Re: [manet] Security documents for OLSRv2/NHDP
Abdussalam Baryun <abdussalambaryun@gmail.com> Sat, 16 March 2013 20:53 UTC
Return-Path: <abdussalambaryun@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 560E921F8457 for <manet@ietfa.amsl.com>; Sat, 16 Mar 2013 13:53:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.474
X-Spam-Level:
X-Spam-Status: No, score=-3.474 tagged_above=-999 required=5 tests=[AWL=0.125, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-fzUGzp9+RF for <manet@ietfa.amsl.com>; Sat, 16 Mar 2013 13:53:53 -0700 (PDT)
Received: from mail-pb0-f46.google.com (mail-pb0-f46.google.com [209.85.160.46]) by ietfa.amsl.com (Postfix) with ESMTP id AE01821F8454 for <manet@ietf.org>; Sat, 16 Mar 2013 13:53:53 -0700 (PDT)
Received: by mail-pb0-f46.google.com with SMTP id uo15so5263827pbc.19 for <manet@ietf.org>; Sat, 16 Mar 2013 13:53:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=Qa0+lpigxHVZwVM3R4lFgtqk5T/lC/ldSMs3LaOq4Bk=; b=n6WFEWgrsdUPIZIW6kSPsZ556NsG6YZHDypsi7X7W487z0XwK9CaWXBzAdUDMG7omb 1j4wi3zfrMy1Uqt7SRNFgnAvKyFkOTOhCi+MEnP519n6nL+I+2wjYtJUVdj4fNuSeqeh Vn1KUsX5YAAugfYeyCKETSL7J+Gq5plhPSZMsYZXmB1uP18yjRWStVcJTq5DqdajUJpz ePP2adSTJJdaKBhZKq9R8RzYl6m5n6pNfo2AqV2ON5rHYYyV8ZZ8E6Eru9tljVlh5Hw3 k7JtDWPhFU6gs64sQAvTIeBc2ThsDlDW2ncwWfsweOFA3QNJbF/S8qKIrAErSYuJT35f K97g==
MIME-Version: 1.0
X-Received: by 10.68.237.100 with SMTP id vb4mr25684659pbc.202.1363467233466; Sat, 16 Mar 2013 13:53:53 -0700 (PDT)
Received: by 10.68.33.132 with HTTP; Sat, 16 Mar 2013 13:53:53 -0700 (PDT)
In-Reply-To: <D621FF09-1DD5-4205-9E81-4C129075E66B@gmail.com>
References: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com> <CADnDZ88vE=pAYKFPne=71qN1-rhbay2QC=hD6dSYEDkTdMhgdQ@mail.gmail.com> <D621FF09-1DD5-4205-9E81-4C129075E66B@gmail.com>
Date: Sat, 16 Mar 2013 21:53:53 +0100
Message-ID: <CADnDZ88hLjpUtvEJvJLonq3op7xtiUdEG+FUpyvBNVH7c9muvw@mail.gmail.com>
From: Abdussalam Baryun <abdussalambaryun@gmail.com>
To: manet <manet@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Re: [manet] Security documents for OLSRv2/NHDP
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2013 20:53:54 -0000
I agreed to update of RFC6130 and have no objection of others, but want to discuss/ask. If IESG-DISCUSS was about OLSRv2 document why the process was to update RFC6130 only? and if publication 1 mandates OLSRv2 messages, then IMO it needs to update OLSRv2 document as well, or do you mean the publication-3 is a new version -18 that includes the security of OLSRv2 messaging and refers to publication-1. AB ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This message is owned by the author and sent to IETF MANET address and not sent to private mail-boxes. This message is an IETF input not private input. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ On 3/15/13, Christopher Dearlove <christopher.dearlove@googlemail.com> wrote: > OLSRv2 will reference this draft, and therefore it's not an update in the > technical sense in which the term is being used here, as a formal update to > RFC 6130. > > On 15 Mar 2013, at 21:09, Abdussalam Baryun wrote: > >> Hi Ulrich, >> >> Do I understand that publication 1 updates both RFC6130 and OLSRv2, or >> do you mean only updates RFC6130, >> >> AB >> On 3/15/13, Ulrich Herberg <ulrich@herberg.name> wrote: >>> Dear all, >>> >>> The OLSRv2 authors have had a discussion with Stephen Farrell (Security >>> AD) >>> and Adrian about how to resolve the remaining security related DISCUSS >>> on OLSRv2, and we agreed on a way forward that involves the following >>> steps: >>> >>> 1) Publication of: >>> http://tools.ietf.org/html/draft-herberg-manet-nhdp-olsrv2-sec-01 >>> >>> This document mandates (at least) implementation of HMAC/SHA2 >>> integrity protection of OLSRv2 messages. Deployments of OLSRv2 should >>> use that mechanism unless they have a more appropriate solution (e.g., >>> different cipher) for that particular deployment. This document also >>> updates NHDP and mandates to implement the same HMAC/SHA2 protection >>> for HELLO messages. >>> >>> 2) Publication of: >>> http://tools.ietf.org/html/draft-herberg-manet-rfc6622-bis-01 >>> >>> This document obsoletes RFC6622bis by fixing an oversight in RFC6622. >>> The differences are minor to RFC6622 and can be seen here: >>> http://tools.ietf.org/rfcdiff?url1=rfc6622&url2=draft-herberg-manet-rfc6622-bis >>> Essentially, RFC6622 does not protect the IP source address of the >>> interface over which the control message is sent. Since that address >>> is used to establish neighbors in NHDP (and therefore must be >>> protected), a new type extension 3 of the ICV TLV has been added to >>> the registry. >>> >>> 3) Publication of an update to OLSRv2, referencing the use of the >>> defined security mechanism, and resolving other smaller issues from >>> Stephen's DISCUSS. >>> >>> In order to not hold up OLSRv2 further, and upon discussions with Stan >>> and Adrian, we would like to request WG adoption of these two new >>> documents - asking that the chairs will officially poll the WG on this >>> matter shortly. The documents are brief, and addresses issues >>> requested by the ADs, so we hope that processing them should also be a >>> brief affair. >>> >>> Best regards >>> Ulrich >>> _______________________________________________ >>> manet mailing list >>> manet@ietf.org >>> https://www.ietf.org/mailman/listinfo/manet >>> >> _______________________________________________ >> manet mailing list >> manet@ietf.org >> https://www.ietf.org/mailman/listinfo/manet > >
- [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun
- Re: [manet] Security documents for OLSRv2/NHDP Adrian Farrel
- Re: [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Dearlove, Christopher (UK)
- Re: [manet] Security documents for OLSRv2/NHDP Stan Ratliff (sratliff)
- Re: [manet] Security documents for OLSRv2/NHDP Christopher Dearlove
- Re: [manet] Security documents for OLSRv2/NHDP Ulrich Herberg
- Re: [manet] Security documents for OLSRv2/NHDP Henning Rogge
- Re: [manet] Security documents for OLSRv2/NHDP Henning Rogge
- Re: [manet] Security documents for OLSRv2/NHDP Abdussalam Baryun