IETF Logo Mail Archive

Re: [manet] Alexey Melnikov's Discuss on draft-ietf-manet-dlep-26: (with DISCUSS and COMMENT)

Alexey Melnikov <aamelnikov@fastmail.fm> Thu, 15 December 2016 14:58 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B72ED1296C9; Thu, 15 Dec 2016 06:58:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastmail.fm header.b=qmdGogHm; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=XufwVQxY
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M8m9iZmM13PS; Thu, 15 Dec 2016 06:58:54 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E3741296C1; Thu, 15 Dec 2016 06:58:38 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 6B94B20768; Thu, 15 Dec 2016 09:58:37 -0500 (EST)
Received: from web5 ([10.202.2.215]) by compute7.internal (MEProxy); Thu, 15 Dec 2016 09:58:37 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.fm; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=mesmtp; bh=pkAHtJNa3iDLQkkVePZrTiJ+qz w=; b=qmdGogHmU6gY0/e3LiXR66wEgm6lghEEJafenIIYnhQQxyZcTtqQ52rynG QLwEEF1dwRkCFHC7wYf8XoVX/mEGOhxxRPw34I6d6buLOzu9xnC1lgQcQOqtUufo 85bIyaFLPMDEFn3cZRpEtQce3HOz4BgAM0t09kGVeU3fPUQ74=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=smtpout; bh=pk AHtJNa3iDLQkkVePZrTiJ+qzw=; b=XufwVQxYYToLOMl3gO9Mwded61if3GSMRA GG6ZiI4DnT91pvncAoCBWektBuoUhyeEtAS9XQvRgf2alWB+anDFpoacnK5+Aezp e7pCkLISovOLFaAWzRdBWeHntGfPiPpfuYBgjGwckJ0xajmOyG91lp6/YvAUb644 w+wffif9M=
X-ME-Sender: <xms:na9SWEexNU2L6RVTJUCNzbpDp18jmFV6rz1hyMYeLLS_Po1_gf22Lw>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 4E2F76ABE7; Thu, 15 Dec 2016 09:58:37 -0500 (EST)
Message-Id: <1481813917.419436.820073297.68E45D5D@webmail.messagingengine.com>
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: Henning Rogge <hrogge@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-f1319049
In-Reply-To: <CAGnRvuqKEwSU0nnkufzetGGUVzPSFjNOF6wrW=CRqc=t0x4dsQ@mail.gmail.com>
References: <148156334986.22491.1152871712874859894.idtracker@ietfa.amsl.com> <CALtoyonu77P8O2r4zHvD5kBF7+yFc8Fxqe0BoEzeM6BsdoMZZg@mail.gmail.com> <79D48CEB-2CFC-43A8-8D01-5C5CB1778966@fastmail.fm> <CAGnRvupMRvpFq7EVfR4+QX88PG8fMnX49bAZ0_L9tm1a6sYX8g@mail.gmail.com> <9B802ACF-84EF-4C47-92F8-122CA724C71A@fastmail.fm> <CAGnRvuqKEwSU0nnkufzetGGUVzPSFjNOF6wrW=CRqc=t0x4dsQ@mail.gmail.com>
Date: Thu, 15 Dec 2016 14:58:37 +0000
Archived-At: <https://mailarchive.ietf.org/arch/msg/manet/jJ3s2UxuPmkr-V0TxQtDP_mSZBk>
Cc: draft-ietf-manet-dlep@ietf.org, MANET IETF <manet@ietf.org>, The IESG <iesg@ietf.org>, manet-chairs@ietf.org
Subject: Re: [manet] Alexey Melnikov's Discuss on draft-ietf-manet-dlep-26: (with DISCUSS and COMMENT)
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 14:58:56 -0000

On Thu, Dec 15, 2016, at 09:21 AM, Henning Rogge wrote:
> On Thu, Dec 15, 2016 at 10:23 AM, Alexey Melnikov
> <aamelnikov@fastmail.fm> wrote:
> > Hi,
> >
> >> On 15 Dec 2016, at 08:59, Henning Rogge <hrogge@gmail.com> wrote:
> >>
> >> On Tue, Dec 13, 2016 at 11:11 AM, Alexey Melnikov
> >> <aamelnikov@fastmail.fm> wrote:
> >>> Hi Stan,
> >>>
> >>> All your answers look good to me. But I think credential validation might need a bit more thought/discussion in the WG. Maybe you can specify how preconfigured IP or MAC addresses can be checked in X.509 certificates? (Just an idea, not necessarily saying that it is the right or the only way of doing this)
> >>
> >> I raised the point of the certificate problem ages ago as an argument
> >> to DROP TLS from DLEP completely.
> >
> > Even unauthenticated TLS is better than no TLS, so I would rather the document continues to recommend it.
> 
> What kind of security does unauthenticated TLS provide against an
> attacker that sits on your local LAN segment?

I am not really concerned about that, but I am concerned about VPN or
virtualized environment where router is across the globe from the modem.

> Its not that DLEP carry
> any "secret" data...

That is the question really. If the date is exposed outside of LAN, does
it contain no sensitive information?

> I have spoken with a few radio vendors and from what I got none of
> them considers to implement TLS. Nobody sees any advantage of it, but
> everyone sees a huge cost. Cost in terms of performance (Flow control
> is delay dependent), cost in terms of complexity, costs in terms of
> interoperability.
> 
> Henning Rogge

v2.23.0 | Report a Bug | By Email