Re: [Roll] Following up on seq Counter to protect the config option and others
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Tue, 15 October 2019 08:45 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B867120108 for <roll@ietfa.amsl.com>; Tue, 15 Oct 2019 01:45:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=nFV8JjS1; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=CHLndXOv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y7DFVI5jfQwc for <roll@ietfa.amsl.com>; Tue, 15 Oct 2019 01:45:43 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC22F1200B1 for <roll@ietf.org>; Tue, 15 Oct 2019 01:45:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7246; q=dns/txt; s=iport; t=1571129142; x=1572338742; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=1EHTbqzoVkmOJdpcwyij14UAcnM8Y/d9QGjYsopZ1LQ=; b=nFV8JjS1eXbH/R96i1BKErppbn0pNmt3mEAJlYQuTLdeccwHW7TQzHcf dzuS4+a+Aimo94JYKHUwrMX2/CrYd2HkmwwXAVLmAAyvq59De1Syg4m3i Vo4V23X/Lzfw/sYvXdKLrC8k9ejz16nvpDHR6xZxze7AHhJ3ataHmUo5v A=;
IronPort-PHdr: 9a23:36TyRhMUNWI6vjfSBSIl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETBoZkYMTlg0kDtSCDBjjMP73ZSEgAOxJVURu+DewNk0GUMs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B1CwAPhqVd/5ldJa1mHQEBAQkBEQUFAYF7gRwvUAVsVyAECyqHbAOKSU2CD5MdhGGCUgNUCQEBAQwBAS0CAQGEQAKCZiQ4EwIDCQEBBAEBAQIBBQRthS0MhUsBAQEBAxIbEwEBOA8CAQgRBAEBLzIdCAEBBBMIGoMBgXlNAy4BAqNcAoE4iGGCJ4J9AQEFhQkYghcJgTSFFoZ4GIFAP4ERRlGBTS4+hB0LHoM+giyNCIgimCQKgiKVNplBiEGfKwIEAgQFAg4BAQWBaSKBWHAVgydQEBSBT4NzilN0gSmNTIJUAQE
X-IronPort-AV: E=Sophos;i="5.67,298,1566864000"; d="scan'208,217";a="646989648"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Oct 2019 08:45:41 +0000
Received: from XCH-ALN-019.cisco.com (xch-aln-019.cisco.com [173.36.7.29]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x9F8jf00001978 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <roll@ietf.org>; Tue, 15 Oct 2019 08:45:41 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-ALN-019.cisco.com (173.36.7.29) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 15 Oct 2019 03:45:41 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 15 Oct 2019 03:45:40 -0500
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 15 Oct 2019 04:45:40 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Et3c/sSkaDstqmfEtAu1NrlJk+m7y1aCd7jfaLdd04+am6GFQzlTEZLab3umQ5yaCdouRUFPB04CvoanOBh3FNBw9ubu7scbvzqwky9RNN+L22WmCOFkdKQy3NhSBBcTic6UzlguSBri6fIrCD+6HKKrkQRtafslrp38N3oWAmwJNrYwF2R9bxp7ABqsnevZEsQ0PRPl1Irm+Xzp42iCgdmr1u/VvsXnb4448W8kJmzLfPs/yYmpzi8l/zZt7BVfNNENRh72wFkbFKUkRUu0vsKItNhNEu17YiAgspJw8JjoLrsenNtEqLcODhE8T0ipFai9X8aUlM9aA4+wugiUmA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a7Dp7pOHbIO5mZgB3JLBzx4drYO9BeRFFOllEHP8wf0=; b=eOOkGlj9pJzvR5Z0cDr23gcOnF8Qny3J8yi8m2gFpKSFViR208jhzmJEpXA59rciA4iNy/jzu/ePPhB1rL0AtFr3X1Hg6HtmoAFLlcyrd9EMmhVejVllpV4BenpUL8FG8yGpgs9o4daR2L5fdwoW+n0ZUiTWBH43D/tOL2DIyJyHouYQ0VDh9j39J5IGM8+ag0yuSZE0DR06kJJmbYFhIgzTl/bgtS/nABe1wlLohsNECf/An7QqcpT4pTKPTgcgGgh0IIO4HJUeeTPVBTCBQWK7kfTOrEXYqNEZdqiTQwMDDjrnZBhM5jThPy9xHR4EIAuBJdozOqoCXeWJGmUctA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a7Dp7pOHbIO5mZgB3JLBzx4drYO9BeRFFOllEHP8wf0=; b=CHLndXOvw6wPzdDVHf3RyL0b9OIsYMvflu18Ec2r1uVEwP3qLvgdq0hlXmR30C96ahfwVas/9nbtTT86cyOjQTy8mnPXVyY3fJoxeq8rrk9jPy1llUOs6/szXadakDI7+k9ypQNitIAPs+O5KlYg6YX7bMKPUhUJOzjbSKnmPoA=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB3791.namprd11.prod.outlook.com (20.178.254.78) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.19; Tue, 15 Oct 2019 08:45:39 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::31c9:3a31:3c07:a920]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::31c9:3a31:3c07:a920%6]) with mapi id 15.20.2347.021; Tue, 15 Oct 2019 08:45:39 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Routing Over Low power and Lossy networks <roll@ietf.org>
Thread-Topic: Following up on seq Counter to protect the config option and others
Thread-Index: AdWCrxPZcTH2VHjHRxWHUI79NH4rSgAWqh1aAAqHJKA=
Date: Tue, 15 Oct 2019 08:45:33 +0000
Deferred-Delivery: Tue, 15 Oct 2019 08:45:30 +0000
Message-ID: <MN2PR11MB3565BAEE863811C93696213CD8930@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <MN2PR11MB3565FFC5F9C48EC4E7CAD65DD8900@MN2PR11MB3565.namprd11.prod.outlook.com> <BM1PR01MB261263B41F4E94D9329CB698A9930@BM1PR01MB2612.INDPRD01.PROD.OUTLOOK.COM>
In-Reply-To: <BM1PR01MB261263B41F4E94D9329CB698A9930@BM1PR01MB2612.INDPRD01.PROD.OUTLOOK.COM>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:44f3:1300:fc9e:730:2c16:4060]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6d7b4ac7-005c-4836-0d57-08d7514c0e53
x-ms-traffictypediagnostic: MN2PR11MB3791:
x-microsoft-antispam-prvs: <MN2PR11MB379158537B766E00B9E7C648D8930@MN2PR11MB3791.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 01917B1794
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(39860400002)(346002)(376002)(396003)(366004)(199004)(189003)(66446008)(66556008)(11346002)(6246003)(6916009)(2906002)(74316002)(229853002)(446003)(7736002)(486006)(790700001)(6116002)(476003)(6436002)(256004)(46003)(9686003)(54896002)(6306002)(55016002)(66476007)(64756008)(66946007)(8936002)(8676002)(81166006)(81156014)(52536014)(76116006)(316002)(478600001)(99286004)(186003)(14454004)(86362001)(6506007)(25786009)(53546011)(102836004)(7696005)(76176011)(71190400001)(33656002)(6666004)(71200400001)(5660300002); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3791; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: sLi3qs0TOn2Nb6m99bCfFkuZ0XRX01bT4wD7h0Yts0JO2uArbYWZCOSdNF00EmM73AjOtm+vOWgosJBAHFsgeNQkEa9SuP5StuOkcjks+c2dRD8HD9aFyB6uOxWtZKdQEocuuf7Hc96F9NL/rBic2eT97k6CKjkKRXkh1pnJcRr+ZkPTGZT9wsaKiH5w7CQu7EiMQv+f9d1Kj3TynQ2AsAyuieVaGKYZEbSDKy92CMikd4CJz681pg+/nratwH6uoGrBlAOZ203FA/HdzAPhGVrtorPk4c5Nkpongxjzw4oeWxNogjgyr+iD0TciZqDPZQO2xEwZqRxx3y9NJGcHaTbJQRD+WeSFwzb/QiXJS4V8z80SJOaQ8UJPm+2GcJU4KhG98YgE3hM6gYdbcaA6muD2ZNVZNNXGxvl78yAHUbE=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3565BAEE863811C93696213CD8930MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6d7b4ac7-005c-4836-0d57-08d7514c0e53
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2019 08:45:39.4443 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6/MUWzzXor3Xdh2cMelJzkOE1szL2EJDsihoq3X7Mp3Yyb1BgngcAyOrFQgXJTO2sXWyIxlEwFbtnRKAE7uVKQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3791
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.29, xch-aln-019.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/BFwiJyn3-z9HUVI6nXZm7qXqjdg>
Subject: Re: [Roll] Following up on seq Counter to protect the config option and others
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2019 08:45:51 -0000
Hello Rahul We want to protect a global configuration with a sequence set by the root because the root is authoritative in them. Why? A node may receive different levels of config from different parents and one of them may be back level. The node needs a freshness indication. It may want a signature in the future. => We need to split the capabilities that go in the DIO and that are protected by the RCSS from the rest and think about how we protect that rest. Makes sense? Pascal From: Roll <roll-bounces@ietf.org> On Behalf Of Rahul Jadhav Sent: mardi 15 octobre 2019 05:47 To: Routing Over Low power and Lossy networks <roll@ietf.org> Subject: Re: [Roll] Following up on seq Counter to protect the config option and others Note that this also means that the capabilities have to be split between the parent capabilities (not protected) and the network-wide that are (item 5 above). The alternate is that the RCSS covers everything a parent advertises in which case it is not set by the root but by individual parents. [RJ] I think RCSS can be handled by individual parents (similar to DTSN in storing MOP). The only problem would be that additional memory i.e., one byte per parent would be required in this case. May not be a big problem since the parent set is limited in size. Or do we need 2 counters? [RJ] IMO, This won't be a good option, memory-wise or handling-wise.
- [Roll] Following up on seq Counter to protect the… Pascal Thubert (pthubert)
- Re: [Roll] Following up on seq Counter to protect… Rahul Jadhav
- Re: [Roll] Following up on seq Counter to protect… Abdussalam Baryun
- Re: [Roll] Following up on seq Counter to protect… Pascal Thubert (pthubert)
- Re: [Roll] Following up on seq Counter to protect… Rahul Jadhav
- Re: [Roll] Following up on seq Counter to protect… Michael Richardson
- Re: [Roll] Following up on seq Counter to protect… Pascal Thubert (pthubert)