IETF Logo Mail Archive

Re: [manet] Security documents for OLSRv2/NHDP

Christopher Dearlove <christopher.dearlove@googlemail.com> Fri, 15 March 2013 21:19 UTC

Return-Path: <christopher.dearlove@googlemail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27D4121F8A04 for <manet@ietfa.amsl.com>; Fri, 15 Mar 2013 14:19:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n4ZHF5oX1418 for <manet@ietfa.amsl.com>; Fri, 15 Mar 2013 14:19:49 -0700 (PDT)
Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com [IPv6:2a00:1450:400c:c05::232]) by ietfa.amsl.com (Postfix) with ESMTP id 62F7221F89B5 for <manet@ietf.org>; Fri, 15 Mar 2013 14:19:49 -0700 (PDT)
Received: by mail-wi0-f178.google.com with SMTP id hq4so942461wib.11 for <manet@ietf.org>; Fri, 15 Mar 2013 14:19:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=x-received:subject:mime-version:content-type:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=ioundPCbPmjpzL3+9STGQXOXG/yBxkeNJDVae04wdFw=; b=dIV8o+R7nHtBfqp5wN1h56GUgignTASL/sk3k2kyVJBHuPuooHoqlxBkRCP9aLg3vj QIe7fXrDXjOB7ooUbmY7qEkWAiZtpztu6DCANMAdj8uu2rxl/leQhP+33W8amywVJClS 3xCz6pGasLdFpZQB4M7KcWuQ3tD35pD2Y+yorclmHOFVyqWwuDwgmPDiW6mTpQmJzaBb n0DvGVFugnqWSuekyx6M44GXNHxjJ3PVTZ3SbxGaGfoWwUMFxAj7gVb3pHldTYQxmq86 vixUBQgCF1o0ATq5UCmTyHv7mV2lm39JmBVyI6FMfaETZqAnWpb3Eri3a2AYSih6iSvo AuNQ==
X-Received: by 10.180.85.97 with SMTP id g1mr5566416wiz.29.1363382388591; Fri, 15 Mar 2013 14:19:48 -0700 (PDT)
Received: from [192.168.254.1] (mnemosyne.demon.co.uk. [62.49.16.209]) by mx.google.com with ESMTPS id j4sm181319wiz.10.2013.03.15.14.19.47 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 15 Mar 2013 14:19:47 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="us-ascii"
From: Christopher Dearlove <christopher.dearlove@googlemail.com>
In-Reply-To: <CADnDZ88vE=pAYKFPne=71qN1-rhbay2QC=hD6dSYEDkTdMhgdQ@mail.gmail.com>
Date: Fri, 15 Mar 2013 21:19:45 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <D621FF09-1DD5-4205-9E81-4C129075E66B@gmail.com>
References: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com> <CADnDZ88vE=pAYKFPne=71qN1-rhbay2QC=hD6dSYEDkTdMhgdQ@mail.gmail.com>
To: Abdussalam Baryun <abdussalambaryun@gmail.com>
X-Mailer: Apple Mail (2.1283)
Cc: Christopher Dearlove <chris.dearlove@baesystems.com>, manet@ietf.org, Thomas Clausen <thomas@thomasclausen.org>
Subject: Re: [manet] Security documents for OLSRv2/NHDP
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2013 21:19:50 -0000

OLSRv2 will reference this draft, and therefore it's not an update in the technical sense in which the term is being used here, as a formal update to RFC 6130.

On 15 Mar 2013, at 21:09, Abdussalam Baryun wrote:

> Hi Ulrich,
> 
> Do I understand that publication 1 updates both RFC6130 and OLSRv2, or
> do you mean only updates RFC6130,
> 
> AB
> On 3/15/13, Ulrich Herberg <ulrich@herberg.name> wrote:
>> Dear all,
>> 
>> The OLSRv2 authors have had a discussion with Stephen Farrell (Security AD)
>> and Adrian about how to resolve the remaining security related DISCUSS
>> on OLSRv2, and we agreed on a way forward that involves the following
>> steps:
>> 
>> 1) Publication of:
>> http://tools.ietf.org/html/draft-herberg-manet-nhdp-olsrv2-sec-01
>> 
>> This document mandates (at least) implementation of HMAC/SHA2
>> integrity protection of OLSRv2 messages. Deployments of OLSRv2 should
>> use that mechanism unless they have a more appropriate solution (e.g.,
>> different cipher) for that particular deployment. This document also
>> updates NHDP and mandates to implement the same HMAC/SHA2 protection
>> for HELLO messages.
>> 
>> 2) Publication of:
>> http://tools.ietf.org/html/draft-herberg-manet-rfc6622-bis-01
>> 
>> This document obsoletes RFC6622bis by fixing an oversight in RFC6622.
>> The differences are minor to RFC6622 and can be seen here:
>> http://tools.ietf.org/rfcdiff?url1=rfc6622&url2=draft-herberg-manet-rfc6622-bis
>> Essentially, RFC6622 does not protect the IP source address of the
>> interface over which the control message is sent. Since that address
>> is used to establish neighbors in NHDP (and therefore must be
>> protected), a new type extension 3 of the ICV TLV has been added to
>> the registry.
>> 
>> 3) Publication of an update to OLSRv2, referencing the use of the
>> defined security mechanism, and resolving other smaller issues from
>> Stephen's DISCUSS.
>> 
>> In order to not hold up OLSRv2 further, and upon discussions with Stan
>> and Adrian, we would like to request WG adoption of these two new
>> documents - asking that the chairs will officially poll the WG on this
>> matter shortly. The documents are brief, and addresses issues
>> requested by the ADs, so we hope that processing them should also be a
>> brief affair.
>> 
>> Best regards
>> Ulrich
>> _______________________________________________
>> manet mailing list
>> manet@ietf.org
>> https://www.ietf.org/mailman/listinfo/manet
>> 
> _______________________________________________
> manet mailing list
> manet@ietf.org
> https://www.ietf.org/mailman/listinfo/manet

v2.23.0 | Report a Bug | By Email