Re: [manet] Security documents for OLSRv2/NHDP

I agreed to update of RFC6130 and have no objection of others, but
want to discuss/ask.

If IESG-DISCUSS was about OLSRv2 document why the process was to
update RFC6130 only? and if publication 1 mandates OLSRv2 messages,
then IMO it needs to update OLSRv2 document as well, or do you mean
the publication-3 is a new version -18 that includes the security of
OLSRv2 messaging and refers to publication-1.

AB

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This message is owned by the author and sent to IETF MANET address and
not sent to private mail-boxes. This message is an IETF input not
private input.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

On 3/15/13, Christopher Dearlove <christopher.dearlove@googlemail.com> wrote:
> OLSRv2 will reference this draft, and therefore it's not an update in the
> technical sense in which the term is being used here, as a formal update to
> RFC 6130.
>
> On 15 Mar 2013, at 21:09, Abdussalam Baryun wrote:
>
>> Hi Ulrich,
>>
>> Do I understand that publication 1 updates both RFC6130 and OLSRv2, or
>> do you mean only updates RFC6130,
>>
>> AB
>> On 3/15/13, Ulrich Herberg <ulrich@herberg.name> wrote:
>>> Dear all,
>>>
>>> The OLSRv2 authors have had a discussion with Stephen Farrell (Security
>>> AD)
>>> and Adrian about how to resolve the remaining security related DISCUSS
>>> on OLSRv2, and we agreed on a way forward that involves the following
>>> steps:
>>>
>>> 1) Publication of:
>>> http://tools.ietf.org/html/draft-herberg-manet-nhdp-olsrv2-sec-01
>>>
>>> This document mandates (at least) implementation of HMAC/SHA2
>>> integrity protection of OLSRv2 messages. Deployments of OLSRv2 should
>>> use that mechanism unless they have a more appropriate solution (e.g.,
>>> different cipher) for that particular deployment. This document also
>>> updates NHDP and mandates to implement the same HMAC/SHA2 protection
>>> for HELLO messages.
>>>
>>> 2) Publication of:
>>> http://tools.ietf.org/html/draft-herberg-manet-rfc6622-bis-01
>>>
>>> This document obsoletes RFC6622bis by fixing an oversight in RFC6622.
>>> The differences are minor to RFC6622 and can be seen here:
>>> http://tools.ietf.org/rfcdiff?url1=rfc6622&url2=draft-herberg-manet-rfc6622-bis
>>> Essentially, RFC6622 does not protect the IP source address of the
>>> interface over which the control message is sent. Since that address
>>> is used to establish neighbors in NHDP (and therefore must be
>>> protected), a new type extension 3 of the ICV TLV has been added to
>>> the registry.
>>>
>>> 3) Publication of an update to OLSRv2, referencing the use of the
>>> defined security mechanism, and resolving other smaller issues from
>>> Stephen's DISCUSS.
>>>
>>> In order to not hold up OLSRv2 further, and upon discussions with Stan
>>> and Adrian, we would like to request WG adoption of these two new
>>> documents - asking that the chairs will officially poll the WG on this
>>> matter shortly. The documents are brief, and addresses issues
>>> requested by the ADs, so we hope that processing them should also be a
>>> brief affair.
>>>
>>> Best regards
>>> Ulrich
>>> _______________________________________________
>>> manet mailing list
>>> manet@ietf.org
>>> https://www.ietf.org/mailman/listinfo/manet
>>>
>> _______________________________________________
>> manet mailing list
>> manet@ietf.org
>> https://www.ietf.org/mailman/listinfo/manet
>
>