[Roll] [roll] #156: draft-ietf-roll-security-threats-06 - RPL control message are broadcast
"roll issue tracker" <trac+roll@trac.tools.ietf.org> Sun, 23 February 2014 20:22 UTC
Return-Path: <trac+roll@trac.tools.ietf.org>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAD261A06F2 for <roll@ietfa.amsl.com>; Sun, 23 Feb 2014 12:22:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.548
X-Spam-Level:
X-Spam-Status: No, score=-0.548 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6JCcoumQK8Hu for <roll@ietfa.amsl.com>; Sun, 23 Feb 2014 12:22:13 -0800 (PST)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 9387D1A06F0 for <roll@ietf.org>; Sun, 23 Feb 2014 12:22:13 -0800 (PST)
Received: from localhost ([127.0.0.1]:49609 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+roll@trac.tools.ietf.org>) id 1WHfYm-000249-MP; Sun, 23 Feb 2014 21:22:00 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: roll issue tracker <trac+roll@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-roll-security-threats@tools.ietf.org, mariainesrobles@gmail.com
X-Trac-Project: roll
Date: Sun, 23 Feb 2014 20:22:00 -0000
X-URL: http://tools.ietf.org/wg/roll/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/roll/trac/ticket/156
Message-ID: <067.c601d465cb4dd279e545d31290863daf@trac.tools.ietf.org>
X-Trac-Ticket-ID: 156
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-roll-security-threats@tools.ietf.org, mariainesrobles@gmail.com, robert.cragie@gridmerge.com, roll@ietf.org
X-SA-Exim-Mail-From: trac+roll@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: angel.lozano@upf.edu, mcr+ietf@sandelman.ca, mischa.dohler@cttc.es, roger.alexander@cooperindustries.com, tzeta.tsao@cooperindustries.com, vanesa.daza@upf.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/roll/6Ay4x8zCFZoUd2R8neVhqRqGmkI
Cc: roll@ietf.org
Subject: [Roll] [roll] #156: draft-ietf-roll-security-threats-06 - RPL control message are broadcast
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: roll@ietf.org
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Feb 2014 20:22:16 -0000
#156: draft-ietf-roll-security-threats-06 - RPL control message are broadcast Reported by Robert Cragie - 02/17/2014 7.2. Integrity Features The integrity of routing information provides the basis for ensuring that the function of the routing protocol is achieved and maintained. To protect integrity, RPL must either run using only the Secure versions of the messages, or must run over a layer-2 that uses channel binding between node identity and transmissions. (i.e.: a layer-2 which has an identical network-wide transmission key can not defend against many attacks) <rcc> So how do we fix the conundrum that many significant RPL control messages (e.g DIO) are broadcast, which in link layer terms typically means they are transmitted using LL broadcast address without acknowledgements? We can't use pairwise link keys. Saying a network wide key "cannot defend against many attacks" is a poor generalization without any real analysis behind it. If a network-wide key has been distributed in a secure fashion and the confidentiality of the key on every node can be guaranteed, then it is a perfectly legitimate way to provide confidentiality, data origin authentication and integrity protection, especially for broadcast messages. </rcc> -- -------------------------------------+------------------------------------- Reporter: | Owner: draft-ietf-roll- mariainesrobles@gmail.com | security-threats@tools.ietf.org Type: defect | Status: new Priority: major | Milestone: Component: security-threats | Version: Severity: In WG Last Call | Keywords: -------------------------------------+------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/roll/trac/ticket/156> roll <http://tools.ietf.org/wg/roll/>
- [Roll] [roll] #156: draft-ietf-roll-security-thre… roll issue tracker
- Re: [Roll] [roll] #156: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #156 (security-threats): draft-… roll issue tracker