IETF Logo Mail Archive

Re: [manet] Ben Campbell's No Objection on draft-ietf-manet-dlep-26: (with COMMENT)

Henning Rogge <hrogge@gmail.com> Thu, 15 December 2016 15:15 UTC

Return-Path: <hrogge@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 042A71296BF; Thu, 15 Dec 2016 07:15:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ah9_PGkqC9pd; Thu, 15 Dec 2016 07:15:05 -0800 (PST)
Received: from mail-qk0-x242.google.com (mail-qk0-x242.google.com [IPv6:2607:f8b0:400d:c09::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90A97126D74; Thu, 15 Dec 2016 07:15:05 -0800 (PST)
Received: by mail-qk0-x242.google.com with SMTP id n204so7656297qke.2; Thu, 15 Dec 2016 07:15:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mLpqCCcx2O/1kTgDV94SlbSjeZUadHM7tMKVasW/G9w=; b=jlmTsJ08HmqE4Bg8i39LZKGKf9BTM/daT7S0FD954QUWk3J35quRYAESvn7nT25QXb avRziUNDZO/9bjz0LmYlX28MGSLQxMlgqq+dkzVnGLGNWUllGlIuLyK9MmAgXpnyiNxZ 80G3hhBhJEhDdQ4Et2zQwQl6yVuniYfG1hRQby5SR/cvU+Wpjiti1yxWLbGiZVEKNU0E qqT3ztQlK+iech8BBMhG2liRaBJT4zB+FmEyOGh5dQlfmVGG8TtylpSvyv2XtgKmQ9fr AJvUPj+4lAfvLP6MhGfdUpUMA8SGoLOZOcAHWAHwU/KUKTrJ9ryof2SQEenBb7sDepKq nn9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mLpqCCcx2O/1kTgDV94SlbSjeZUadHM7tMKVasW/G9w=; b=eKDy48GArYHg/wGZqoV+jRx3VPrv8moSTtP461+xvIexguGv6ziU0ZK3KaSQEXGGpv mEiFU8+/cxx3fkf7h12z+66YMBeVyhWHmbjZDD/e91MpQAZ+PEwlK105fUUf4KLfVuVU +wYFFrjW02u/BsUBpqf1TFNULDLhq4lLjJF76z/BA5eIWVu4Eep//eFW4QsyR9nGa14B I7dQ/omlTk3aKmRssbTDKs3lvn4rZO1icvr1/rVfJNuN8q5LnaurvfArhkf/Nzyj2TB3 Q3uTviKWMkSM/phf3+cmt8Gs/l2Rwopx5USQr2BiCn9EA26uhZmeqvu7X4rgl8YvPPR6 jmLQ==
X-Gm-Message-State: AIkVDXIPXWXDzGu5GMSX9+5iy8nrihjhxsay246ziQ2Ihxp2+GZqnW6VQOoLiVIBtOrkYZhgDM8he1N7aCsABQ==
X-Received: by 10.55.120.6 with SMTP id t6mr1470185qkc.83.1481814904592; Thu, 15 Dec 2016 07:15:04 -0800 (PST)
MIME-Version: 1.0
Received: by 10.237.38.161 with HTTP; Thu, 15 Dec 2016 07:14:34 -0800 (PST)
In-Reply-To: <770ED361-BE84-4C10-918D-1A99C6D5EDC2@nostrum.com>
References: <148167372944.10880.17965532160271098693.idtracker@ietfa.amsl.com> <CALtoyokUNSOypVaiVXk=_6fx7TfsQr5ETGatd3t-Qa=edr=Tmw@mail.gmail.com> <D0192C79-F7EC-4DED-9AE8-23EC89F2DA8C@nostrum.com> <CAGnRvupCTaXwDf1y4k0FDeOjTYTjRG0P4twcw4Fzxc1zsKPcrg@mail.gmail.com> <770ED361-BE84-4C10-918D-1A99C6D5EDC2@nostrum.com>
From: Henning Rogge <hrogge@gmail.com>
Date: Thu, 15 Dec 2016 16:14:34 +0100
Message-ID: <CAGnRvuqGEGPRZHOi_U5LXbyx=K07fQ66woPOwpgM7mypFxpbFQ@mail.gmail.com>
To: Ben Campbell <ben@nostrum.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/manet/1e-hRPcEAUIPAa00ASgwzLUxfzI>
Cc: draft-ietf-manet-dlep@ietf.org, MANET IETF <manet@ietf.org>, The IESG <iesg@ietf.org>, manet-chairs@ietf.org
Subject: Re: [manet] Ben Campbell's No Objection on draft-ietf-manet-dlep-26: (with COMMENT)
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 15:15:08 -0000

On Thu, Dec 15, 2016 at 3:53 PM, Ben Campbell <ben@nostrum.com> wrote:
> On 15 Dec 2016, at 2:45, Henning Rogge wrote:
>
>> On Wed, Dec 14, 2016 at 5:31 PM, Ben Campbell <ben@nostrum.com> wrote:
>>>>
>>>> We (the co-authors) have received feedback from some radio vendors
>>>> stating
>>>> that a "MUST use TLS" in all cases would be a show-stopper. We see
>>>> deployments where a small number of devices co-exist on the LAN segment
>>>> -
>>>> for example, a router, a line-of-sight radio, a satellite terminal, and
>>>> a
>>>> small number of other devices. We're open to the construction you
>>>> suggest,
>>>> and will discuss it.
>>>
>>>
>>> Understood. That suggests there are reasons to not _use_ TLS other than
>>> the
>>> listed one, so "MUST unless" may not be what you want.  Any thoughts on
>>> why
>>> TLS should not be mandatory to _implement_?
>>
>>
>> I might exaggerate it a little bit but I think using TLS for DLEP is
>> at best a waste of time to implement. I have yet to hear about an
>> attacker model for a single hop DLEP connection (which is necessary
>> because otherwise the bridged datapath is broken!) which is not easily
>> dealt with MAC-layer security.
>>
>> At worst TLS will kill one of the most important aspects of DLEP, easy
>> integration and autodiscovery of radios by different vendors to any
>> kind of router.
>>
>> TLS also opens  can of worms (additional questions). How is the DLEP
>> certificates be handled? Are there mandatory types of certificate
>> algorithms (if not, you break interoperability)? How do you secure the
>> UDP part of DLEP for discovery (DTLS?) ? How do you make sure that the
>> DTLS connection is to the same endpoint as the TLS connection?
>>
>> There is a LOT of work in this direction without any gain.
>
>
> IIRC, you are arguing against even the existing "SHOULD implement"
> requirement?

I am trying to provide a "strong agree" with Stan Ratliff's opinion
that any move towards "MUST unless X" or similar is counterproductive.

> When you talk about a single-hop connection, are you assuming a direct
> connection from the router to the modem, or that the router and modem are on
> the same LAN segment?

I have seen two (and thought about a third) different kind of
deployments for DLEP... we also had (at Fraunhofer FKIE) discussions
with a few military radio vendors how they could use DLEP and they
also fit into these three scenarios.

1.) a direct ethernet (point to point) cable between the radio and the router.
2.) a router connected with a switch using VLAN to configure a direct
(point to point) connection to the radio connected to the switch.
3.) a layer2 tunnel between router and radio, allowing to span some
intermediate network between radio and router

the third point was discussed in a scenario with a "multi-router
emulator" based on VM technology connected to real radios, but never
really deployed.

DLEP provides a router with knowledge about an interface and the
neighbors behind it. If you provide a three-way layer-2 connection
between a radio, a router and some third device you instantly break
the view DLEP will deliver because the "whole interface metrics" DLEP
deliver don't apply anymore to the whole interface. Things get even
worse when you want to do flow control in the router and suddenly have
neighbors DLEP does not tell you about, most likely your routing
functionality will break in a creative way.

You cannot even switch two DLEP radios together on the same layer-2
segment, connect them to a router and expect the whole thing to work.
Now you have two radio interfaces and a router who cannot
differentiate between them, because you can only sent your
(linklocal-) Multicast to either both of them or don't send at all.

so yes... "single hop" is most likely a dedicated point-2-point cable
or a VLAN simulation of the same.

> Am I hearing that this is one of those proverbial "SHOULD BUT WE KNOW YOU
> WON'T" requirements :-)

I would expect making it "RECOMMENDED" or "MUST unless" would result
in a lot of semi-tested bitrotting code nobody is using. Or maybe a
"does not support TLS" note in the manual.

Henning Rogge

v2.23.0 | Report a Bug | By Email