IETF Logo Mail Archive

Re: [manet] draft-ietf-manet-aodvv2-13 review - a couple of big ticket Items

Justin Dean <bebemaster@gmail.com> Wed, 23 March 2016 12:50 UTC

Return-Path: <bebemaster@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C0E412DC17 for <manet@ietfa.amsl.com>; Wed, 23 Mar 2016 05:50:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SG42lESTH5K4 for <manet@ietfa.amsl.com>; Wed, 23 Mar 2016 05:50:30 -0700 (PDT)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F93812DAF4 for <manet@ietf.org>; Wed, 23 Mar 2016 05:40:26 -0700 (PDT)
Received: by mail-oi0-x235.google.com with SMTP id u127so3873381oie.1 for <manet@ietf.org>; Wed, 23 Mar 2016 05:40:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=N/eC2qXvpGhkbum/iIB0fn2nTnrtM0nLMpE96GFzrQk=; b=zTLpeafnML/ntIa1otjn/Tzf13B+DwXOdI/fqpeZTKUhOv45CN9aidnI9aAKpVWkxp mMCTdG9ulOtpoH71QCGA8AEIo6APGUXj1gaB7pKy8TJqxYfkuaArV39OswYE5zcuCwmZ iEghsSsmBsYlONv7jiRrxY7w/u9OSiwiUGo7uYg50KDYzbFmbTSIvpPBBy2iI0SZiPWH 0xIx5ueTY6ou8PHqHJ0ZDynavIPIabvVS7n4IdJ05fyrIl4cyxeQHBWIAgXSmdbMwTPW EgqpxuYLrn7ZgRXDu9yljSmbUK6xrrIr61eQFvspdn7yGmOMXaAWtYIQ+fksYPSzHGQh 7CpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=N/eC2qXvpGhkbum/iIB0fn2nTnrtM0nLMpE96GFzrQk=; b=ZrdLfLucmVQXHBaois7hp7dZU/qaJ3Z6gTOpULkUrz6qnS/tl1l7IdteefdPq8WgdL jkXhhe0mypXTOvF0u+VTp0xi5lGTOXRm6AM5NHtfx+CyaGxLPlSB7QqjHRXBAK+zrQS4 DINN/83kbLwyNf4zazDqui77KtOqamsUqR8c8mv/UNZBzngbYIQazS8MuIiYfpIOylpc X5r+j7hWsSdfkbyH3JtBclvrYVSwtX86aZSyxw83wtocmGcSbz99qYFflDMZEzFdBMd8 Mnm9AcIVLORbnJgpoOymk3UKNO6H0AJh7GKdq5wfmAPLK3Uj3az0XwhStAEaQxgu3JSb W7QA==
X-Gm-Message-State: AD7BkJJGkMQqAPO92AqtrjyLRt2vPzMlcKnnQIyp7SSX7IdAZGEd52L9nOb9pCXPDLt/kvjrczdDhgCuyygtcw==
MIME-Version: 1.0
X-Received: by 10.157.46.193 with SMTP id w59mr1326069ota.107.1458736825384; Wed, 23 Mar 2016 05:40:25 -0700 (PDT)
Received: by 10.76.45.102 with HTTP; Wed, 23 Mar 2016 05:40:25 -0700 (PDT)
In-Reply-To: <B31EEDDDB8ED7E4A93FDF12A4EECD30D92381902@GLKXM0002V.GREENLNK.net>
References: <8C311D85-5C5A-4155-9705-6B09D0AA588B@thomasclausen.org> <CA+-pDCds+kZy2LUz_A0c3_sJKF03NFroh5oXXgQP0fw=aGRNxg@mail.gmail.com> <B31EEDDDB8ED7E4A93FDF12A4EECD30D92381821@GLKXM0002V.GREENLNK.net> <CA+-pDCcJwyOZeMEGOx_DeYMrQ0_ANNsqi4pjbQUgO21y3s1ZFg@mail.gmail.com> <B31EEDDDB8ED7E4A93FDF12A4EECD30D92381902@GLKXM0002V.GREENLNK.net>
Date: Wed, 23 Mar 2016 08:40:25 -0400
Message-ID: <CA+-pDCc2a62e-abpyjnt-ERPE6FhD-txMa5JgnwxPK6r0eZtpg@mail.gmail.com>
From: Justin Dean <bebemaster@gmail.com>
To: "Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com>
Content-Type: multipart/alternative; boundary="001a1142e9ec4c4715052eb6a223"
Archived-At: <http://mailarchive.ietf.org/arch/msg/manet/tLYM0oSQxJ2koQvW63y0yPtERt4>
Cc: "manet@ietf.org" <manet@ietf.org>, "Thomas Heide Clausen (Thomas.Clausen@polytechnique.edu)" <Thomas.Clausen@polytechnique.edu>
Subject: Re: [manet] draft-ietf-manet-aodvv2-13 review - a couple of big ticket Items
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 12:50:34 -0000

RFC 7182 is mandatory to RFC 7181.  In violent agreement.  OLSRv2 MUST NOT
do that.  5444 doesn't generate/forward messages though 7181 does.  Clearly
there should be a way for a process sitting on the multiplexer to tell it
that a message is immutable.  But in other cases a message does get
change/added to (e.g. 6121 (SMF) tlvs attached to 6130 (NHDP) hello
messages).  In the end we all seem to agree end-to-end security is a
problem currently for AODVv2.

Justin

On Wed, Mar 23, 2016 at 8:29 AM, Dearlove, Christopher (UK) <
chris.dearlove@baesystems.com> wrote:

> I’ve put the MANET list back on distribution.
>
>
>
> As Thomas has pointed out to me, RFC 7182 is mandatory to implement as
> specified in RFC 7181. Thus “without ICVs” is not an option, and anything
> that breaks 7182 breaks compliance with 7181. And changing a message breaks
> 7181, in addition to it being directly indicated that messages are
> forwarded unchanged (hop count/limit aside).
>
>
>
> Or in other words, OLSRv2 MUST NOT do this, and 5444 multiplexer MUST NOT
> change messages (as visible from protocol). I have an updated 5444 usage
> draft that makes this clearer for the multiplexer, waiting on co-authors to
> review.
>
>
>
> *-- *
>
>
>
>
> *Christopher Dearlove Senior Principal Engineer BAE Systems Applied
> Intelligence Laboratories *
> *__________________________________________________________________________
> *
> *T*:  +44 (0)1245 242194  |  *E: *chris.dearlove@baesystems.com
>
> BAE Systems Applied Intelligence, Chelmsford Technology Park, Great
> Baddow, Chelmsford, Essex CM2 8HN.
> www.baesystems.com/ai
>
> BAE Systems Applied Intelligence Limited
> Registered in England & Wales No: 01337451
>
> Registered Office: Surrey Research Park, Guildford, Surrey, GU2 7YP
>
>
>
> *From:* Justin Dean [mailto:bebemaster@gmail.com]
> *Sent:* 23 March 2016 12:23
> *To:* Dearlove, Christopher (UK)
> *Subject:* Re: [manet] draft-ietf-manet-aodvv2-13 review - a couple of
> big ticket Items
>
>
>
>
>
> **** WARNING ****
>
> *This message originates from outside our organisation, either from an
> external partner or the internet.*
>
> * Consider carefully whether you should click on any links, open any
> attachments or reply. For information regarding **Red Flags** that you
> can look out for in emails you receive, click here
> <http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Red%20Flags.pdf>.*
> * If you feel the email is suspicious, please follow this process
> <http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Dealing%20With%20Suspicious%20Emails.pdf>.*
>
> CMD> I think this comes under the heading of “not prohibited but
> undesirable” but also that all options I can see involve something
> undesirable, or worse, so this may be the least undesirable
>
> JWD: check.
>
>
>
> JWD> The way multiplexers work messages can get torn apart and sent back
> out in a different way.  My OLSRv2 with another version will likely do just
> that.
>
> CMD> Absolutely not, that is a violation of OLSRv2 rules and unacceptable,
> because OLSRv2 specifies forwarding messages unchanged. That completely
> breaks use of RFC 7182 message ICVs - which might be applied by the
> multiplexer. Please do not even consider this.
>
> JWD: you are correct.  ICVs disallow this behavior.  In my own code the
> messages are not changed because I generated them in the first place.
> Without ICVs though it's quite natural.  I've personally seen three
> different packetbb parsers (one my own) which by default will rearrange a
> message if processed and regenerated  (actually caused some headache when
> trying to debug and getting different generated message outputs).  If there
> are no ICVs and it doesn't matter, but that's throwing all of end to end
> security out the window.  End to end security is an issue.
>
> ********************************************************************
> This email and any attachments are confidential to the intended
> recipient and may also be privileged. If you are not the intended
> recipient please delete it from your system and notify the sender.
> You should not copy it or use it for any purpose nor disclose or
> distribute its contents to any other person.
> ********************************************************************
>

v2.23.0 | Report a Bug | By Email