Re: [Roll] RPL secure messages

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Fri, 02 October 2020 07:20 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ECC63A0B5A for <roll@ietfa.amsl.com>; Fri, 2 Oct 2020 00:20:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.897
X-Spam-Level:
X-Spam-Status: No, score=-11.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ecyM7rBo; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=xrS2i2V9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JV22zmPuMIa7 for <roll@ietfa.amsl.com>; Fri, 2 Oct 2020 00:20:11 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AE283A0AEC for <roll@ietf.org>; Fri, 2 Oct 2020 00:20:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=16508; q=dns/txt; s=iport; t=1601623211; x=1602832811; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=Mt8BJ5MnxnHq82nqOU+MySAwFYpBCUsfrOKA1Nzpad0=; b=ecyM7rBoLtPxIcZx0YPnXxyNDcrsLJaz/6NXCvAygsmwpBVdJs/EV4Xg cWCc+FbLL42jncACQoOGrcQ18/xqiMz9GuCrndQd/uJIraVuHZuzhazcu vAr4klQWOqhVzFcTJdk/5hxvBnwYdXrXduhTqJGC9Nn5Zzb9uz1ZIP83l c=;
X-IPAS-Result: A0CxCQCV03Zf/5pdJa1gg3svUQdwWS8shD2DRgOOApQJhG6CUwNVCwEBAQ0BAS0CBAEBhEoCF4IfAiU4EwIDAQEBAwIDAQEBAQUBAQECAQYEbYVcDIVyAQEBAQMSEQQGEwEBOA8CAQgRBAEBKwICAjAdCAIEEwgagwWBfk0DLgGdEgKBOYhhdn8zgwEBAQWFGRiCEAmBOIJyglxLQoZTG4FBP4ERQ4JNPoQfIIMVM4Itkz2HAYwAkRIKgmebAoJWl3sNhj2ueIQuAgQCBAUCDgEBBYFrI4FXcBWDJFAXAg2SEIpWdDcCBgEJAQEDCXyNTAEB
IronPort-PHdr: 9a23:80cnxRHRwQY4LbGKwTZBBZ1GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e401QWbXIjH5bRDkeWF+6zjWGlV55GHvThCdZFXTBYKhI0QmBBoG8+KD0D3bZuIJyw3FchPThlpqne8N0UGGcviaRvVuHLhpTIXEw/0YAxyIOm9E4XOjsOxgua1/ZCbYwhBiDenJ71oKxDjpgTKvc5Qioxneas=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.77,326,1596499200"; d="scan'208,217";a="544990377"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Oct 2020 07:20:09 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 0927K94B016025 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <roll@ietf.org>; Fri, 2 Oct 2020 07:20:09 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 2 Oct 2020 02:20:09 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 2 Oct 2020 03:20:08 -0400
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 2 Oct 2020 03:20:08 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z+UEk2iqNpDwp9VkBCI1j7xrfFSI4uouBjqsy+2wE4eW2ZJJ1rglYz2KZkb9QexaS1MUUyaUsWivFt/abe7fdk2ZKqz/ns53o9oJWbag8g1/8npAGXzJuVNKKepCcGedIybvy8s/JrZ5CjabI1HF1Yuq0I+7ybrl+h+yFwCycFBvSnVrFZNiv8CrF6yZu7vbZDtA5JiLN6FRPhVRWjyMNf+QKkB/Bm246KhVWjNGxGN5Ayes2mZyclESKUJzAOL4DnAvQNrBdLO5R3riP3Kzbh9xu4AV9uk1vs/g91MyGk6r5udiwdw7WmmhMT5g63dgpTtZuMrai3OftzlIUjJOpA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Mt8BJ5MnxnHq82nqOU+MySAwFYpBCUsfrOKA1Nzpad0=; b=HODhlEJeBMLFKHbF2mja6/e1l26wnmGAi2S1wUreUBLImWDeNaHrrNYaj1tH9bLk1JPHQ9uWLnqSS8yK3FCDD8QXTcXtpLISgIykvEaSpnbmC+YtxcjagEj0X/ifhXAevalN5kubP1al27vDKku0Er/sOy4uiQjcR1bVXBA55UivilHzIe7s9vsDmrozChPYwao8widn5a+z1HYH9ABe47PxG8yjuc0QKZzUGHyomqnq1tJdD3X9aBq4P3MbAQ2cUFPpMLS8dZaRszUfG1wT8RJeHTbeD890SYWCKrKOXRefrjVSaYkeW1KqpycJVcYt7ibItfONd8M0gZMdb+Yk9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Mt8BJ5MnxnHq82nqOU+MySAwFYpBCUsfrOKA1Nzpad0=; b=xrS2i2V9XkGW3A9jOZcder3gDMB5RkuFWqYGv3LxqLsam7Dd2qn7Rafbn+NnLo6xaHr+WrtAaOmcRKy3rG6FiUzyRtiAl40hoAo8kvA/9i9RUSH+tLiPxkPaqpAr6BRg5g4GAcn6Sfd7eBDoG/L2obodxWWFGHi8ucPyA7rAkUI=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (2603:10b6:208:ea::31) by MN2PR11MB3872.namprd11.prod.outlook.com (2603:10b6:208:13f::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.35; Fri, 2 Oct 2020 07:20:07 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::119:f851:5860:da95]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::119:f851:5860:da95%4]) with mapi id 15.20.3433.038; Fri, 2 Oct 2020 07:20:07 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Routing Over Low power and Lossy networks <roll@ietf.org>
Thread-Topic: [Roll] RPL secure messages
Thread-Index: AQHWmIC7IAc1KpGHEk6Iuzc7GRpgSKmD5cNQ
Date: Fri, 02 Oct 2020 07:19:59 +0000
Deferred-Delivery: Fri, 2 Oct 2020 07:19:15 +0000
Message-ID: <MN2PR11MB356567ED9C12A32D80533154D8310@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <CAO0Djp19_3AXpQY5poxA_-d6kjmpuxi1NowCqc2FZNoOb2Zm4g@mail.gmail.com>
In-Reply-To: <CAO0Djp19_3AXpQY5poxA_-d6kjmpuxi1NowCqc2FZNoOb2Zm4g@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2a01:cb1d:4ec:2200:f09e:ebc6:58a1:3ee9]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fc250c8d-ce9d-436b-a8d7-08d866a39761
x-ms-traffictypediagnostic: MN2PR11MB3872:
x-microsoft-antispam-prvs: <MN2PR11MB387262E69B6257B974C268A7D8310@MN2PR11MB3872.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gM4QGiiuHyq18Fu4K4oyoc0d6QbT0XdKq9mugSKEC2+VJFku2K26dajQKwiqPua3u3E3+tJalGbrlim0FMMlDImZLD8MOfdPW4MGZGQv6BExwGdXfbeTdm+oiHI4apgLusLx0t3s352qzVAzuCudTgRS6+J0OxQhkwkoBH46WL0wTIVgCtiTQlINW8z1tO5VEYUlYlTL2FeUqLD2VqR1qSJGdrhPIt+vx/GSfS1g/0hDrmLc3sQzLasxotl1PgLgsMMiYPN4lJs2J7+qGOz/PwyQIfuL1pmQ1ihCIMcFWO+FOj+8qCSTZK38NHHShtHHQq1zMX2wBE3ejYrXPcHWYA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3565.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(396003)(346002)(136003)(366004)(376002)(86362001)(83380400001)(6506007)(52536014)(478600001)(7696005)(186003)(5660300002)(9686003)(6916009)(55016002)(64756008)(2906002)(66556008)(66476007)(76116006)(66446008)(15650500001)(66946007)(33656002)(8936002)(6666004)(8676002)(316002)(71200400001)(53546011); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: WoTuITaNwHqoowS6QL8ejNcsuzRETgcLrMZO1o1z27gmfp7Re6h8QAJ5sy4iFfqY4yLACZwPJo3uMlfMyMdSpPguYENZTDT09EFj/lfa50JjekYEBjDUE5bQUTZ6SYG8zWOxYcNz7wqgAxu24Xvryqiy+rNsgx9ZOFfPxHOz3hXvHiHRaV4xBLadL05EMtRg7vKZZsxgkp4UI7AaJEtoo/HwETOHgMQcGrZSr3yknFh9exvlcNza16f8vc2ieLdFh8iHLy+asSuvJ12jlS+rkSP+iTHJay2H5yME7cfkr3a47z59ZyVvEBPM7uxkuqTzB1VR1ME2rhrloRRiehPG3jjhOVhHePPWAfsgB+/NXcUYilJvJjQ2l8iAUW7s7ex23Zpo5FYecwMXUMWs6OyTVDc8tiABYPxOFiEDhQ/qKlnimxzecfg41TIoq13jd3gkqJ6lLW5qaZc0+HfaA+MLaodJyBNkW6xh6g1fkk1E4CCqhdIgrGFlqF7Uy5XDbu19v4GXq3IUlbEgyw57ZACfaneEIa09vEN8Bp7HuQB5DI941RyubPbV+JFGa3VMCQjGgtWbffvvwA2o7vqUwyeM260MP3+SkqM11ssCreHZq1gBCLMQnLS7DZMgdwBg6zNqbYyf8I+UNzRjU/F802UiK1GDrET/IFI6IlnVC8uXXzXZ9RjGPT/ywFUxpAK8wEdzGLS2MNHZrL13Q8KISw035w==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB356567ED9C12A32D80533154D8310MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB3565.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fc250c8d-ce9d-436b-a8d7-08d866a39761
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Oct 2020 07:20:07.6868 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3ajEkkoiJ8eifNHVje7VTh6Wtmqr+t+DKyZffWXLLDZnFGzJgScBkXlH9fxo+AXpgXLZrHuVKRv/+ZHWQi0rVw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3872
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/AO8i46AXTDnNJvz7gTumq7BXxo4>
Subject: Re: [Roll] RPL secure messages
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2020 07:20:13 -0000

Hello Rahul

The effort to standardize is small. The effort to implement is high. By putting something in the standards we are writing now we are giving a sense that the function should be implemented, and that the secured model is here to stay. If we do not provide the secured version we are giving a sense that we are deprecating the function, and that it will be gone in RPLv2.

I asked during the capabilities discussion because that seems to be a RPLv2 function. So it seems exemplary to the case where we should not provide a secured version if we think that this will be gone with v2.

OTOH, the DAO projection is expected to operate in a RPLv1 environment. So the question is wide open there. For now, we do not have the secured alternative. Which gives a sense that we are on a deprecating path. This is where I see your argument apply best: if anyone needs the secured version, then it makes sense to add it even if RPLv2 deprecates later – and you’re welcome to contribute that text ; )

What do others think?

Pascal




From: Roll <roll-bounces@ietf.org> On Behalf Of Rahul Jadhav
Sent: vendredi 2 octobre 2020 07:56
To: Routing Over Low power and Lossy networks <roll@ietf.org>
Subject: [Roll] RPL secure messages

Hello All,

During the interim, Pascal raised this point as to whether it is necessary to have a secure message counter-part for every new message that is defined in new drafts?

To put it in context, currently we have:
Code 0x00 -> DIS, 0x80 -> Secure DIS
Code 0x01 -> DIO, 0x81 -> Secure DIO ... so on for all other messages we have a secure equivalent. Inadvertently, the MSB is reserved as a secure bit (without explicitly stating so).

Problem is, there is no one out there using secure messages at RPL layer (would be very happy to be proved wrong here). Most deployments depend on L2 security for RPL messaging.

So given the context, is it necessary for new drafts to work on secure messaging for new messages drafted?

My take is that given that the work required to specify secure messages is not much, we should do it anyways for all new msgs.  In terms of saving some codes, I believe we may not be able to save much since the implementations might check the MSB to find if the message is secure or not, thus non-secure messages may not be able to use that bit.
Also adding a new message code is much rare as compared to adding new control options. Almost every new draft is adding a new control option but very few are adding new message code.

However, we currently have two drafts DAO-Projection and Capabilities defining new message codes, and hence this discussion may be relevant now.

Thoughts welcome.

Regards,
Rahul