IETF Logo Mail Archive

Re: [manet] Security documents for OLSRv2/NHDP

Abdussalam Baryun <abdussalambaryun@gmail.com> Fri, 15 March 2013 21:09 UTC

Return-Path: <abdussalambaryun@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CFB921F848B for <manet@ietfa.amsl.com>; Fri, 15 Mar 2013 14:09:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IjR51EDoCMKT for <manet@ietfa.amsl.com>; Fri, 15 Mar 2013 14:09:04 -0700 (PDT)
Received: from mail-pd0-f170.google.com (mail-pd0-f170.google.com [209.85.192.170]) by ietfa.amsl.com (Postfix) with ESMTP id 1C18621F848D for <manet@ietf.org>; Fri, 15 Mar 2013 14:09:04 -0700 (PDT)
Received: by mail-pd0-f170.google.com with SMTP id 4so305143pdd.1 for <manet@ietf.org>; Fri, 15 Mar 2013 14:09:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=WteUudopbzxK9FXi3spxVemsMjk1X3XamHEwDqGQsvw=; b=SngFluZg7CPAi27oM3nhy9j3DkOZ/Pu99m/y6yM8PgssUIqjNsgj8e+hfIpVxa+smR 35ZnIadbO/yMtO3maKIIOyGhNlX9YSruXZxBn6bMwzf0XN7mJEqnL0In0jD+d7S3vc1V 7S7Us3QsS0LbW0heflQHtJBoMWvZUQxoK4lTgUj+Ps8dlXEsKhclCBAqFndUYjqXPhJQ VUfzhy5cAyHKoAL8W7h98r6OkB4yNy4JoRvarVUj184Dj+niaprm6tYijBYcXRGPr+sh GAByXH3r1S1nkRf83wfAEdv2pA53dAZETRFPHw/FIpwxk1iz8Pbsj4/LG+LfY1KJYxRq n+bQ==
MIME-Version: 1.0
X-Received: by 10.68.25.42 with SMTP id z10mr19414545pbf.113.1363381743629; Fri, 15 Mar 2013 14:09:03 -0700 (PDT)
Received: by 10.68.33.132 with HTTP; Fri, 15 Mar 2013 14:09:03 -0700 (PDT)
In-Reply-To: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com>
References: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com>
Date: Fri, 15 Mar 2013 22:09:03 +0100
Message-ID: <CADnDZ88vE=pAYKFPne=71qN1-rhbay2QC=hD6dSYEDkTdMhgdQ@mail.gmail.com>
From: Abdussalam Baryun <abdussalambaryun@gmail.com>
To: Ulrich Herberg <ulrich@herberg.name>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: Christopher Dearlove <chris.dearlove@baesystems.com>, manet@ietf.org, Thomas Clausen <thomas@thomasclausen.org>
Subject: Re: [manet] Security documents for OLSRv2/NHDP
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2013 21:09:04 -0000

Hi Ulrich,

Do I understand that publication 1 updates both RFC6130 and OLSRv2, or
do you mean only updates RFC6130,

AB
On 3/15/13, Ulrich Herberg <ulrich@herberg.name> wrote:
> Dear all,
>
> The OLSRv2 authors have had a discussion with Stephen Farrell (Security AD)
> and Adrian about how to resolve the remaining security related DISCUSS
> on OLSRv2, and we agreed on a way forward that involves the following
> steps:
>
> 1) Publication of:
> http://tools.ietf.org/html/draft-herberg-manet-nhdp-olsrv2-sec-01
>
> This document mandates (at least) implementation of HMAC/SHA2
> integrity protection of OLSRv2 messages. Deployments of OLSRv2 should
> use that mechanism unless they have a more appropriate solution (e.g.,
> different cipher) for that particular deployment. This document also
> updates NHDP and mandates to implement the same HMAC/SHA2 protection
> for HELLO messages.
>
> 2) Publication of:
> http://tools.ietf.org/html/draft-herberg-manet-rfc6622-bis-01
>
> This document obsoletes RFC6622bis by fixing an oversight in RFC6622.
> The differences are minor to RFC6622 and can be seen here:
> http://tools.ietf.org/rfcdiff?url1=rfc6622&url2=draft-herberg-manet-rfc6622-bis
> Essentially, RFC6622 does not protect the IP source address of the
> interface over which the control message is sent. Since that address
> is used to establish neighbors in NHDP (and therefore must be
> protected), a new type extension 3 of the ICV TLV has been added to
> the registry.
>
> 3) Publication of an update to OLSRv2, referencing the use of the
> defined security mechanism, and resolving other smaller issues from
> Stephen's DISCUSS.
>
> In order to not hold up OLSRv2 further, and upon discussions with Stan
> and Adrian, we would like to request WG adoption of these two new
> documents - asking that the chairs will officially poll the WG on this
> matter shortly. The documents are brief, and addresses issues
> requested by the ADs, so we hope that processing them should also be a
> brief affair.
>
> Best regards
> Ulrich
> _______________________________________________
> manet mailing list
> manet@ietf.org
> https://www.ietf.org/mailman/listinfo/manet
>

v2.23.0 | Report a Bug | By Email