Re: [manet] Security documents for OLSRv2/NHDP
Abdussalam Baryun <abdussalambaryun@gmail.com> Sun, 24 March 2013 11:54 UTC
Return-Path: <abdussalambaryun@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E26E21F88ED for <manet@ietfa.amsl.com>; Sun, 24 Mar 2013 04:54:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.404
X-Spam-Level:
X-Spam-Status: No, score=-2.404 tagged_above=-999 required=5 tests=[AWL=-1.105, BAYES_00=-2.599, MANGLED_TOOL=2.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bBYoNXPfZpAu for <manet@ietfa.amsl.com>; Sun, 24 Mar 2013 04:54:34 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id C842821F88CF for <manet@ietf.org>; Sun, 24 Mar 2013 04:54:34 -0700 (PDT)
Received: by mail-pb0-f44.google.com with SMTP id wz17so255388pbc.17 for <manet@ietf.org>; Sun, 24 Mar 2013 04:54:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=4r7skQhouW6jC0E3RbQZnTcYqBwtgWORxYEjdsNPze0=; b=QeUdgIxMGJiZsUCSnowx3JDyG9tGte9Gr3OLtdFsUmRxfEd82wPG4vRGO8HxeyN/hQ Pxo2Gu8OjSzhsOuaMfdV6biTn1xzvZPrNKkXaoErCHedkE5Bc67eDau8WKpFxWJki5ZT YxMCLOrt6KCmXFqkjjqlVL2MaBvbwJYbd94K4WtYACZx1gtDR2jflLvo9RAVhRGZeNgq 7awtEQe3zEFCFfVKMi4S5wok2dLjFwYskL8kmibj8eIaCzIINclblaS2x9ozysb4Fiuw 2mv1BW/0HTVDJ0OxUiMi0N8mIqHLz1Ql6Zb+x8YE1mOf/gRPvrGGubMr0qNMQmr2U35q ryQA==
MIME-Version: 1.0
X-Received: by 10.68.245.202 with SMTP id xq10mr11951020pbc.163.1364126074510; Sun, 24 Mar 2013 04:54:34 -0700 (PDT)
Received: by 10.68.33.132 with HTTP; Sun, 24 Mar 2013 04:54:34 -0700 (PDT)
In-Reply-To: <CAK=bVC8W_x68ZWLPKmcnV27OEH9ocX6HJ-hos-010=wE2A07Vw@mail.gmail.com>
References: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com> <2ED1D3801ACAAB459FDB4EAC9EAD090C10053162@xmb-aln-x03.cisco.com> <2ED1D3801ACAAB459FDB4EAC9EAD090C10066D80@xmb-aln-x03.cisco.com> <75F201E8-8BD0-4BF7-95D9-A8A7D4352F6B@gmail.com> <CAK=bVC8W_x68ZWLPKmcnV27OEH9ocX6HJ-hos-010=wE2A07Vw@mail.gmail.com>
Date: Sun, 24 Mar 2013 12:54:34 +0100
Message-ID: <CADnDZ8_Cx4rnUe7wVjj3cP3gG3cHf1oOrP0HLiaVBsgFZ05h9w@mail.gmail.com>
From: Abdussalam Baryun <abdussalambaryun@gmail.com>
To: Ulrich Herberg <ulrich@herberg.name>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "Stan Ratliff (sratliff)" <sratliff@cisco.com>, Christopher Dearlove <chris.dearlove@baesystems.com>, "<manet@ietf.org>" <manet@ietf.org>, Thomas Clausen <thomas@thomasclausen.org>
Subject: Re: [manet] Security documents for OLSRv2/NHDP
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2013 11:54:35 -0000
> Therefore, I hope that we can initiate a first WG LC on both security > documents very soon. Please give me chance to review and comment, I will need one month at least but two preferable, for the new documents, AB On 3/24/13, Ulrich Herberg <ulrich@herberg.name> wrote: > Dear all, > > as you have seen, we have submitted the two documents as WG documents (with > the same contents as the individual counterparts), and we have updated them > to a -01 revision. > > Brief summary of changes (besides editorial changes) from -00 to -01: > 1) nhdp-olsrv2-sec: > - Stephen Farrell has caught one oversight in the OLSRv-18, which is > that we talk about "one single shared secret key" that is used in the > default use case of integrity and replay protection. As he pointed out, > there could be a small number of N shared keys that are all pre-deployed. > Using RFC6622-bis, it is straight-forward to select the index of the key > that is used within the MANET. > This led to a minimal update of both OLSRv2 and nhdp-olsrv2-sec > > 2) RFC6622-bis: > - Stephen suggested to normatively cite this document from OLSRv2 (it is > already transitively cited via nhdp-olsrv2-sec anyway). > - We added one subsection "changes to RFC6622" that describes the > differences to RFC6622 > > > The authors believe that the two security documents are stable. Note in > particular that > (i) nhdp-olsrv2-sec is the same mechanism that has been discussed in > draft-ietf-manet-nhdp-sec, just applied to both OLSRv2 and NHDP (and > updating RFC6130). nhdp-sec has been in the WG for a long time. > (ii) RFC6622-bis has the same specification as RFC6622 with the > exception of one additional type extension for the ICV TLV that has the > same TLV value structure, but includes the IP source address of the IP > datagram, when calculating the ICV. > (iii) OLSRv2-19 has normative references to both security documents; it > will not be published as RFC as long as these two documents are not > finished. > > Therefore, I hope that we can initiate a first WG LC on both security > documents very soon. > > Thanks > Ulrich > > > On Sat, Mar 23, 2013 at 12:04 PM, Christopher Dearlove < > christopher.dearlove@googlemail.com> wrote: > >> Thanks, Stan. >> >> -- >> Christopher Dearlove >> christopher.dearlove@gmail.com (iPhone) >> chris@mnemosyne.demon.co.uk (home) >> >> On 23 Mar 2013, at 18:57, "Stan Ratliff (sratliff)" <sratliff@cisco.com> >> wrote: >> >> > WG Participants: >> > >> > The polling period has passed, *without* negative opinions on accepting >> the documents as WG documents. Therefore, they have been submitted via >> the >> data-tracker, and you should get email on their posting. >> > >> > Regards, >> > Stan >> > >> > On Mar 15, 2013, at 3:04 PM, Stan Ratliff (sratliff) wrote: >> > >> >> Ulrich, >> >> >> >> Thanks for this email. OK, Working Group participants: Consider this a >> 1-week poll for adoption of these docs as WG documents. Polling period >> ends >> March 22. And, silence will be deemed to be agreement that the documents >> *should be* accepted as WG docs. >> >> >> >> Regards, >> >> Stan >> >> >> >> On Mar 15, 2013, at 1:51 PM, Ulrich Herberg wrote: >> >> >> >>> Dear all, >> >>> >> >>> The OLSRv2 authors have had a discussion with Stephen Farrell >> (Security AD) >> >>> and Adrian about how to resolve the remaining security related >> >>> DISCUSS >> >>> on OLSRv2, and we agreed on a way forward that involves the following >> >>> steps: >> >>> >> >>> 1) Publication of: >> >>> http://tools.ietf.org/html/draft-herberg-manet-nhdp-olsrv2-sec-01 >> >>> >> >>> This document mandates (at least) implementation of HMAC/SHA2 >> >>> integrity protection of OLSRv2 messages. Deployments of OLSRv2 should >> >>> use that mechanism unless they have a more appropriate solution >> >>> (e.g., >> >>> different cipher) for that particular deployment. This document also >> >>> updates NHDP and mandates to implement the same HMAC/SHA2 protection >> >>> for HELLO messages. >> >>> >> >>> 2) Publication of: >> >>> http://tools.ietf.org/html/draft-herberg-manet-rfc6622-bis-01 >> >>> >> >>> This document obsoletes RFC6622bis by fixing an oversight in RFC6622. >> >>> The differences are minor to RFC6622 and can be seen here: >> >>> >> http://tools.ietf.org/rfcdiff?url1=rfc6622&url2=draft-herberg-manet-rfc6622-bis >> >>> Essentially, RFC6622 does not protect the IP source address of the >> >>> interface over which the control message is sent. Since that address >> >>> is used to establish neighbors in NHDP (and therefore must be >> >>> protected), a new type extension 3 of the ICV TLV has been added to >> >>> the registry. >> >>> >> >>> 3) Publication of an update to OLSRv2, referencing the use of the >> >>> defined security mechanism, and resolving other smaller issues from >> >>> Stephen's DISCUSS. >> >>> >> >>> In order to not hold up OLSRv2 further, and upon discussions with >> >>> Stan >> >>> and Adrian, we would like to request WG adoption of these two new >> >>> documents - asking that the chairs will officially poll the WG on >> >>> this >> >>> matter shortly. The documents are brief, and addresses issues >> >>> requested by the ADs, so we hope that processing them should also be >> >>> a >> >>> brief affair. >> >>> >> >>> Best regards >> >>> Ulrich >> >>> _______________________________________________ >> >>> manet mailing list >> >>> manet@ietf.org >> >>> https://www.ietf.org/mailman/listinfo/manet >> >> >> >> _______________________________________________ >> >> manet mailing list >> >> manet@ietf.org >> >> https://www.ietf.org/mailman/listinfo/manet >> > >> > _______________________________________________ >> > manet mailing list >> > manet@ietf.org >> > https://www.ietf.org/mailman/listinfo/manet >> >
- [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun
- Re: [manet] Security documents for OLSRv2/NHDP Adrian Farrel
- Re: [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Dearlove, Christopher (UK)
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Henning Rogge
- Re: [manet] Security documents for OLSRv2/NHDP Henning Rogge
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun