IETF Logo Mail Archive

Re: [manet] Security documents for OLSRv2/NHDP

"Stan Ratliff (sratliff)" <sratliff@cisco.com> Fri, 15 March 2013 19:04 UTC

Return-Path: <sratliff@cisco.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8539121F8477 for <manet@ietfa.amsl.com>; Fri, 15 Mar 2013 12:04:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sIr0BpIZjglG for <manet@ietfa.amsl.com>; Fri, 15 Mar 2013 12:04:26 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) by ietfa.amsl.com (Postfix) with ESMTP id 41CE521F8689 for <manet@ietf.org>; Fri, 15 Mar 2013 12:04:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2430; q=dns/txt; s=iport; t=1363374266; x=1364583866; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=8RT6+yP8RJbr/dgBuxsg+MgFuccGwYMxefz/sYzbsxw=; b=kf9gwtfEa3CGvjFKwzAWuNBNMDG9zlCFeTa7mp1jIQoGXZzIesHS/iYU l8XgEhWFsvIczluuehlxQF0tKmz0T8BixvGdV5x/3FnlrhzxIqGeaXYuW j3t3fPVLvUP7ruiG/aVPtSNDRAsda/S2Tig4Db0bSBf8RBYIj/+eqZG+r M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFAFRwQ1GtJV2c/2dsb2JhbABDxSKBZxZ0gioBAQEDAQEBATc0CwULAgEIIhQQJwslAgQOBQgTh3MGDMMxjVWBDQIxB4JfYQOTFoRkj2ODCoFzNQ
X-IronPort-AV: E=Sophos;i="4.84,853,1355097600"; d="scan'208";a="188043989"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-3.cisco.com with ESMTP; 15 Mar 2013 19:04:26 +0000
Received: from xhc-rcd-x11.cisco.com (xhc-rcd-x11.cisco.com [173.37.183.85]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id r2FJ4P0V023637 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 15 Mar 2013 19:04:25 GMT
Received: from xmb-aln-x03.cisco.com ([169.254.6.8]) by xhc-rcd-x11.cisco.com ([173.37.183.85]) with mapi id 14.02.0318.004; Fri, 15 Mar 2013 14:04:15 -0500
From: "Stan Ratliff (sratliff)" <sratliff@cisco.com>
To: Ulrich Herberg <ulrich@herberg.name>
Thread-Topic: [manet] Security documents for OLSRv2/NHDP
Thread-Index: AQHOIaWznpJD/yD5G0K5xcEOhuWrxJincEmA
Date: Fri, 15 Mar 2013 19:04:14 +0000
Message-ID: <2ED1D3801ACAAB459FDB4EAC9EAD090C10053162@xmb-aln-x03.cisco.com>
References: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com>
In-Reply-To: <CAK=bVC-dubQKrdR7H8etpah7OibKjuG0aBm1FFdPf5y4n-wftw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.116.179.215]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <87379D9AC2E7034B8DEA93E1D02CF556@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Christopher Dearlove <chris.dearlove@baesystems.com>, "<manet@ietf.org>" <manet@ietf.org>, Thomas Clausen <thomas@thomasclausen.org>
Subject: Re: [manet] Security documents for OLSRv2/NHDP
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2013 19:04:28 -0000

Ulrich, 

Thanks for this email. OK, Working Group participants: Consider this a 1-week poll for adoption of these docs as WG documents. Polling period ends March 22. And, silence will be deemed to be agreement that the documents *should be* accepted as WG docs. 

Regards,
Stan

On Mar 15, 2013, at 1:51 PM, Ulrich Herberg wrote:

> Dear all,
> 
> The OLSRv2 authors have had a discussion with Stephen Farrell (Security AD)
> and Adrian about how to resolve the remaining security related DISCUSS
> on OLSRv2, and we agreed on a way forward that involves the following
> steps:
> 
> 1) Publication of:
> http://tools.ietf.org/html/draft-herberg-manet-nhdp-olsrv2-sec-01
> 
> This document mandates (at least) implementation of HMAC/SHA2
> integrity protection of OLSRv2 messages. Deployments of OLSRv2 should
> use that mechanism unless they have a more appropriate solution (e.g.,
> different cipher) for that particular deployment. This document also
> updates NHDP and mandates to implement the same HMAC/SHA2 protection
> for HELLO messages.
> 
> 2) Publication of:
> http://tools.ietf.org/html/draft-herberg-manet-rfc6622-bis-01
> 
> This document obsoletes RFC6622bis by fixing an oversight in RFC6622.
> The differences are minor to RFC6622 and can be seen here:
> http://tools.ietf.org/rfcdiff?url1=rfc6622&url2=draft-herberg-manet-rfc6622-bis
> Essentially, RFC6622 does not protect the IP source address of the
> interface over which the control message is sent. Since that address
> is used to establish neighbors in NHDP (and therefore must be
> protected), a new type extension 3 of the ICV TLV has been added to
> the registry.
> 
> 3) Publication of an update to OLSRv2, referencing the use of the
> defined security mechanism, and resolving other smaller issues from
> Stephen's DISCUSS.
> 
> In order to not hold up OLSRv2 further, and upon discussions with Stan
> and Adrian, we would like to request WG adoption of these two new
> documents - asking that the chairs will officially poll the WG on this
> matter shortly. The documents are brief, and addresses issues
> requested by the ADs, so we hope that processing them should also be a
> brief affair.
> 
> Best regards
> Ulrich
> _______________________________________________
> manet mailing list
> manet@ietf.org
> https://www.ietf.org/mailman/listinfo/manet

v2.23.0 | Report a Bug | By Email