Re: [manet] Security documents for OLSRv2/NHDP
Abdussalam Baryun <abdussalambaryun@gmail.com> Fri, 15 March 2013 21:09 UTC
Return-Path: <abdussalambaryun@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CFB921F848B for <manet@ietfa.amsl.com>; Fri, 15 Mar 2013 14:09:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IjR51EDoCMKT for <manet@ietfa.amsl.com>; Fri, 15 Mar 2013 14:09:04 -0700 (PDT)
Received: from mail-pd0-f170.google.com (mail-pd0-f170.google.com [209.85.192.170]) by ietfa.amsl.com (Postfix) with ESMTP id 1C18621F848D for <manet@ietf.org>; Fri, 15 Mar 2013 14:09:04 -0700 (PDT)
Received: by mail-pd0-f170.google.com with SMTP id 4so305143pdd.1 for <manet@ietf.org>; Fri, 15 Mar 2013 14:09:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=WteUudopbzxK9FXi3spxVemsMjk1X3XamHEwDqGQsvw=; b=SngFluZg7CPAi27oM3nhy9j3DkOZ/Pu99m/y6yM8PgssUIqjNsgj8e+hfIpVxa+smR 35ZnIadbO/yMtO3maKIIOyGhNlX9YSruXZxBn6bMwzf0XN7mJEqnL0In0jD+d7S3vc1V 7S7Us3QsS0LbW0heflQHtJBoMWvZUQxoK4lTgUj+Ps8dlXEsKhclCBAqFndUYjqXPhJQ VUfzhy5cAyHKoAL8W7h98r6OkB4yNy4JoRvarVUj184Dj+niaprm6tYijBYcXRGPr+sh GAByXH3r1S1nkRf83wfAEdv2pA53dAZETRFPHw/FIpwxk1iz8Pbsj4/LG+LfY1KJYxRq n+bQ==
MIME-Version: 1.0
X-Received: by 10.68.25.42 with SMTP id z10mr19414545pbf.113.1363381743629; Fri, 15 Mar 2013 14:09:03 -0700 (PDT)
Received: by 10.68.33.132 with HTTP; Fri, 15 Mar 2013 14:09:03 -0700 (PDT)
In-Reply-To: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com>
References: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com>
Date: Fri, 15 Mar 2013 22:09:03 +0100
Message-ID: <CADnDZ88vE=pAYKFPne=71qN1-rhbay2QC=hD6dSYEDkTdMhgdQ@mail.gmail.com>
From: Abdussalam Baryun <abdussalambaryun@gmail.com>
To: Ulrich Herberg <ulrich@herberg.name>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: Christopher Dearlove <chris.dearlove@baesystems.com>, manet@ietf.org, Thomas Clausen <thomas@thomasclausen.org>
Subject: Re: [manet] Security documents for OLSRv2/NHDP
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2013 21:09:04 -0000
Hi Ulrich, Do I understand that publication 1 updates both RFC6130 and OLSRv2, or do you mean only updates RFC6130, AB On 3/15/13, Ulrich Herberg <ulrich@herberg.name> wrote: > Dear all, > > The OLSRv2 authors have had a discussion with Stephen Farrell (Security AD) > and Adrian about how to resolve the remaining security related DISCUSS > on OLSRv2, and we agreed on a way forward that involves the following > steps: > > 1) Publication of: > http://tools.ietf.org/html/draft-herberg-manet-nhdp-olsrv2-sec-01 > > This document mandates (at least) implementation of HMAC/SHA2 > integrity protection of OLSRv2 messages. Deployments of OLSRv2 should > use that mechanism unless they have a more appropriate solution (e.g., > different cipher) for that particular deployment. This document also > updates NHDP and mandates to implement the same HMAC/SHA2 protection > for HELLO messages. > > 2) Publication of: > http://tools.ietf.org/html/draft-herberg-manet-rfc6622-bis-01 > > This document obsoletes RFC6622bis by fixing an oversight in RFC6622. > The differences are minor to RFC6622 and can be seen here: > http://tools.ietf.org/rfcdiff?url1=rfc6622&url2=draft-herberg-manet-rfc6622-bis > Essentially, RFC6622 does not protect the IP source address of the > interface over which the control message is sent. Since that address > is used to establish neighbors in NHDP (and therefore must be > protected), a new type extension 3 of the ICV TLV has been added to > the registry. > > 3) Publication of an update to OLSRv2, referencing the use of the > defined security mechanism, and resolving other smaller issues from > Stephen's DISCUSS. > > In order to not hold up OLSRv2 further, and upon discussions with Stan > and Adrian, we would like to request WG adoption of these two new > documents - asking that the chairs will officially poll the WG on this > matter shortly. The documents are brief, and addresses issues > requested by the ADs, so we hope that processing them should also be a > brief affair. > > Best regards > Ulrich > _______________________________________________ > manet mailing list > manet@ietf.org > https://www.ietf.org/mailman/listinfo/manet >
- [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun
- Re: [manet] Security documents for OLSRv2/NHDP Adrian Farrel
- Re: [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Dearlove, Christopher (UK)
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Henning Rogge
- Re: [manet] Security documents for OLSRv2/NHDP Henning Rogge
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun