Re: [Roll] security for multi-link subnets

Don Sturek <> Tue, 12 March 2013 19:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BFE4211E8111 for <>; Tue, 12 Mar 2013 12:59:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qvWa2ricE+q1 for <>; Tue, 12 Mar 2013 12:58:59 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 4E86911E80D5 for <>; Tue, 12 Mar 2013 12:58:55 -0700 (PDT)
Received: from [] by with NNFMP; 12 Mar 2013 19:58:50 -0000
Received: from [] by with NNFMP; 12 Mar 2013 19:58:50 -0000
Received: from [] by with NNFMP; 12 Mar 2013 19:58:50 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s1024; t=1363118330; bh=OYxF7Qzv5vN5RDPaAPBglfGLxut3Bunp5AU71vPm4K4=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:User-Agent:Date:Subject:From:To:CC:Message-ID:Thread-Topic:In-Reply-To:Mime-version:Content-type:Content-transfer-encoding; b=Fzs9mZXMW/M8ZjhBmGzn9f+RmWCOSRy6VTokj9qNrnmNLXqKM5F+Jd3bM9k/n2JbGzC2hI3+pjX1NpxhkFhhRIvEEHTelilEgIm/s7zqv1lhmNpfHZK7UQFZ+Y6KWI9DtkPCdXEOxdN5pfphGWfWSxKxVJboTXQDZPM9LlAqaT8=
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: PaH4t0MVM1n8euOzwnY5Jbc9eGgC_Qw8dF9MWu7pCbsMm_V xRMy9rcwCK9QZoHXGSf2KKxEGz8RkvIadV.bH9uvf5BpPRMckEnT5em0kPTO lXewI8QcOHv9RMSSkY9KoMcOx8TfqvlzlhMJAKRd7EjVk3a8O1LBS6HAq8V8 aBnBb4ToUDrKUjCJskD2dtBjRnojmKAYiEI4V9QtIlD3cNSJQHR1j4SGyZDH 7veNW6RVNt6Z_zmOomlRJOH99neMyj35.l6ZDx5kvebd85VcMjCJ5iZbVcjT qd3EciS62lCSFHwPZBtWYzWKcEH56hPrXipaWqbC_OXbhwYwOFNuk6NGM3yy NSNHe820RiH_IYDWTNT1ovIrdo8ZM_1kSOFWSmB9g6p0g6sAYR8QqMk06Bhq Hu7DevPZH2BnS6_Ah_U_cbfh21yDdp.dglHMfELRKM3UxwdWBgmeVOrLGVMK ME_wdAbjxbS_IcphM
X-Yahoo-SMTP: fvjol_aswBAraSJvMLe2r1XTzhBhbFxY8q8c3jo-
Received: from [] (d.sturek@ with login) by with SMTP; 12 Mar 2013 12:58:50 -0700 PDT
User-Agent: Microsoft-MacOutlook/
Date: Tue, 12 Mar 2013 12:58:44 -0700
From: Don Sturek <>
To: Michael Richardson <>, Ulrich Herberg <>
Message-ID: <>
Thread-Topic: [Roll] security for multi-link subnets
In-Reply-To: <>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc:, Ted Lemon <>,, Ralph Droms <>
Subject: Re: [Roll] security for multi-link subnets
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Routing Over Low power and Lossy networks <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 12 Mar 2013 19:59:04 -0000

Hi Michael (and Ulrich),

The area that I think needs more work around the multi-link subnets topic
is the scope for site-local addresses.

Since link locals are not that useful in multi-link subnets (routing wise)
and not all devices in a 6LoWPAN/ROLL environment may want global
addresses even if such a prefix were available, clear scoping rules (eg,
routing, multicast propagation) on site local addresses is a major topic.
If someone knows of an RFC (or even a draft) that starts to address the
issue of identifying site local versus non-site prefixes/interfaces, that
would be interesting.  This topic is especially interesting in deployments
with multiple prefixes (like that now being discussed in Homenet) as well
as campus type environments.

I also bring this up (on purpose) under the topic of "security for
multi-link subnets" since turning on link security does not help securing
these networks.......


On 3/12/13 12:46 PM, "Michael Richardson" <>; wrote:

>>>>>> "Ulrich" == Ulrich Herberg <>; writes:
>    Ulrich> I think it is also worth mentioning RFC4903, in particular:
>    Ulrich> "A multi-link subnet model should be avoided.  IETF working
>    Ulrich> using, or considering using, multi-link subnets today should
>    Ulrich> investigate moving to one of the other models."
>    Ulrich> Have the issues mentioned in RFC4903 been sufficiently
>I think that if we were going supposed to avoid a multi-link subnet,
>that would have been objected to already.
>I think that 4903 concerns applied to all of 6lowpan and ROLL work, and
>I think that actually we did deal with all of these.
>Michael Richardson
>-on the road-
>Roll mailing list