Re: [manet] draft-ietf-manet-aodvv2-13 review - a couple of big ticket Items
Justin Dean <bebemaster@gmail.com> Wed, 23 March 2016 12:50 UTC
Return-Path: <bebemaster@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C0E412DC17 for <manet@ietfa.amsl.com>; Wed, 23 Mar 2016 05:50:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SG42lESTH5K4 for <manet@ietfa.amsl.com>; Wed, 23 Mar 2016 05:50:30 -0700 (PDT)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F93812DAF4 for <manet@ietf.org>; Wed, 23 Mar 2016 05:40:26 -0700 (PDT)
Received: by mail-oi0-x235.google.com with SMTP id u127so3873381oie.1 for <manet@ietf.org>; Wed, 23 Mar 2016 05:40:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=N/eC2qXvpGhkbum/iIB0fn2nTnrtM0nLMpE96GFzrQk=; b=zTLpeafnML/ntIa1otjn/Tzf13B+DwXOdI/fqpeZTKUhOv45CN9aidnI9aAKpVWkxp mMCTdG9ulOtpoH71QCGA8AEIo6APGUXj1gaB7pKy8TJqxYfkuaArV39OswYE5zcuCwmZ iEghsSsmBsYlONv7jiRrxY7w/u9OSiwiUGo7uYg50KDYzbFmbTSIvpPBBy2iI0SZiPWH 0xIx5ueTY6ou8PHqHJ0ZDynavIPIabvVS7n4IdJ05fyrIl4cyxeQHBWIAgXSmdbMwTPW EgqpxuYLrn7ZgRXDu9yljSmbUK6xrrIr61eQFvspdn7yGmOMXaAWtYIQ+fksYPSzHGQh 7CpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=N/eC2qXvpGhkbum/iIB0fn2nTnrtM0nLMpE96GFzrQk=; b=ZrdLfLucmVQXHBaois7hp7dZU/qaJ3Z6gTOpULkUrz6qnS/tl1l7IdteefdPq8WgdL jkXhhe0mypXTOvF0u+VTp0xi5lGTOXRm6AM5NHtfx+CyaGxLPlSB7QqjHRXBAK+zrQS4 DINN/83kbLwyNf4zazDqui77KtOqamsUqR8c8mv/UNZBzngbYIQazS8MuIiYfpIOylpc X5r+j7hWsSdfkbyH3JtBclvrYVSwtX86aZSyxw83wtocmGcSbz99qYFflDMZEzFdBMd8 Mnm9AcIVLORbnJgpoOymk3UKNO6H0AJh7GKdq5wfmAPLK3Uj3az0XwhStAEaQxgu3JSb W7QA==
X-Gm-Message-State: AD7BkJJGkMQqAPO92AqtrjyLRt2vPzMlcKnnQIyp7SSX7IdAZGEd52L9nOb9pCXPDLt/kvjrczdDhgCuyygtcw==
MIME-Version: 1.0
X-Received: by 10.157.46.193 with SMTP id w59mr1326069ota.107.1458736825384; Wed, 23 Mar 2016 05:40:25 -0700 (PDT)
Received: by 10.76.45.102 with HTTP; Wed, 23 Mar 2016 05:40:25 -0700 (PDT)
In-Reply-To: <B31EEDDDB8ED7E4A93FDF12A4EECD30D92381902@GLKXM0002V.GREENLNK.net>
References: <8C311D85-5C5A-4155-9705-6B09D0AA588B@thomasclausen.org> <CA+-pDCds+kZy2LUz_A0c3_sJKF03NFroh5oXXgQP0fw=aGRNxg@mail.gmail.com> <B31EEDDDB8ED7E4A93FDF12A4EECD30D92381821@GLKXM0002V.GREENLNK.net> <CA+-pDCcJwyOZeMEGOx_DeYMrQ0_ANNsqi4pjbQUgO21y3s1ZFg@mail.gmail.com> <B31EEDDDB8ED7E4A93FDF12A4EECD30D92381902@GLKXM0002V.GREENLNK.net>
Date: Wed, 23 Mar 2016 08:40:25 -0400
Message-ID: <CA+-pDCc2a62e-abpyjnt-ERPE6FhD-txMa5JgnwxPK6r0eZtpg@mail.gmail.com>
From: Justin Dean <bebemaster@gmail.com>
To: "Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com>
Content-Type: multipart/alternative; boundary="001a1142e9ec4c4715052eb6a223"
Archived-At: <http://mailarchive.ietf.org/arch/msg/manet/tLYM0oSQxJ2koQvW63y0yPtERt4>
Cc: "manet@ietf.org" <manet@ietf.org>, "Thomas Heide Clausen (Thomas.Clausen@polytechnique.edu)" <Thomas.Clausen@polytechnique.edu>
Subject: Re: [manet] draft-ietf-manet-aodvv2-13 review - a couple of big ticket Items
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 12:50:34 -0000
RFC 7182 is mandatory to RFC 7181. In violent agreement. OLSRv2 MUST NOT do that. 5444 doesn't generate/forward messages though 7181 does. Clearly there should be a way for a process sitting on the multiplexer to tell it that a message is immutable. But in other cases a message does get change/added to (e.g. 6121 (SMF) tlvs attached to 6130 (NHDP) hello messages). In the end we all seem to agree end-to-end security is a problem currently for AODVv2. Justin On Wed, Mar 23, 2016 at 8:29 AM, Dearlove, Christopher (UK) < chris.dearlove@baesystems.com> wrote: > I’ve put the MANET list back on distribution. > > > > As Thomas has pointed out to me, RFC 7182 is mandatory to implement as > specified in RFC 7181. Thus “without ICVs” is not an option, and anything > that breaks 7182 breaks compliance with 7181. And changing a message breaks > 7181, in addition to it being directly indicated that messages are > forwarded unchanged (hop count/limit aside). > > > > Or in other words, OLSRv2 MUST NOT do this, and 5444 multiplexer MUST NOT > change messages (as visible from protocol). I have an updated 5444 usage > draft that makes this clearer for the multiplexer, waiting on co-authors to > review. > > > > *-- * > > > > > *Christopher Dearlove Senior Principal Engineer BAE Systems Applied > Intelligence Laboratories * > *__________________________________________________________________________ > * > *T*: +44 (0)1245 242194 | *E: *chris.dearlove@baesystems.com > > BAE Systems Applied Intelligence, Chelmsford Technology Park, Great > Baddow, Chelmsford, Essex CM2 8HN. > www.baesystems.com/ai > > BAE Systems Applied Intelligence Limited > Registered in England & Wales No: 01337451 > > Registered Office: Surrey Research Park, Guildford, Surrey, GU2 7YP > > > > *From:* Justin Dean [mailto:bebemaster@gmail.com] > *Sent:* 23 March 2016 12:23 > *To:* Dearlove, Christopher (UK) > *Subject:* Re: [manet] draft-ietf-manet-aodvv2-13 review - a couple of > big ticket Items > > > > > > **** WARNING **** > > *This message originates from outside our organisation, either from an > external partner or the internet.* > > * Consider carefully whether you should click on any links, open any > attachments or reply. For information regarding **Red Flags** that you > can look out for in emails you receive, click here > <http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Red%20Flags.pdf>.* > * If you feel the email is suspicious, please follow this process > <http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Dealing%20With%20Suspicious%20Emails.pdf>.* > > CMD> I think this comes under the heading of “not prohibited but > undesirable” but also that all options I can see involve something > undesirable, or worse, so this may be the least undesirable > > JWD: check. > > > > JWD> The way multiplexers work messages can get torn apart and sent back > out in a different way. My OLSRv2 with another version will likely do just > that. > > CMD> Absolutely not, that is a violation of OLSRv2 rules and unacceptable, > because OLSRv2 specifies forwarding messages unchanged. That completely > breaks use of RFC 7182 message ICVs - which might be applied by the > multiplexer. Please do not even consider this. > > JWD: you are correct. ICVs disallow this behavior. In my own code the > messages are not changed because I generated them in the first place. > Without ICVs though it's quite natural. I've personally seen three > different packetbb parsers (one my own) which by default will rearrange a > message if processed and regenerated (actually caused some headache when > trying to debug and getting different generated message outputs). If there > are no ICVs and it doesn't matter, but that's throwing all of end to end > security out the window. End to end security is an issue. > > ******************************************************************** > This email and any attachments are confidential to the intended > recipient and may also be privileged. If you are not the intended > recipient please delete it from your system and notify the sender. > You should not copy it or use it for any purpose nor disclose or > distribute its contents to any other person. > ******************************************************************** >
- [manet] draft-ietf-manet-aodvv2-13 review - a cou… ietf
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… Lotte Steenbrink
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… ietf
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… Lotte Steenbrink
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… Jiazi YI
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… Justin Dean
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… Thomas Heide Clausen
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… Justin Dean
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… Thomas Heide Clausen
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… Dearlove, Christopher (UK)
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… Justin Dean
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… Dearlove, Christopher (UK)
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… Justin Dean
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… Dearlove, Christopher (UK)
- [manet] On Forwarding-and-regeneration (was: Re: … Thomas Clausen
- Re: [manet] On Forwarding-and-regeneration (was: … Dearlove, Christopher (UK)
- Re: [manet] draft-ietf-manet-aodvv2-13 review - a… ietf
- Re: [manet] On Forwarding-and-regeneration (was: … ietf
- Re: [manet] On Forwarding-and-regeneration (was: … Dearlove, Christopher (UK)
- Re: [manet] On Forwarding-and-regeneration (was: … Lotte Steenbrink
- Re: [manet] On Forwarding-and-regeneration (was: … Henning Rogge
- Re: [manet] On Forwarding-and-regeneration (was: … Lotte Steenbrink
- Re: [manet] On Forwarding-and-regeneration (was: … Henning Rogge
- Re: [manet] On Forwarding-and-regeneration (was: … Dearlove, Christopher (UK)
- Re: [manet] On Forwarding-and-regeneration (was: … Thomas Heide Clausen
- Re: [manet] On Forwarding-and-regeneration (was: … Lotte Steenbrink
- Re: [manet] On Forwarding-and-regeneration (was: … Dearlove, Christopher (UK)
- Re: [manet] On Forwarding-and-regeneration (was: … Thomas Heide Clausen
- Re: [manet] On Forwarding-and-regeneration (was: … Dearlove, Christopher (UK)
- Re: [manet] On Forwarding-and-regeneration (was: … Justin Dean
- Re: [manet] On Forwarding-and-regeneration (was: … Thomas Heide Clausen
- Re: [manet] On Forwarding-and-regeneration (was: … Stan Ratliff
- Re: [manet] On Forwarding-and-regeneration (was: … Dearlove, Christopher (UK)
- Re: [manet] On Forwarding-and-regeneration (was: … Lotte Steenbrink
- Re: [manet] On Forwarding-and-regeneration (was: … Lotte Steenbrink
- Re: [manet] On Forwarding-and-regeneration (was: … Christopher Dearlove
- Re: [manet] On Forwarding-and-regeneration (was: … Lotte Steenbrink
- Re: [manet] On Forwarding-and-regeneration (was: … Jiazi YI
- Re: [manet] On Forwarding-and-regeneration (was: … Justin Dean
- Re: [manet] On Forwarding-and-regeneration (was: … Thomas Heide Clausen
- Re: [manet] On Forwarding-and-regeneration (was: … Thomas Heide Clausen
- Re: [manet] On Forwarding-and-regeneration Charlie Perkins
- Re: [manet] On Forwarding-and-regeneration Jiazi YI
- Re: [manet] On Forwarding-and-regeneration Dearlove, Christopher (UK)
- Re: [manet] On Forwarding-and-regeneration Charlie Perkins
- Re: [manet] On Forwarding-and-regeneration ietf