Re: [manet] Security documents for OLSRv2/NHDP
Christopher Dearlove <christopher.dearlove@googlemail.com> Fri, 15 March 2013 21:19 UTC
Return-Path: <christopher.dearlove@googlemail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27D4121F8A04 for <manet@ietfa.amsl.com>; Fri, 15 Mar 2013 14:19:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n4ZHF5oX1418 for <manet@ietfa.amsl.com>; Fri, 15 Mar 2013 14:19:49 -0700 (PDT)
Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com [IPv6:2a00:1450:400c:c05::232]) by ietfa.amsl.com (Postfix) with ESMTP id 62F7221F89B5 for <manet@ietf.org>; Fri, 15 Mar 2013 14:19:49 -0700 (PDT)
Received: by mail-wi0-f178.google.com with SMTP id hq4so942461wib.11 for <manet@ietf.org>; Fri, 15 Mar 2013 14:19:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=x-received:subject:mime-version:content-type:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=ioundPCbPmjpzL3+9STGQXOXG/yBxkeNJDVae04wdFw=; b=dIV8o+R7nHtBfqp5wN1h56GUgignTASL/sk3k2kyVJBHuPuooHoqlxBkRCP9aLg3vj QIe7fXrDXjOB7ooUbmY7qEkWAiZtpztu6DCANMAdj8uu2rxl/leQhP+33W8amywVJClS 3xCz6pGasLdFpZQB4M7KcWuQ3tD35pD2Y+yorclmHOFVyqWwuDwgmPDiW6mTpQmJzaBb n0DvGVFugnqWSuekyx6M44GXNHxjJ3PVTZ3SbxGaGfoWwUMFxAj7gVb3pHldTYQxmq86 vixUBQgCF1o0ATq5UCmTyHv7mV2lm39JmBVyI6FMfaETZqAnWpb3Eri3a2AYSih6iSvo AuNQ==
X-Received: by 10.180.85.97 with SMTP id g1mr5566416wiz.29.1363382388591; Fri, 15 Mar 2013 14:19:48 -0700 (PDT)
Received: from [192.168.254.1] (mnemosyne.demon.co.uk. [62.49.16.209]) by mx.google.com with ESMTPS id j4sm181319wiz.10.2013.03.15.14.19.47 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 15 Mar 2013 14:19:47 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="us-ascii"
From: Christopher Dearlove <christopher.dearlove@googlemail.com>
In-Reply-To: <CADnDZ88vE=pAYKFPne=71qN1-rhbay2QC=hD6dSYEDkTdMhgdQ@mail.gmail.com>
Date: Fri, 15 Mar 2013 21:19:45 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <D621FF09-1DD5-4205-9E81-4C129075E66B@gmail.com>
References: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com> <CADnDZ88vE=pAYKFPne=71qN1-rhbay2QC=hD6dSYEDkTdMhgdQ@mail.gmail.com>
To: Abdussalam Baryun <abdussalambaryun@gmail.com>
X-Mailer: Apple Mail (2.1283)
Cc: Christopher Dearlove <chris.dearlove@baesystems.com>, manet@ietf.org, Thomas Clausen <thomas@thomasclausen.org>
Subject: Re: [manet] Security documents for OLSRv2/NHDP
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2013 21:19:50 -0000
OLSRv2 will reference this draft, and therefore it's not an update in the technical sense in which the term is being used here, as a formal update to RFC 6130. On 15 Mar 2013, at 21:09, Abdussalam Baryun wrote: > Hi Ulrich, > > Do I understand that publication 1 updates both RFC6130 and OLSRv2, or > do you mean only updates RFC6130, > > AB > On 3/15/13, Ulrich Herberg <ulrich@herberg.name> wrote: >> Dear all, >> >> The OLSRv2 authors have had a discussion with Stephen Farrell (Security AD) >> and Adrian about how to resolve the remaining security related DISCUSS >> on OLSRv2, and we agreed on a way forward that involves the following >> steps: >> >> 1) Publication of: >> http://tools.ietf.org/html/draft-herberg-manet-nhdp-olsrv2-sec-01 >> >> This document mandates (at least) implementation of HMAC/SHA2 >> integrity protection of OLSRv2 messages. Deployments of OLSRv2 should >> use that mechanism unless they have a more appropriate solution (e.g., >> different cipher) for that particular deployment. This document also >> updates NHDP and mandates to implement the same HMAC/SHA2 protection >> for HELLO messages. >> >> 2) Publication of: >> http://tools.ietf.org/html/draft-herberg-manet-rfc6622-bis-01 >> >> This document obsoletes RFC6622bis by fixing an oversight in RFC6622. >> The differences are minor to RFC6622 and can be seen here: >> http://tools.ietf.org/rfcdiff?url1=rfc6622&url2=draft-herberg-manet-rfc6622-bis >> Essentially, RFC6622 does not protect the IP source address of the >> interface over which the control message is sent. Since that address >> is used to establish neighbors in NHDP (and therefore must be >> protected), a new type extension 3 of the ICV TLV has been added to >> the registry. >> >> 3) Publication of an update to OLSRv2, referencing the use of the >> defined security mechanism, and resolving other smaller issues from >> Stephen's DISCUSS. >> >> In order to not hold up OLSRv2 further, and upon discussions with Stan >> and Adrian, we would like to request WG adoption of these two new >> documents - asking that the chairs will officially poll the WG on this >> matter shortly. The documents are brief, and addresses issues >> requested by the ADs, so we hope that processing them should also be a >> brief affair. >> >> Best regards >> Ulrich >> _______________________________________________ >> manet mailing list >> manet@ietf.org >> https://www.ietf.org/mailman/listinfo/manet >> > _______________________________________________ > manet mailing list > manet@ietf.org > https://www.ietf.org/mailman/listinfo/manet
- [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun
- Re: [manet] Security documents for OLSRv2/NHDP Adrian Farrel
- Re: [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Dearlove, Christopher (UK)
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Henning Rogge
- Re: [manet] Security documents for OLSRv2/NHDP Henning Rogge
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun