IETF Logo Mail Archive

Re: [manet] Security documents for OLSRv2/NHDP

"Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com> Mon, 18 March 2013 11:41 UTC

Return-Path: <Chris.Dearlove@baesystems.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4416B21F8CF3 for <manet@ietfa.amsl.com>; Mon, 18 Mar 2013 04:41:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32DCVhvoCZtk for <manet@ietfa.amsl.com>; Mon, 18 Mar 2013 04:41:42 -0700 (PDT)
Received: from ukmta1.baesystems.com (ukmta1.baesystems.com [20.133.0.55]) by ietfa.amsl.com (Postfix) with ESMTP id 7BC0E21F8CEF for <manet@ietf.org>; Mon, 18 Mar 2013 04:41:41 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.84,863,1355097600"; d="scan'208";a="320680511"
Received: from unknown (HELO baemasmds010.greenlnk.net) ([141.245.68.247]) by baemasmds003ir.sharelnk.net with ESMTP; 18 Mar 2013 11:41:40 +0000
Received: from baemasmds017.greenlnk.net ([10.15.207.104]) by baemasmds010.greenlnk.net (Switch-3.4.4/Switch-3.4.4) with ESMTP id r2IBfdjF019651 for <manet@ietf.org>; Mon, 18 Mar 2013 11:41:39 GMT
X-IronPort-AV: E=Sophos;i="4.84,863,1355097600"; d="scan'208";a="10884911"
Received: from glkxh0001v.greenlnk.net ([10.109.2.32]) by baemasmds017.greenlnk.net with ESMTP; 18 Mar 2013 11:41:38 +0000
Received: from GLKXM0002V.GREENLNK.net ([169.254.2.173]) by GLKXH0001V.GREENLNK.net ([10.109.2.32]) with mapi id 14.02.0328.009; Mon, 18 Mar 2013 11:41:38 +0000
From: "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>
To: Ulrich Herberg <ulrich@herberg.name>, "adrian@olddog.co.uk" <adrian@olddog.co.uk>
Thread-Topic: [manet] Security documents for OLSRv2/NHDP
Thread-Index: AQHOIaWw8dKPX6XC70KiDN5H0c0zsJinP1iAgAAC/oCAAYsagIAAHnCAgAAR3ACAAlnQYA==
Date: Mon, 18 Mar 2013 11:41:38 +0000
Message-ID: <B31EEDDDB8ED7E4A93FDF12A4EECD30D2503E935@GLKXM0002V.GREENLNK.net>
References: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com> <CADnDZ88vE=pAYKFPne=71qN1-rhbay2QC=hD6dSYEDkTdMhgdQ@mail.gmail.com> <D621FF09-1DD5-4205-9E81-4C129075E66B@gmail.com> <CADnDZ88hLjpUtvEJvJLonq3op7xtiUdEG+FUpyvBNVH7c9muvw@mail.gmail.com> <005e01ce2297$97702bc0$c6508340$@olddog.co.uk> <CAK=bVC8V0qEHGQ_QNkBOMzJHoRGGShjv8z=LdA35SUyWqCfo0A@mail.gmail.com>
In-Reply-To: <CAK=bVC8V0qEHGQ_QNkBOMzJHoRGGShjv8z=LdA35SUyWqCfo0A@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.109.62.6]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: manet <manet@ietf.org>
Subject: Re: [manet] Security documents for OLSRv2/NHDP
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2013 11:41:43 -0000

The new versions are now submitted. OLSRv2 security (integrity) is at -02, RFC6622bis is at -02 and OLSRv2 is at -18.

-- 
Christopher Dearlove
Senior Principal Engineer, Communications Group
Communications, Networks and Image Analysis Capability
BAE Systems Advanced Technology Centre
West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK
Tel: +44 1245 242194 |  Fax: +44 1245 242124
chris.dearlove@baesystems.com | http://www.baesystems.com

BAE Systems (Operations) Limited
Registered Office: Warwick House, PO Box 87, Farnborough Aerospace Centre, Farnborough, Hants, GU14 6YU, UK
Registered in England & Wales No: 1996687


-----Original Message-----
From: manet-bounces@ietf.org [mailto:manet-bounces@ietf.org] On Behalf Of Ulrich Herberg
Sent: 16 March 2013 23:47
To: adrian@olddog.co.uk
Cc: manet
Subject: Re: [manet] Security documents for OLSRv2/NHDP

----------------------! WARNING ! ----------------------
This message originates from outside our organisation,
either from an external partner or from the internet.
Keep this in mind if you answer this message.
Follow the 'Report Suspicious Emails' link on IT matters
for instructions on reporting suspicious email messages.
--------------------------------------------------------

AB,

we specified a integrity and replay security protection for OLSRv2, as
requested by Stephen. We could have added that directly in OLSRv2, but
since NHDP uses the same security mechanism, that would have been a
copy of the same text. So we decided to specify the mechanism in a new
draft, which is normatively referenced by OLSRv2, e.g.:
"A conformant implementation of OLSRv2 MUST, at minimum, implement the
security mechanisms specified in [draft-herberg-manet-nhdp-olsrv2-sec]
..."
At the same time this new draft "updates" (in the IETF sense) NHDP by
mandating to implement the security mechanism.

The new OLSRv2 revision (as well as new revisions of the two security
drafts) will be submitted in the next few days, we are just doing
final reviews amongst the authors.

Best regards
Ulrich


On Sat, Mar 16, 2013 at 6:42 PM, Adrian Farrel <adrian@olddog.co.uk> wrote:
> Yes, I believe the plan is to add more security text to the OLSRv2 draft. The
> choice of words is confusing :-)
> "Update" has a general meaning: to update a draft means to make some revisions.
> "Update" has a specific meaning: to update an RFC means to add a meta-data tag
> formally noting that one RFC updates another.
>
> Adrian
>
>> -----Original Message-----
>> From: manet-bounces@ietf.org [mailto:manet-bounces@ietf.org] On Behalf Of
>> Abdussalam Baryun
>> Sent: 16 March 2013 20:54
>> To: manet
>> Subject: Re: [manet] Security documents for OLSRv2/NHDP
>>
>> I agreed to update of RFC6130 and have no objection of others, but
>> want to discuss/ask.
>>
>> If IESG-DISCUSS was about OLSRv2 document why the process was to
>> update RFC6130 only? and if publication 1 mandates OLSRv2 messages,
>> then IMO it needs to update OLSRv2 document as well, or do you mean
>> the publication-3 is a new version -18 that includes the security of
>> OLSRv2 messaging and refers to publication-1.
>>
>> AB
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> This message is owned by the author and sent to IETF MANET address and
>> not sent to private mail-boxes. This message is an IETF input not
>> private input.
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>> On 3/15/13, Christopher Dearlove <christopher.dearlove@googlemail.com>
>> wrote:
>> > OLSRv2 will reference this draft, and therefore it's not an update in the
>> > technical sense in which the term is being used here, as a formal update to
>> > RFC 6130.
>> >
>> > On 15 Mar 2013, at 21:09, Abdussalam Baryun wrote:
>> >
>> >> Hi Ulrich,
>> >>
>> >> Do I understand that publication 1 updates both RFC6130 and OLSRv2, or
>> >> do you mean only updates RFC6130,
>> >>
>> >> AB
>> >> On 3/15/13, Ulrich Herberg <ulrich@herberg.name> wrote:
>> >>> Dear all,
>> >>>
>> >>> The OLSRv2 authors have had a discussion with Stephen Farrell (Security
>> >>> AD)
>> >>> and Adrian about how to resolve the remaining security related DISCUSS
>> >>> on OLSRv2, and we agreed on a way forward that involves the following
>> >>> steps:
>> >>>
>> >>> 1) Publication of:
>> >>> http://tools.ietf.org/html/draft-herberg-manet-nhdp-olsrv2-sec-01
>> >>>
>> >>> This document mandates (at least) implementation of HMAC/SHA2
>> >>> integrity protection of OLSRv2 messages. Deployments of OLSRv2 should
>> >>> use that mechanism unless they have a more appropriate solution (e.g.,
>> >>> different cipher) for that particular deployment. This document also
>> >>> updates NHDP and mandates to implement the same HMAC/SHA2
>> protection
>> >>> for HELLO messages.
>> >>>
>> >>> 2) Publication of:
>> >>> http://tools.ietf.org/html/draft-herberg-manet-rfc6622-bis-01
>> >>>
>> >>> This document obsoletes RFC6622bis by fixing an oversight in RFC6622.
>> >>> The differences are minor to RFC6622 and can be seen here:
>> >>> http://tools.ietf.org/rfcdiff?url1=rfc6622&url2=draft-herberg-manet-
>> rfc6622-bis
>> >>> Essentially, RFC6622 does not protect the IP source address of the
>> >>> interface over which the control message is sent. Since that address
>> >>> is used to establish neighbors in NHDP (and therefore must be
>> >>> protected), a new type extension 3 of the ICV TLV has been added to
>> >>> the registry.
>> >>>
>> >>> 3) Publication of an update to OLSRv2, referencing the use of the
>> >>> defined security mechanism, and resolving other smaller issues from
>> >>> Stephen's DISCUSS.
>> >>>
>> >>> In order to not hold up OLSRv2 further, and upon discussions with Stan
>> >>> and Adrian, we would like to request WG adoption of these two new
>> >>> documents - asking that the chairs will officially poll the WG on this
>> >>> matter shortly. The documents are brief, and addresses issues
>> >>> requested by the ADs, so we hope that processing them should also be a
>> >>> brief affair.
>> >>>
>> >>> Best regards
>> >>> Ulrich
>> >>> _______________________________________________
>> >>> manet mailing list
>> >>> manet@ietf.org
>> >>> https://www.ietf.org/mailman/listinfo/manet
>> >>>
>> >> _______________________________________________
>> >> manet mailing list
>> >> manet@ietf.org
>> >> https://www.ietf.org/mailman/listinfo/manet
>> >
>> >
>> _______________________________________________
>> manet mailing list
>> manet@ietf.org
>> https://www.ietf.org/mailman/listinfo/manet
>
> _______________________________________________
> manet mailing list
> manet@ietf.org
> https://www.ietf.org/mailman/listinfo/manet
_______________________________________________
manet mailing list
manet@ietf.org
https://www.ietf.org/mailman/listinfo/manet


********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************

v2.23.0 | Report a Bug | By Email