Re: [Roll] security for multi-link subnets

Don Sturek <d.sturek@att.net> Tue, 12 March 2013 19:59 UTC

Return-Path: <d.sturek@att.net>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFE4211E8111 for <roll@ietfa.amsl.com>; Tue, 12 Mar 2013 12:59:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qvWa2ricE+q1 for <roll@ietfa.amsl.com>; Tue, 12 Mar 2013 12:58:59 -0700 (PDT)
Received: from nm16-vm0.access.bullet.mail.sp2.yahoo.com (nm16-vm0.access.bullet.mail.sp2.yahoo.com [98.139.44.166]) by ietfa.amsl.com (Postfix) with ESMTP id 4E86911E80D5 for <roll@ietf.org>; Tue, 12 Mar 2013 12:58:55 -0700 (PDT)
Received: from [98.139.44.104] by nm16.access.bullet.mail.sp2.yahoo.com with NNFMP; 12 Mar 2013 19:58:50 -0000
Received: from [98.138.226.241] by tm9.access.bullet.mail.sp2.yahoo.com with NNFMP; 12 Mar 2013 19:58:50 -0000
Received: from [127.0.0.1] by smtp112.sbc.mail.ne1.yahoo.com with NNFMP; 12 Mar 2013 19:58:50 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.net; s=s1024; t=1363118330; bh=OYxF7Qzv5vN5RDPaAPBglfGLxut3Bunp5AU71vPm4K4=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:User-Agent:Date:Subject:From:To:CC:Message-ID:Thread-Topic:In-Reply-To:Mime-version:Content-type:Content-transfer-encoding; b=Fzs9mZXMW/M8ZjhBmGzn9f+RmWCOSRy6VTokj9qNrnmNLXqKM5F+Jd3bM9k/n2JbGzC2hI3+pjX1NpxhkFhhRIvEEHTelilEgIm/s7zqv1lhmNpfHZK7UQFZ+Y6KWI9DtkPCdXEOxdN5pfphGWfWSxKxVJboTXQDZPM9LlAqaT8=
X-Yahoo-Newman-Id: 232035.222.bm@smtp112.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: PaH4t0MVM1n8euOzwnY5Jbc9eGgC_Qw8dF9MWu7pCbsMm_V xRMy9rcwCK9QZoHXGSf2KKxEGz8RkvIadV.bH9uvf5BpPRMckEnT5em0kPTO lXewI8QcOHv9RMSSkY9KoMcOx8TfqvlzlhMJAKRd7EjVk3a8O1LBS6HAq8V8 aBnBb4ToUDrKUjCJskD2dtBjRnojmKAYiEI4V9QtIlD3cNSJQHR1j4SGyZDH 7veNW6RVNt6Z_zmOomlRJOH99neMyj35.l6ZDx5kvebd85VcMjCJ5iZbVcjT qd3EciS62lCSFHwPZBtWYzWKcEH56hPrXipaWqbC_OXbhwYwOFNuk6NGM3yy NSNHe820RiH_IYDWTNT1ovIrdo8ZM_1kSOFWSmB9g6p0g6sAYR8QqMk06Bhq Hu7DevPZH2BnS6_Ah_U_cbfh21yDdp.dglHMfELRKM3UxwdWBgmeVOrLGVMK ME_wdAbjxbS_IcphM
X-Yahoo-SMTP: fvjol_aswBAraSJvMLe2r1XTzhBhbFxY8q8c3jo-
Received: from [10.1.1.117] (d.sturek@66.27.60.174 with login) by smtp112.sbc.mail.ne1.yahoo.com with SMTP; 12 Mar 2013 12:58:50 -0700 PDT
User-Agent: Microsoft-MacOutlook/14.3.1.130117
Date: Tue, 12 Mar 2013 12:58:44 -0700
From: Don Sturek <d.sturek@att.net>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Ulrich Herberg <ulrich@herberg.name>
Message-ID: <CD64D5B2.1EE7B%d.sturek@att.net>
Thread-Topic: [Roll] security for multi-link subnets
In-Reply-To: <16795.1363117565@sandelman.ca>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: roll@ietf.org, Ted Lemon <mellon@fugue.com>, saag@ietf.org, Ralph Droms <rdroms@cisco.com>
Subject: Re: [Roll] security for multi-link subnets
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 19:59:04 -0000

Hi Michael (and Ulrich),

The area that I think needs more work around the multi-link subnets topic
is the scope for site-local addresses.

Since link locals are not that useful in multi-link subnets (routing wise)
and not all devices in a 6LoWPAN/ROLL environment may want global
addresses even if such a prefix were available, clear scoping rules (eg,
routing, multicast propagation) on site local addresses is a major topic.
If someone knows of an RFC (or even a draft) that starts to address the
issue of identifying site local versus non-site prefixes/interfaces, that
would be interesting.  This topic is especially interesting in deployments
with multiple prefixes (like that now being discussed in Homenet) as well
as campus type environments.

I also bring this up (on purpose) under the topic of "security for
multi-link subnets" since turning on link security does not help securing
these networks.......

Don



On 3/12/13 12:46 PM, "Michael Richardson" <mcr+ietf@sandelman.ca>; wrote:

>
>>>>>> "Ulrich" == Ulrich Herberg <ulrich@herberg.name>; writes:
>    Ulrich> I think it is also worth mentioning RFC4903, in particular:
>
>    Ulrich> "A multi-link subnet model should be avoided.  IETF working
>groups
>    Ulrich> using, or considering using, multi-link subnets today should
>    Ulrich> investigate moving to one of the other models."
>
>    Ulrich> Have the issues mentioned in RFC4903 been sufficiently
>addressed?
>
>I think that if we were going supposed to avoid a multi-link subnet,
>that would have been objected to already.
>I think that 4903 concerns applied to all of 6lowpan and ROLL work, and
>I think that actually we did deal with all of these.
>
>-- 
>Michael Richardson
>-on the road-
>
>
>_______________________________________________
>Roll mailing list
>Roll@ietf.org
>https://www.ietf.org/mailman/listinfo/roll