8hj7EWDiiZ6CmDLVfOM7yxfpWBpxJs5jj9XEg0LY98ps/FPeVGIubQP7cYRCQ4lXaOK1Jz680Gowx4S9GE+X5wC82DV7Ih3E8dLZlZg5kUPIG7wkTAerjCjrlLzVFTLDKivwKFDdVBEZmmK/CKLW2wWlsQCWMjmAGoUmF1gyAHm7/0QUSHl+Ke6RrwUYwxdzAHmsKF7n7IbxOa2++U6rxpTPMpnOjoRkEoNbH50hIcHYdSPes36ZpGsZ8zmJv18SFczWGgBZqqWR+lFLicNr8X5/wAMHMrWkspHgq+3xErfW/bsPgRzdCM0ifgcskmPO6QVD9v+oSEwUWh8pw/AGyuf8WWGaUOd9L6woyK1h6u88acdKVDJCMJsO2YTq2MVF44/y58QI9OuHXOdQD4c5ThjffXsp+n4X02MpI7zbgAH3ss1Op/8alan+CPBUOWWqnm4ko52qrFOApoyx0ghZQYOfGfjswkDa67+b+tQ6z7McHf+XGtpWHcMehBmw6/aAC2sgqG4uT8dCp8i/GSfo/dhnvlZT9tzHywU1dlBlR2zx1VJ6H48nlqlVPqlEBiJmByZvTlsUIkdL397jNFlPrR4Q2DmXTTonFg4hKFDKXdckTnzuDhKNss7esR3rd9ALX9uYVlzhnsth58xHzPxBsxFN8xTnP7uqMr7OxYXKFeuEeyUNAKhjKwnNPBjl9SG2a2vTpc0pCX3TxchcM4ybsILxjw4LcPoiw7tGbTlgRrVGAEAMGUkpHFNo176QkxOW9TN7502e8je7ifbqFzcWyo5SViRNHUDy9wlF6caeQ3mDIl3r0XQp2MmMYqdTW4aDyaBoGE8kjM/xtOwCxSIc+hpNLlxRJV3nH74NjQQiMyI2n5VoG0XZzGEf+6in7rQqHX35GACZbQcDDODJ0IshCSaBw+MQuM/CnOZ6k03OVJcbYE/Yrokqrq5qF0aVFbWrcIM5bVyhqQ+KIamO61TawBK578v1xSzidYFs0aaHcvj42zdlWi3ZE0XS8RnzkU58NiiJ94iq//NpPEb0Nlq7q335EEJbF18mZMN4mQUEHrymJ+LB0ZPpIaKNvnxzlvxY9lBtIZ8Zq435I5e6kiSz1UFAPTlEcSSLIdxl/oVmPbpPDe5bxTyCwzVBTVi+R8/5TF+XI4VMwgBk56/UFTMPhIMQkJNnaa3+iek3K/bR+BP3YC3qFfbmdr+LtWKGZSg/2Si7u7csPLqyudyclzjZNU443nodev7Y2IRrSSCmliv5VsekdPrfz8WH+/svvP5N3wcsHBObC5NeHAjmole8KFH76pXuZ6QrBnhkDK57FLFh5W3TGL4r1z7gD8tWJce1+rp9yierjjKM9yKtrBnXLj5Vf6Z94zFCq33jBok=
Content-Type: multipart/alternative; boundary="_000_AS5PR07MB98950764AD18D7E865ACBBBAD253AAS5PR07MB9895eurp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia-bell-labs.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS5PR07MB9895.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9eae8a18-0811-4f38-fe35-08db67569a60
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jun 2023 12:56:25.7671 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cr90eJuqw+WBRYdfcGN+AjwPBmDRzuuKPFb3aEN66G4JJ+OC4jlOY1Nz9CBvA6bT3qSXqiH0+w6ti2SP9eLzzn0zWGYw2BmszMDHXsRUPM8ZgDuLuDsR8cLXhMeNJ1t8xeQPEgdgHEoWWwkh2ZOpyw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR07MB6823
Archived-At: <https://mailarchive.ietf.org/arch/msg/lp-wan/rf4J3Fwqp-odrYFhgIbZqk0yMLg>
Subject: Re: [lp-wan] Fwd: draft-architecture-02-inputs "better match"
X-BeenThere: lp-wan@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Low-Power Wide Area Networking \(LP-WAN\), also known as LPWA or Low-Rate WAN \(LR-WAN\)" <lp-wan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lp-wan/>
List-Post: <mailto:lp-wan@ietf.org>
List-Help: <mailto:lp-wan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2023 12:56:34 -0000

Hello SCHCers,

This is a crucial aspect for the Access Control draft that Ana, Laurent and I are working on.

I suggest keeping it as it is in RFC8724, allowing implementers to choose the Rule as they want, and addressing the scenarios that require careful consideration in our draft.

Hence, we shall introduce the notion of "destructive compression", for those cases where there are rules including "ignore - not_sent" and tell the implementers in which cases this combination is suitable or not. Looking at the examples of RFC8724. We got IPv6 Hop Limit, this may not be important in a star topology but can be problematic in other cases.

If you think of other cases where this "destructive compression" can be an attack vector please let us know, we'll be happy to discuss about it.

Ivan


---------- Forwarded message ---------
De: Ana Minaburo <ana@ackl.io<mailto:ana@ackl.io>>
Date: mar, 23 may 2023 a las 20:20
Subject: [lp-wan] Fwd: draft-architecture-02-inputs "better match"
To: lp-wan <lp-wan@ietf.org<mailto:lp-wan@ietf.org>>


This too.

---------- Forwarded message ---------
From: Ana Minaburo <ana@ackl.io<mailto:ana@ackl.io>>
Date: Tue, May 23, 2023 at 4:39 PM
Subject: draft-architecture-02-inputs "better match"
To: Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>>
Cc: <lpwan@ietf.org<mailto:lpwan@ietf.org>>, <schc@ietf.org<mailto:schc@ietf.org>>


Hello Pascal,
This is the second thread.


  *   2. Section 3. In the Static Context Header Compression, in the first paragraph, it is mentioned: "The rule that matches best is used to compress."

 [Ana] It is very ambiguous because it can be misinterpreted. Does it refer to the Rule that matches the complete header, i.e., the Rule with the same FIDs as the header format? Or do you mean the best compression residue? RFC8724 leaves to the implementation the choice of the Rule to be used when multiple valid Rules match.



Agreed. This should be discussed on the list since it is an attack vector. Someone inserting a "better match" can turn a decompressor into a bomber. Let us start a thread on this.


[Ana] If the best compression residue is what you mean, I agree that it introduces an attack vector that needs to be solved by a deeper discussion together with the modification of the Rules during the session.

But In a context, several Rules may match the header and may be used to compress it. For instance, deciding which one is used is an implementation problem.


_______________________________________________
lp-wan mailing list
lp-wan@ietf.org<mailto:lp-wan@ietf.org>
https://www.ietf.org/mailman/listinfo/lp-wan


--
Gracias
Ivan Marino

v2.23.0 | Report a Bug | By Email