Re: [manet] Security documents for OLSRv2/NHDP
"Adrian Farrel" <adrian@olddog.co.uk> Sat, 16 March 2013 22:42 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BC5121F86CD for <manet@ietfa.amsl.com>; Sat, 16 Mar 2013 15:42:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FL5pigzbnL6T for <manet@ietfa.amsl.com>; Sat, 16 Mar 2013 15:42:54 -0700 (PDT)
Received: from asmtp1.iomartmail.com (asmtp1.iomartmail.com [62.128.201.248]) by ietfa.amsl.com (Postfix) with ESMTP id 54FCC21F86C2 for <manet@ietf.org>; Sat, 16 Mar 2013 15:42:53 -0700 (PDT)
Received: from asmtp1.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp1.iomartmail.com (8.13.8/8.13.8) with ESMTP id r2GMgpa0013750; Sat, 16 Mar 2013 22:42:51 GMT
Received: from 950129200 (dhcp-4061.meeting.ietf.org [130.129.64.97]) (authenticated bits=0) by asmtp1.iomartmail.com (8.13.8/8.13.8) with ESMTP id r2GMgngn013729 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sat, 16 Mar 2013 22:42:51 GMT
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Abdussalam Baryun' <abdussalambaryun@gmail.com>, 'manet' <manet@ietf.org>
References: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com> <CADnDZ88vE=pAYKFPne=71qN1-rhbay2QC=hD6dSYEDkTdMhgdQ@mail.gmail.com> <D621FF09-1DD5-4205-9E81-4C129075E66B@gmail.com> <CADnDZ88hLjpUtvEJvJLonq3op7xtiUdEG+FUpyvBNVH7c9muvw@mail.gmail.com>
In-Reply-To: <CADnDZ88hLjpUtvEJvJLonq3op7xtiUdEG+FUpyvBNVH7c9muvw@mail.gmail.com>
Date: Sat, 16 Mar 2013 22:42:49 -0000
Message-ID: <005e01ce2297$97702bc0$c6508340$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIWzvssfdepCa1Xv6pKjVcSghf1xgEGH5LeAYEv6bYBE8sVapf6t4cQ
Content-Language: en-gb
Subject: Re: [manet] Security documents for OLSRv2/NHDP
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2013 22:42:55 -0000
Yes, I believe the plan is to add more security text to the OLSRv2 draft. The choice of words is confusing :-) "Update" has a general meaning: to update a draft means to make some revisions. "Update" has a specific meaning: to update an RFC means to add a meta-data tag formally noting that one RFC updates another. Adrian > -----Original Message----- > From: manet-bounces@ietf.org [mailto:manet-bounces@ietf.org] On Behalf Of > Abdussalam Baryun > Sent: 16 March 2013 20:54 > To: manet > Subject: Re: [manet] Security documents for OLSRv2/NHDP > > I agreed to update of RFC6130 and have no objection of others, but > want to discuss/ask. > > If IESG-DISCUSS was about OLSRv2 document why the process was to > update RFC6130 only? and if publication 1 mandates OLSRv2 messages, > then IMO it needs to update OLSRv2 document as well, or do you mean > the publication-3 is a new version -18 that includes the security of > OLSRv2 messaging and refers to publication-1. > > AB > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > This message is owned by the author and sent to IETF MANET address and > not sent to private mail-boxes. This message is an IETF input not > private input. > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > On 3/15/13, Christopher Dearlove <christopher.dearlove@googlemail.com> > wrote: > > OLSRv2 will reference this draft, and therefore it's not an update in the > > technical sense in which the term is being used here, as a formal update to > > RFC 6130. > > > > On 15 Mar 2013, at 21:09, Abdussalam Baryun wrote: > > > >> Hi Ulrich, > >> > >> Do I understand that publication 1 updates both RFC6130 and OLSRv2, or > >> do you mean only updates RFC6130, > >> > >> AB > >> On 3/15/13, Ulrich Herberg <ulrich@herberg.name> wrote: > >>> Dear all, > >>> > >>> The OLSRv2 authors have had a discussion with Stephen Farrell (Security > >>> AD) > >>> and Adrian about how to resolve the remaining security related DISCUSS > >>> on OLSRv2, and we agreed on a way forward that involves the following > >>> steps: > >>> > >>> 1) Publication of: > >>> http://tools.ietf.org/html/draft-herberg-manet-nhdp-olsrv2-sec-01 > >>> > >>> This document mandates (at least) implementation of HMAC/SHA2 > >>> integrity protection of OLSRv2 messages. Deployments of OLSRv2 should > >>> use that mechanism unless they have a more appropriate solution (e.g., > >>> different cipher) for that particular deployment. This document also > >>> updates NHDP and mandates to implement the same HMAC/SHA2 > protection > >>> for HELLO messages. > >>> > >>> 2) Publication of: > >>> http://tools.ietf.org/html/draft-herberg-manet-rfc6622-bis-01 > >>> > >>> This document obsoletes RFC6622bis by fixing an oversight in RFC6622. > >>> The differences are minor to RFC6622 and can be seen here: > >>> http://tools.ietf.org/rfcdiff?url1=rfc6622&url2=draft-herberg-manet- > rfc6622-bis > >>> Essentially, RFC6622 does not protect the IP source address of the > >>> interface over which the control message is sent. Since that address > >>> is used to establish neighbors in NHDP (and therefore must be > >>> protected), a new type extension 3 of the ICV TLV has been added to > >>> the registry. > >>> > >>> 3) Publication of an update to OLSRv2, referencing the use of the > >>> defined security mechanism, and resolving other smaller issues from > >>> Stephen's DISCUSS. > >>> > >>> In order to not hold up OLSRv2 further, and upon discussions with Stan > >>> and Adrian, we would like to request WG adoption of these two new > >>> documents - asking that the chairs will officially poll the WG on this > >>> matter shortly. The documents are brief, and addresses issues > >>> requested by the ADs, so we hope that processing them should also be a > >>> brief affair. > >>> > >>> Best regards > >>> Ulrich > >>> _______________________________________________ > >>> manet mailing list > >>> manet@ietf.org > >>> https://www.ietf.org/mailman/listinfo/manet > >>> > >> _______________________________________________ > >> manet mailing list > >> manet@ietf.org > >> https://www.ietf.org/mailman/listinfo/manet > > > > > _______________________________________________ > manet mailing list > manet@ietf.org > https://www.ietf.org/mailman/listinfo/manet
- [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun
- Re: [manet] Security documents for OLSRv2/NHDP Adrian Farrel
- Re: [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Dearlove, Christopher (UK)
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Henning Rogge
- Re: [manet] Security documents for OLSRv2/NHDP Henning Rogge
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun