Re: [manet] New AODVv2 draft and status
Jiazi YI <ietf@jiaziyi.com> Thu, 21 April 2016 21:00 UTC
Return-Path: <yi.jiazi@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A66D212D6C7 for <manet@ietfa.amsl.com>; Thu, 21 Apr 2016 14:00:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level:
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nvcfAHtYoZMo for <manet@ietfa.amsl.com>; Thu, 21 Apr 2016 14:00:02 -0700 (PDT)
Received: from mail-wm0-x242.google.com (mail-wm0-x242.google.com [IPv6:2a00:1450:400c:c09::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FB8612DDC2 for <manet@ietf.org>; Thu, 21 Apr 2016 14:00:02 -0700 (PDT)
Received: by mail-wm0-x242.google.com with SMTP id n3so24642620wmn.1 for <manet@ietf.org>; Thu, 21 Apr 2016 14:00:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to; bh=TzjAjI0ETjD6AWjcV8oPF8BqWvBY3Vx1ydsQj47+gBs=; b=AdG2CpMEVHash/axOxBr4s/Amz281Qiqb1VywcPG82mzIu+yo22QG6txzUHkCiW8oQ qhz04+NPwf/EyaU9zcQcy+M1gdGLSmNu541UaKn76ZODZSP8qBhVGR8/fI+sE2vFYiA2 jv3UyYhqZyzlrRo53CdYLqdAH0if1IdBKIAiJNc2HGTuD9BVidczaQsKCw7Ny5aZmyYD /T3NhpA7umC5sWTBcOuy4ntP/Woo8vzLmPH0vjh93wADy+bRzSd1ItEKkugBrtblolgV FtXJk1JRCBI9fLpiJ31zIO0TQgIwgXbTrAvjMYm0iOM44ws/wERmdtktGzTIFXIU3v9U A7Hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to; bh=TzjAjI0ETjD6AWjcV8oPF8BqWvBY3Vx1ydsQj47+gBs=; b=bu0DsobhyjpRRLP0Rt1W/RwEV/TiqN33Kzr0TdDuXDgTnuY+JuLUebMdwcwSVkjTth AlZxCEbNa+ivBBQ4PDjoOHxjlJvGX9WJ6yx0bI5sArbDrcM6zBLy38RT+0JcA2u7Si5r 8hw2WEhrP+Mz+jC13JDLyCKlXRAIiVGtBE7d5/7R/6N1Pw0sz7yIvvV3bC40VPTlXPgU ZraQPQkFeyBl7UurQ1+livCTUpDNZ9BkcXXKRlQ1OXpploNRoqvPRrJYRgHzj07IAPwQ 30rwLs9S1MNZuFehVCzGS1Cg9vU4oUo67LypYEc8JcSURwjgQpgmgoc67Mk+yE94smsJ 3buw==
X-Gm-Message-State: AOPr4FVVfuADwlhJUp1eZZFMMCI4x/2sNe3z2rXDYS5FF2BLeNaVh9jGLxmOrXCoye5IU0Yp9qodmPXqxxnkYQ==
MIME-Version: 1.0
X-Received: by 10.194.6.36 with SMTP id x4mr16640663wjx.122.1461272400728; Thu, 21 Apr 2016 14:00:00 -0700 (PDT)
Sender: yi.jiazi@gmail.com
Received: by 10.194.153.166 with HTTP; Thu, 21 Apr 2016 14:00:00 -0700 (PDT)
In-Reply-To: <CAN1bDFyLdnkRBe_qQLW4JFNJxGzOs8=kTTCbRwrnRh+0WprDyQ@mail.gmail.com>
References: <CA+-pDCdh2O1iuVKTj+=kV=52Mx7qLNE3PB7M=WbPLCv4Vd9KoQ@mail.gmail.com> <CAN1bDFxMu4P6q1HOsGwELx1Y9fEigWYcwWUQqFXSMEa0BvCf8Q@mail.gmail.com> <CADnDZ8-2cCoPVDAr9g0q3ir0J5bJKYK1udYd2TzE82HOcpBkLg@mail.gmail.com> <927E6489-D927-4670-A24C-5A5D9B58C05D@gmail.com> <57191FDD.5010707@earthlink.net> <CAN1bDFyLdnkRBe_qQLW4JFNJxGzOs8=kTTCbRwrnRh+0WprDyQ@mail.gmail.com>
Date: Thu, 21 Apr 2016 23:00:00 +0200
X-Google-Sender-Auth: r3oKyA7SHaRJrfTniqHNb-fc9uM
Message-ID: <CAN1bDFxKjApOdzWNOZjs=FK6sxA5vRoXq3QfKpGLeuy5xXzfiA@mail.gmail.com>
From: Jiazi YI <ietf@jiaziyi.com>
To: "manet@ietf.org" <manet@ietf.org>
Content-Type: multipart/alternative; boundary="047d7b5d295c5d9abc053104fe79"
Archived-At: <http://mailarchive.ietf.org/arch/msg/manet/7diAepseWRb-eprJb8B-fhnHuvQ>
Subject: Re: [manet] New AODVv2 draft and status
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2016 21:00:04 -0000
And by simply searching the archive, I would like to point out that those comments are nothing new. In the comments from Thomas in 2010 (6 years ago), the issue has been brought out in http://www.ietf.org/mail-archive/web/manet/current/msg11858.html , I quote: <DYMO> In situations where routing information or router identity are suspect, integrity and authentication techniques SHOULD be applied to DYMO messages. In these situations, routing information that is distributed over multiple hops SHOULD also verify the integrity and identity of information based on originator of the routing information. <TC> This is really difficult to do, in case messages are mutable in-transit, which appears to be the case for RERR and RM's; i.e. for all DYMO messages. For that reason, using SHOULD is - imo - dangerous here. Also, for that reason, I think that this issue of mutable messages deserves being called out explicitly in this section, especially if there are known or recommended ways of handling this (as is the case, for example, in the security considerations section of RFC5444 regarding the mutable header fields for hop-count/hop-limit of messages. Then related comments were repeated again and again. Isn't enough to bring the attention of the authors? In fact, the situation get even worse by changing the strategy to regenerating messages. best Jiazi On Thu, Apr 21, 2016 at 10:38 PM, Jiazi YI <ietf@jiaziyi.com> wrote: > Hi, > > > On Thu, Apr 21, 2016 at 8:45 PM, Charlie Perkins < > charles.perkins@earthlink.net> wrote: > >> <snip> >> >> Regarding security: if AODVv2 were to solve all the possible security >> exposures of ad hoc networks, it would be historic and worthy of >> publication -- probably would win paper of the year. Needless to say, that >> was never part of the charter. >> > > > But security and its consideration are part of every specification. > > As one who co-authored several vulnerability analysis drafts/RFCs > (ndhp-sec-threats, smf-sec-threats, olsrv2-sec-threats), what we always do > for a protocol is: > > - assuming that we have a compromised router in the network, what can it > do to break the network? What's the consequences? What about if there are > several of them? > > - what about if there are mis-configured routers or wrong-implemented > routers? > > - what kind of threats can be mitigated by existed security measurements > (like RFC 7182/7183)? > > - what kind of future work can be done to make the protocol more secure? > > With the current AODVv2 specification, if I was to produce a > aodvv2-sec-threats draft, it would be much simpler: > > - one single compromised router can easily jam the whole network (RREQ > flooding), or even bring down the whole network (remember the multicast > RERR?) because of the transit-trust model used. > > - with my limited knowledge, as future work, there is no easy way to > protect the message because of the reconstructed and length-varied message > regenerated in every hop. > > > Even *if* security was acceptable as future work (it is not, but as a > thought experiment, let's assume), there is no easy way to protect the > message because of the reconstructed and length-varied message regenerated > in every hop. > > Securing a reactive protocol requires different considerations than does > securing a proactive protocol, but there has been work done in this area, > and other WG participants have raised both their concerns, and suggestions > to security architectures, and protocol architectures (better) able to > accommodate security, a long time ago. I don't see those works, nor the > suggestions and comments made, reflected or considered in revision -15 of > the draft. Especially, the current design based on message regeneration > makes the future extension to the security very hard, as has been > reiterated repeatedly. > > Abdussalam doesn't agree with me on my observation on "Lack of response > from the author team on the comments. " -- this is an example. > > regards > > Jiazi > > btw, I would like to confirm with the WG chair: the WGLC is from April > 20th to May 4th, right? > > > >> >> Regards, >> Charlie P. >> >> >> >> On 4/21/2016 11:24 AM, John Dowdell wrote: >> >>> All >>> >>> I believe we’re going about this the wrong way, and we’re setting >>> ourselves an impossible target at which we are bound to fail. >>> >>> BCP 9, governing the Internet Standards process, section 4.1.1 deals >>> with the first level of maturity, termed Proposed Standard. To paraphrase, >>> a Proposed Standard is supposed to be as correct as we can make it, but >>> there is no requirement to have made an implementation. Since no engineer >>> has ever written a fully correct specification before cutting metal, it may >>> be expected that there are some areas which will need attention later on, >>> at Draft Standard if we ever wanted to go that far. I’ll say now that one >>> area in AODVv2 will need some work later, that of hop-by-hop security in an >>> ad hoc network. This is because nobody has really cracked that problem yet; >>> some real bright people are grappling with that right now over in DTN. The >>> work in our own group on Identity Based Signatures will help but there is >>> still ground to cover. However the actual level of security is not for >>> AODVv2 to mandate, it is for the implementor and system integrator, based >>> on an assessment of the likely risk and the thickness of their wallet. >>> >>> It is clear to me that few will make an independent implementation >>> without the RFC stamp. This much is obvious in modems fitted with DLEP; >>> there are just four such implementations I know of, and two of those were >>> written with the encouragement of author team members, but I know of many >>> more who are just waiting for the dust to settle so they can make the >>> business case to proceed. Allow AODVv2 to get to RFC and we’ll encourage >>> others to use it and get some feedback. >>> >>> Regards >>> John >>> _______________________________________________ >>> manet mailing list >>> manet@ietf.org >>> https://www.ietf.org/mailman/listinfo/manet >>> >> >> >> _______________________________________________ >> manet mailing list >> manet@ietf.org >> https://www.ietf.org/mailman/listinfo/manet >> > >
- [manet] New AODVv2 draft and status Justin Dean
- Re: [manet] New AODVv2 draft and status ietf
- Re: [manet] New AODVv2 draft and status Justin Dean
- Re: [manet] New AODVv2 draft and status Christopher Dearlove
- Re: [manet] New AODVv2 draft and status Justin Dean
- Re: [manet] New AODVv2 draft and status Thomas Clausen
- Re: [manet] New AODVv2 draft and status Justin Dean
- Re: [manet] New AODVv2 draft and status Thomas Clausen
- Re: [manet] New AODVv2 draft and status Christopher Dearlove
- Re: [manet] New AODVv2 draft and status Justin Dean
- Re: [manet] New AODVv2 draft and status Stan Ratliff
- Re: [manet] New AODVv2 draft and status Thomas Clausen
- Re: [manet] New AODVv2 draft and status Thomas Clausen
- Re: [manet] New AODVv2 draft and status Alvaro Retana (aretana)
- Re: [manet] New AODVv2 draft and status Jiazi YI
- Re: [manet] New AODVv2 draft and status John Dowdell
- Re: [manet] New AODVv2 draft and status Abdussalam Baryun
- Re: [manet] New AODVv2 draft and status John Dowdell
- Re: [manet] New AODVv2 draft and status Charlie Perkins
- Re: [manet] New AODVv2 draft and status Christopher Dearlove
- Re: [manet] New AODVv2 draft and status Jiazi YI
- Re: [manet] New AODVv2 draft and status Jiazi YI
- Re: [manet] New AODVv2 draft and status Charlie Perkins
- Re: [manet] New AODVv2 draft and status Thomas Heide Clausen
- Re: [manet] New AODVv2 draft and status Abdussalam Baryun
- Re: [manet] New AODVv2 draft and status Lotte Steenbrink