IETF Logo Mail Archive

Re: [manet] Security documents for OLSRv2/NHDP

"Adrian Farrel" <adrian@olddog.co.uk> Sat, 16 March 2013 22:42 UTC

Return-Path: <adrian@olddog.co.uk>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BC5121F86CD for <manet@ietfa.amsl.com>; Sat, 16 Mar 2013 15:42:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FL5pigzbnL6T for <manet@ietfa.amsl.com>; Sat, 16 Mar 2013 15:42:54 -0700 (PDT)
Received: from asmtp1.iomartmail.com (asmtp1.iomartmail.com [62.128.201.248]) by ietfa.amsl.com (Postfix) with ESMTP id 54FCC21F86C2 for <manet@ietf.org>; Sat, 16 Mar 2013 15:42:53 -0700 (PDT)
Received: from asmtp1.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp1.iomartmail.com (8.13.8/8.13.8) with ESMTP id r2GMgpa0013750; Sat, 16 Mar 2013 22:42:51 GMT
Received: from 950129200 (dhcp-4061.meeting.ietf.org [130.129.64.97]) (authenticated bits=0) by asmtp1.iomartmail.com (8.13.8/8.13.8) with ESMTP id r2GMgngn013729 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sat, 16 Mar 2013 22:42:51 GMT
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Abdussalam Baryun' <abdussalambaryun@gmail.com>, 'manet' <manet@ietf.org>
References: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com> <CADnDZ88vE=pAYKFPne=71qN1-rhbay2QC=hD6dSYEDkTdMhgdQ@mail.gmail.com> <D621FF09-1DD5-4205-9E81-4C129075E66B@gmail.com> <CADnDZ88hLjpUtvEJvJLonq3op7xtiUdEG+FUpyvBNVH7c9muvw@mail.gmail.com>
In-Reply-To: <CADnDZ88hLjpUtvEJvJLonq3op7xtiUdEG+FUpyvBNVH7c9muvw@mail.gmail.com>
Date: Sat, 16 Mar 2013 22:42:49 -0000
Message-ID: <005e01ce2297$97702bc0$c6508340$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIWzvssfdepCa1Xv6pKjVcSghf1xgEGH5LeAYEv6bYBE8sVapf6t4cQ
Content-Language: en-gb
Subject: Re: [manet] Security documents for OLSRv2/NHDP
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2013 22:42:55 -0000

Yes, I believe the plan is to add more security text to the OLSRv2 draft. The
choice of words is confusing :-)
"Update" has a general meaning: to update a draft means to make some revisions.
"Update" has a specific meaning: to update an RFC means to add a meta-data tag
formally noting that one RFC updates another.

Adrian

> -----Original Message-----
> From: manet-bounces@ietf.org [mailto:manet-bounces@ietf.org] On Behalf Of
> Abdussalam Baryun
> Sent: 16 March 2013 20:54
> To: manet
> Subject: Re: [manet] Security documents for OLSRv2/NHDP
> 
> I agreed to update of RFC6130 and have no objection of others, but
> want to discuss/ask.
> 
> If IESG-DISCUSS was about OLSRv2 document why the process was to
> update RFC6130 only? and if publication 1 mandates OLSRv2 messages,
> then IMO it needs to update OLSRv2 document as well, or do you mean
> the publication-3 is a new version -18 that includes the security of
> OLSRv2 messaging and refers to publication-1.
> 
> AB
> 
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> This message is owned by the author and sent to IETF MANET address and
> not sent to private mail-boxes. This message is an IETF input not
> private input.
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> On 3/15/13, Christopher Dearlove <christopher.dearlove@googlemail.com>
> wrote:
> > OLSRv2 will reference this draft, and therefore it's not an update in the
> > technical sense in which the term is being used here, as a formal update to
> > RFC 6130.
> >
> > On 15 Mar 2013, at 21:09, Abdussalam Baryun wrote:
> >
> >> Hi Ulrich,
> >>
> >> Do I understand that publication 1 updates both RFC6130 and OLSRv2, or
> >> do you mean only updates RFC6130,
> >>
> >> AB
> >> On 3/15/13, Ulrich Herberg <ulrich@herberg.name> wrote:
> >>> Dear all,
> >>>
> >>> The OLSRv2 authors have had a discussion with Stephen Farrell (Security
> >>> AD)
> >>> and Adrian about how to resolve the remaining security related DISCUSS
> >>> on OLSRv2, and we agreed on a way forward that involves the following
> >>> steps:
> >>>
> >>> 1) Publication of:
> >>> http://tools.ietf.org/html/draft-herberg-manet-nhdp-olsrv2-sec-01
> >>>
> >>> This document mandates (at least) implementation of HMAC/SHA2
> >>> integrity protection of OLSRv2 messages. Deployments of OLSRv2 should
> >>> use that mechanism unless they have a more appropriate solution (e.g.,
> >>> different cipher) for that particular deployment. This document also
> >>> updates NHDP and mandates to implement the same HMAC/SHA2
> protection
> >>> for HELLO messages.
> >>>
> >>> 2) Publication of:
> >>> http://tools.ietf.org/html/draft-herberg-manet-rfc6622-bis-01
> >>>
> >>> This document obsoletes RFC6622bis by fixing an oversight in RFC6622.
> >>> The differences are minor to RFC6622 and can be seen here:
> >>> http://tools.ietf.org/rfcdiff?url1=rfc6622&url2=draft-herberg-manet-
> rfc6622-bis
> >>> Essentially, RFC6622 does not protect the IP source address of the
> >>> interface over which the control message is sent. Since that address
> >>> is used to establish neighbors in NHDP (and therefore must be
> >>> protected), a new type extension 3 of the ICV TLV has been added to
> >>> the registry.
> >>>
> >>> 3) Publication of an update to OLSRv2, referencing the use of the
> >>> defined security mechanism, and resolving other smaller issues from
> >>> Stephen's DISCUSS.
> >>>
> >>> In order to not hold up OLSRv2 further, and upon discussions with Stan
> >>> and Adrian, we would like to request WG adoption of these two new
> >>> documents - asking that the chairs will officially poll the WG on this
> >>> matter shortly. The documents are brief, and addresses issues
> >>> requested by the ADs, so we hope that processing them should also be a
> >>> brief affair.
> >>>
> >>> Best regards
> >>> Ulrich
> >>> _______________________________________________
> >>> manet mailing list
> >>> manet@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/manet
> >>>
> >> _______________________________________________
> >> manet mailing list
> >> manet@ietf.org
> >> https://www.ietf.org/mailman/listinfo/manet
> >
> >
> _______________________________________________
> manet mailing list
> manet@ietf.org
> https://www.ietf.org/mailman/listinfo/manet

v2.23.0 | Report a Bug | By Email