Re: [OPSEC] Iotdir early review of draft-ietf-opsec-v6-21

Ted Lemon <mellon@fugue.com> Tue, 16 February 2021 13:50 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E97583A0CD8 for <opsec@ietfa.amsl.com>; Tue, 16 Feb 2021 05:50:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vfmKv0Z0vZyc for <opsec@ietfa.amsl.com>; Tue, 16 Feb 2021 05:50:02 -0800 (PST)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 028F13A0CD4 for <opsec@ietf.org>; Tue, 16 Feb 2021 05:50:01 -0800 (PST)
Received: by mail-qk1-x730.google.com with SMTP id t62so9374283qke.7 for <opsec@ietf.org>; Tue, 16 Feb 2021 05:50:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=jdLXX0wnAn7XbwYNiwRQNae6myOXnMZmqZidCyRXuqM=; b=1pIy5mh3gjIhpTt/v++FeSaNZp6F58VMvNlSXNgAzF/QOGnwL6rZdiLfEgHB+ZQsOn nOR9CxeWgjp4qmtUdYnq2iR9wz0kERFp1jIp2Nrrg0iySGAZ3rUA8qE0O6Cupp/+TtF6 AJlSksheK2v5v7Q+zrFB8YIKxlat1sb0DadJT5ZiwYKv5zxZ0wHa8HpC8TJSK+nkr+B+ sXkrJE/6Bw+WBeS3Ah5KXtQJ5rdDR0ESxy4gCszySJHrnGljk7qcVIMYlGaZD0pDmuWD mAMEE93oBFYaf6Ne6w5nmEZxDtUCNGhW6zME4ONEs+N3NKK04wvwZpBL90yKrU8UQOKG //+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=jdLXX0wnAn7XbwYNiwRQNae6myOXnMZmqZidCyRXuqM=; b=ZRXUB+8HYJqOOXXjyFqk1cGCCbLWCyRYSV5PUIvBTJ25V07BLZfl1xVWPdMkYYyJNU uMDniRawqaYw5kWLcmOqFxnk3iJtVXqekbZ5RS/h0ecHj2dM3xNYPxZVbiANoCjiM2LE Rj0P3l1yBzqXrv7PUBe4Lxk7K8wytsjpATc57F47KfvqB41g96d6uXRD6BJr9CPk8zE9 fYHuwB5W9uVN9w6dMxNojSkKXRcGYfkgw0OFcBbd20kDYVfqry9rpJbrLzkggNB4f8fL 0fc0v6vf0CcuLoFAzxwH+J3jyYlFj9I4CZ+eP4yWmgZ+wN/Bc40FE+DboNcJ3k6nplrF nTyw==
X-Gm-Message-State: AOAM531OS7H+QXJ1ornZGb4Zc5k0EuwjPk3sUjd2tuzLtylU9JZOv9SB ii62Or/aaMwqNdQdhInp6B6+kQ==
X-Google-Smtp-Source: ABdhPJwKxVfPQ6N5KvvvFXEbg1ofMEBp0j4mqLASA7S1i41uehvKvxQLwghQbPLefp0J96bxn/AHBg==
X-Received: by 2002:a37:9b8b:: with SMTP id d133mr13632832qke.58.1613483400676; Tue, 16 Feb 2021 05:50:00 -0800 (PST)
Received: from smtpclient.apple (c-24-91-177-160.hsd1.ma.comcast.net. [24.91.177.160]) by smtp.gmail.com with ESMTPSA id c81sm14053238qkb.88.2021.02.16.05.49.59 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Feb 2021 05:50:00 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <6D897ABF-B27C-4E82-A1A6-F2AB23FFAA28@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0CA2A84F-07D6-4CBD-8103-2F3E6E8417F6"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.32\))
Date: Tue, 16 Feb 2021 08:49:58 -0500
In-Reply-To: <YCvKok+GGWE6JuGy@Space.Net>
Cc: Stuart Cheshire <cheshire=40apple.com@dmarc.ietf.org>, =?utf-8?Q?=C3=89ric_Vyncke?= <evyncke@cisco.com>, opsec@ietf.org, Warren Kumari <warren@kumari.net>
To: Gert Doering <gert@space.net>
References: <YCuf0JXkQLngR2Y1@Space.Net> <923E8868-047C-4FB4-B625-6E74E4262B5B@fugue.com> <YCvKok+GGWE6JuGy@Space.Net>
X-Mailer: Apple Mail (2.3654.80.0.2.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/tUEh6IdToqItNTXJXsWTqhi-vRk>
Subject: Re: [OPSEC] Iotdir early review of draft-ietf-opsec-v6-21
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Feb 2021 13:50:04 -0000

On Feb 16, 2021, at 8:37 AM, Gert Doering <gert@space.net> wrote:
> Not sure what of that is "of course" and what "routes to the IoT network"
> might be…


Router Advertisements advertise routers, prefixes, and routes, among other things. They can advertise a default router (and hence a default route), or they can advertise a non-default router that provides more specific routes, for example to an IoT stub network. Unless you prefer that we just bridge constrained networks to Wifi or Ethernet infrastructure networks at layer 2?

See https://tools.ietf.org/html/draft-lemon-stub-networks-ps-00 (update coming soon)

FWIW, the situation for IoT (stub) networks is no different than the situation for multi-homing: you have two routers connected to the same link, both multicasting RAs to the link. Which one do you want your network infrastructure to automatically filter?