Re: [Roll] Roman Danyliw's Discuss on draft-ietf-roll-useofrplinfo-25: (with DISCUSS and COMMENT)
Ines Robles <mariainesrobles@googlemail.com> Thu, 16 May 2019 21:08 UTC
Return-Path: <mariainesrobles@googlemail.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59228120342; Thu, 16 May 2019 14:08:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=googlemail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YOzML51NWh3z; Thu, 16 May 2019 14:08:53 -0700 (PDT)
Received: from mail-it1-x12c.google.com (mail-it1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6973612031B; Thu, 16 May 2019 14:08:52 -0700 (PDT)
Received: by mail-it1-x12c.google.com with SMTP id q132so8503637itc.5; Thu, 16 May 2019 14:08:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VHMy3AH84r40/glhjAORZGMOSELDAGUTh/psJA6/4oQ=; b=RRZmVHOSfBxWzsNAQsEOMt+xG8tCP3OYpBD+Sw0UDNTZQjHHWIWtoN28FDRqLNSyY+ SeCji1DDxTz1A0isbNuPSaNzVnSC1i7qS7gxpL/1pLkIRMBs/eYb8U0H0t7uVoGsctyp c4Xwnxdt34lIlaTTA/owNXd6kgepzdwAy7+hkg7vG29w9h9bGs0YybwVyFx5tOT1I/nc Q7baRAij5LRxmH0RWrcBF0vWokRG0v8HOsnxDzd9KJoxbT6muS79aJH0O+tvDMgEQ9GB f8u+kXss/lM4rxd18U9wNcPpvnHKx2AT+AnlWz2AHQTXI1oOcAwdWs7eerD3tgwkAzFU dxWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VHMy3AH84r40/glhjAORZGMOSELDAGUTh/psJA6/4oQ=; b=undEwTX2JqIfdPhScuxPXrEacuyP/VJV9wHRmw1XPsAsRuGXCulJ03+q6Xlvka9Z3C cAYUeyB/vUpy77gQprARM8L5sqbrRDOnFog49a1+gtxUonRnuyO6XwWK6FftSdK9pTon KDXAY3huFXMU8KGohrT1qfepPsVEa47r9pHSE0CcFcivwJ8+DzdzKbEArhc0kO9Ie29b QIqmSLN7kXA/s9ThXfeDnMjNRFpSrsnPQFE1L4WaqoTtVANWRtxxsMCFjxZDHkX7SMWx EuKZDwoyRbP4v8ET/12xcja4ls8FulXDqsMXI3oFjSItI7WDxQo+kmNx6BeC+8OqZfIM zSKA==
X-Gm-Message-State: APjAAAXrZ8rPWwJTqaayw/CqJE8b5gEXCTg9HHVfHzHvFEcZzDMvwt0+ EVJRYgj6yKKlHMo5+REF44lQ+wRDw/L1fGquQIg=
X-Google-Smtp-Source: APXvYqybsrzKEY3TGJMkCFdy8Uk6cL7XKRdIHk+buEC24SIbHOjb/Nb1Vlslc280vNimECS/3/8IXujsl+ASsSsY8Ho=
X-Received: by 2002:a24:ac52:: with SMTP id m18mr9521075iti.146.1558040931395; Thu, 16 May 2019 14:08:51 -0700 (PDT)
MIME-Version: 1.0
References: <155665588791.7542.16300641006212249788.idtracker@ietfa.amsl.com>
In-Reply-To: <155665588791.7542.16300641006212249788.idtracker@ietfa.amsl.com>
From: Ines Robles <mariainesrobles@googlemail.com>
Date: Fri, 17 May 2019 00:08:39 +0300
Message-ID: <CAP+sJUdoCY34dqbRRgrbY4L=5MBC4rGkddbrn5M7Oan5hQ3z3A@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-roll-useofrplinfo@ietf.org, Peter Van der Stok <consultancy@vanderstok.org>, Alvaro Retana <aretana.ietf@gmail.com>, roll-chairs <roll-chairs@ietf.org>, roll <roll@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000042f1ea058907acbd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/BbnjfYubJJSLIbACfYHd_5DtMBU>
Subject: Re: [Roll] Roman Danyliw's Discuss on draft-ietf-roll-useofrplinfo-25: (with DISCUSS and COMMENT)
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2019 21:09:05 -0000
Hello Roman, Many Thanks for your review. We have submitted a new version with corrections. Please find answers in-line. On Tue, Apr 30, 2019 at 11:24 PM Roman Danyliw via Datatracker < noreply@ietf.org> wrote: > Roman Danyliw has entered the following ballot position for > draft-ietf-roll-useofrplinfo-25: Discuss > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Per Section 11: > [RFC2473] suggests that tunnel entry and exit points can be secured, > via the "Use IPsec". The suggested solution has all the problems > that [RFC5406] goes into. In an LLN such a solution would degenerate > into every node having a tunnel with every other node. It would > provide a small amount of origin address authentication at a very > high cost; doing BCP38 at every node (linking layer-3 addresses to > layer-2 addresses, and to already present layer-2 cryptographic > mechanisms) would be cheaper should RPL be run in an environment > where hostile nodes are likely to be a part of the LLN. > > ** I'm having trouble understanding what recommendation this text was > making. > The first sentence seems to suggest IPSec, the second sentence seems to > discount that advice; and the third seems to suggest BCP38 as an > alternative. > Could you please clarify. > > ** Please be explicit on which challenges in RFC5406 are being cited (e.g., > which sections) > <author> we have clarified the text. “Use IPsec” is never a useful statement, which is the point of RFC5406. Using IPsec to secure these IPIP tunnels would not work. New Text: Whenever IPv6-in-IPv6 headers are being proposed, there is a concern about creating security issues. In the security section of [RFC2473 <https://tools.ietf.org/html/rfc2473>], it was suggested that tunnel entry and exit points can be secured, via "Use IPsec". This recommendation is not practical for RPL networks. [RFC5406 <https://tools.ietf.org/html/rfc5406>] goes into some detail on what additional details would be needed in order to "Use IPsec". Use of ESP would prevent RFC8183 <https://tools.ietf.org/html/rfc8183> compression (compression must occur before encryption), and RFC8183 <https://tools.ietf.org/html/rfc8183> compression is lossy in a way that prevents use of AH. These are minor issues. The major issue is how to establish trust enough such that IKEv2 could be used. This would require a system of certificates to be present in every single node, including any Internet nodes that might need to communicate with the LLN. Thus, "Use IPsec" requires a global PKI in the general case. More significantly, the use of IPsec tunnels to protect the IPv6-in- IPv6 headers would in the general case scale with the square of the number of nodes. This is a lot of resource for a constrained nodes on a constrained network. In the end, the IPsec tunnels would be providing only BCP38 <https://tools.ietf.org/html/bcp38>-like origin authentication! Just doing BCP38 <https://tools.ietf.org/html/bcp38> origin filtering at the entry and exit of the LLN provides a similar level amount of security without all the scaling and trust problems of using IPsec as RFC2473 <https://tools.ietf.org/html/rfc2473> suggested. IPsec is not recommended. </author> > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > (1) Abstract. Per “Additionally, this document updates RFC 6550 to > indicate > about this change …”, this sentence didn’t parse for me in explaining the > relationship with RFC6550. > <author>Corrected to: Additionally, this document updates RFC 6550 defining a flag in the DIO Configuration Option to indicate about this change. </author> > > (2) Section 1. Typo. s/implementors/implementers/ > <author> fixed </author> > > (3) Section 2. Editorial Nit. s/header refers to:/header refers to/ > <author> fixed </author> > > (4) Section 3. A few editorial comments on how these updates are > presented: > > ** Inconsistent spacing in Section 3 title: > s/Updates to RFC6553, RFC6550 and RFC 8138/ > Updates to RFC6553, RFC6550 and RFC8138/ > <author> fixed </author> > > ** Section 3.1 and Section 3.3 open with the motivation for the change. > Section 3.2 does not. > > <author> Added in the text: <t> This modification is required to be able to decompress the RPL RPI option with the new value (0x23).</t></author> > ** Section 3.3 title describes the proposed change. Section 3.1 and 3.2 > simple > state “Updates to RFCxxx” > <author> Corrected: <section title="Updates to RFC6553: Indicating the new RPI value."> <section title="Updates to RFC8138: Indicating the way to decompress with the new RPI value."></author> > > ** Section 3.1 – 3 titles include a space in the RFC names (i.e., > RFC-space-number). The Section 3 title does not. > <author>Corrected: all together without space-RFC6553- </author > (5) Section 3.1. Editorial Nit. > > ** s/[RFC6553] states as shown below/[RFC6553] states as shown in Figure 1/ > <author>fixed </author> > > ** Recommend citing the relevant page and section number from RFC6553 too. > <author>fixed </author> > > (6) Section 3.2. Please use more explicit language to describe how this > section updates RFC8138. > <author>fixed </author> > > (7) Section 3.2. Figure 3 is depicted in this section but not referenced > in > the text. > <author>fixed </author> > > (8) Section 4. Typo. s/A RPL Stack is shown in Figure 5/A RPL Stack is > shown > in Figure 6/ > <author>fixed </author> > > (9) Section 5. Editorial Nit. s/these nodes are/These nodes are/ > <author>fixed </author> > > (10) Section 5. A few editorial recommendations for this paragraph: > > The uses cases describe the communication between RPL-aware-nodes, > with the root (6LBR), and with Internet. This document also describe > the communication between nodes acting as leaves that do not > understand RPL, but are part of the LLN. these nodes are named as > not-RPL-aware-leaf, mentioned previously. (e.g. Section 6.1.4 Flow > from not-RPL-aware-leaf to root) This document describes also how is > the communication inside of the LLN when it has the final destination > addressed outside of the LLN e.g. with destination to Internet. > (e.g. Section 6.2.3 Flow from not-RPL-aware-leaf to Internet) > ** s/these nodes are/These nodes are/ > <author>fixed </author> > > ** The sentence “This document describes also how …” doesn’t parse. > <author>fixed </author> > > ** The use of “(e.g. …)” as a standalone sentence doesn’t parse. > <author>fixed </author> > > (11) Section 5. Per “There is some possible security risk when the RPI > information is released on the internet …”, I recommend reframing this text > around the fact that the leak of RPI info would not present an issue. As > is, > the impact reads ambiguously to me. > <author> Corrected to:”No clear attack has been described when the RPI information is released to the Internet. At worst, it is clear that the RPI option would waste some network bandwidth when it escapes. This is traded off against the savings in the LLN by not having to encapsulate the packet in order to remove the artifact ” </author> > > (12) Section 6. The meaning of “root” in Figure 7 is not explained in the > text > above it. > <author>fixed </author> > > (13) Section 6.1.4. Typo. s/encapsuladed/encapsulated/ > <author>fixed </author> > > (14) Section 9. Editorial Nit. > s/ During bootstrapping the node get the DIO with the information of RPL > Option > Type/ During bootstrapping the node gets the DIO with the information of > RPL > Option Type/ > <author>fixed </author> > > (15) Section 11. Make BCP38 a reference (i.e., [BCP38]) > <author>fixed </author> Many Thanks again, Ines, Michael and Pascal
- [Roll] Roman Danyliw's Discuss on draft-ietf-roll… Roman Danyliw via Datatracker
- Re: [Roll] Roman Danyliw's Discuss on draft-ietf-… Ines Robles
- Re: [Roll] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw