Re: [Roll] Stephen Farrell's Discuss on draft-ietf-roll-applicability-home-building-11: (with DISCUSS and COMMENT)

peter van der Stok <stokcons@xs4all.nl> Tue, 21 July 2015 10:09 UTC

Return-Path: <stokcons@xs4all.nl>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F8521A6F2B; Tue, 21 Jul 2015 03:09:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id apNU0Vu6P5_2; Tue, 21 Jul 2015 03:09:43 -0700 (PDT)
Received: from lb3-smtp-cloud3.xs4all.net (lb3-smtp-cloud3.xs4all.net [194.109.24.30]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF02D1A6F2A; Tue, 21 Jul 2015 03:09:42 -0700 (PDT)
Received: from webmail.xs4all.nl ([194.109.20.215]) by smtp-cloud3.xs4all.net with ESMTP id uy9g1q0094eRkWy01y9gHh; Tue, 21 Jul 2015 12:09:40 +0200
Received: from [2001:67c:370:136:e5:cbd4:6866:71e6] by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Tue, 21 Jul 2015 12:09:40 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Date: Tue, 21 Jul 2015 12:09:40 +0200
From: peter van der Stok <stokcons@xs4all.nl>
To: Routing Over Low power and Lossy networks <roll@ietf.org>
Organization: vanderstok consultancy
Mail-Reply-To: consultancy@vanderstok.org
In-Reply-To: <55A58EF4.9020700@cs.tcd.ie>
References: <20150713215425.24718.94967.idtracker@ietfa.amsl.com> <CADrU+dK0tx-QGersyDUBTuOxOWF1kZgfTxx8AqMC_AY_c4r4bQ@mail.gmail.com> <55A58EF4.9020700@cs.tcd.ie>
Message-ID: <aeb2241bd4ae37c714134684ec06d8ff@xs4all.nl>
X-Sender: stokcons@xs4all.nl (SujF2ahLYV0vbiRlB0yOI7M3HjHb/pSq)
User-Agent: XS4ALL Webmail
Archived-At: <http://mailarchive.ietf.org/arch/msg/roll/CMatvd7jtBsXGzcONtsE67oxdwA>
Cc: roll-chairs@ietf.org, draft-ietf-roll-applicability-home-building.ad@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-roll-applicability-home-building.shepherd@ietf.org, Yvonne-Anne Pignolet <yvonneanne.pignolet@gmail.com>, draft-ietf-roll-applicability-home-building@ietf.org
Subject: Re: [Roll] Stephen Farrell's Discuss on draft-ietf-roll-applicability-home-building-11: (with DISCUSS and COMMENT)
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: consultancy@vanderstok.org, Routing Over Low power and Lossy networks <roll@ietf.org>
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2015 10:09:47 -0000

Hi Stephen,

We have submitted a new version 12 of the applicability draft with text 
as discussed below.
Many thanks for your comments and thoughts.

Looking forward to your comments,

Greetings,

Robert and Peter

________________________________________________________________________________________________________________


A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
  This draft is a work item of the Routing Over Low power and Lossy 
networks Working Group of the IETF.

         Title           : Applicability Statement: The use of the RPL 
protocol suite in Home Automation and Building Control
         Authors         : Anders Brandt
                           Emmanuel Baccelli
                           Robert Cragie
                           Peter van der Stok
     Filename        : draft-ietf-roll-applicability-home-building-12.txt
     Pages           : 37
     Date            : 2015-07-21

Abstract:
    The purpose of this document is to provide guidance in the selection
    and use of protocols from the RPL protocol suite to implement the
    features required for control in building and home environments.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-roll-applicability-home-building/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-roll-applicability-home-building-12

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-roll-applicability-home-building-12


Please note that it may take a couple of minutes from the time of 
submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_____________________________________________

Stephen Farrell schreef op 2015-07-15 00:36:
> Hiya,
> 
> On 14/07/15 23:17, Robert Cragie wrote:
>> Hi Stephen,
>> 
>> Thanks for your further review. Answers and comments inline, bracketed 
>> by
>> <RCC></RCC>
>> 
>> Robert
>> 
>> 1) This could be my ignorance of zigbee, but how can we
>>> use layer 2 security for only some network nodes?  (In
>>> other words, I don't see how 4.1.8.2 works.)
>>> 
>> 
>> <RCC>All network nodes use L2 security once they have joined the 
>> network.
>> Prior to that, they communicate using an authentication protocol which 
>> is
>> unsecured at L2. Enforcement points police unsecured traffic to ensure 
>> it
>> is only related to authentication, thus preventing data or other 
>> control
>> plane traffic unsecured at L2 from being allowed into the network. So, 
>> to
>> your point, the only traffic allowed unsecured at L2 is authentication
>> traffic and those nodes are not yet participating in the 
>> network.</RCC>
> 
> Right, that's what I thought. So I can't see how the text that
> implies that only a subset of nodes on the network are using l2
> security works which seems to be implied by the bullet just
> before the start of 4.1.8.2.
> 
> All the stuff below is fine, so we're just down to the above in
> terms of clearing the discuss.
> 
> Cheers,
> S.
> 
>> 
>>> 
>>> 2) Just checking - this depends on the zigbeeip
>>> authentication mechanism, with which I'm also not
>>> familiar, sorry. Does using that mean that this entire
>>> applicability statement only covers use of RPL where
>>> zigbee radios are in use? Or can that authentication
>>> scheme be used independently of the radio technology
>>> used? (I mean used in practice there, not in theory.)
>>> 
>> 
>> <RCC>The authentication scheme is independent of the radio technology 
>> as it
>> is based on UDP/IP and therefore could be use with a number of 
>> different
>> radio technologies or indeed other MAC/PHY technologies</RCC>
>> 
>> - 4.1.8: "MUST be present" is ambiguous - do you mean
>>> it must be used? I think you do.
>>> 
>> 
>> <RCC>Yes</RCC>
>> 
>> - 4.1.8: "MUST be distributed or established in a
>>> secure fashion" isn't really a protocol requirement.
>>> Do you really just mean "see 4.1.8.1" ?
>>> 
>> 
>> <RCC>Yes. It was meant more as an introductory statement but is 
>> redundant
>> really</RCC>
>> 
>> OLD COMMENTS FOR -10 below, I didn't check if you'd made
>>> any related changes.
>>> 
>> 
>> <RCC>These seem to apply more to -09. Some of these were fixed in -10, 
>> some
>> in -11 </RCC>
>> 
>> 
>>> - I don't get how there's an IPR disclosure for this, but
>>> whatever.
>>> 
>> 
>> <RCC>Not from me, so I can't comment on that</RCC>
>> 
>> - The non-security parts of this were quite a good read.
>>> 
>>> - 4.1.8: 1st sentence makes no sense. It says RPL does X or
>>> not-X in order to Y. There is no choice but for RPL to do X or
>>> not-X.
>>> 
>>> - 4.1.8 seems to me to imply that link layer security is
>>> always needed since there can always be some node that will
>>> send an unsecured RPL messsage. If you agree, then I think
>>> that should be made more clear. If you disagree, I'd like to
>>> understand how.
>>> 
>>> - 4.1.8, I am surprised not to see a recommendation that
>>> separate group keys SHOULD be used for different applications
>>> in the same bulding network. But that may be too fine grained
>>> a recommendation for this document perhaps.
>>> 
>> 
>> <RCC>No longer applicable as 4.1.8 has been completely 
>> rewritten.</RCC>
>> 
>> 
>>> 
>>> - 5.1.2.1, I think it'd be clearer to say Imin should be
>>> between 10 and 50 ms. The "10 - 50 ms" notation can be
>>> confusing. (Same elsewhere.)
>>> 
>> 
>> <RCC>Used "to" instead of "-"</RCC>
>> 
>>> 
>>> - section 7, 3rd para, "can rely on" is sales language, please
>>> strike that or s/rely on/depend upon/
>>> 
>>> - section 7, 3rd para, last sentence: this is sales language
>>> and should be deleted. Or perhaps s/is/SHOULD be/ would turn
>>> it back into a piece of specification language.
>>> 
>> 
>> <RCC>Paragraph has been rewritten</RCC>
>> 
>>> 
>>> - 7.1 - this is odd text to see in a proposed standard, but I
>>> think it's accurately describing the level of interop to
>>> expect in RPL security, so is probably the right thing to say.
>>> I'd argue that it'd be even better to bluntly admit/say that
>>> there is currently no interoperable automated key management
>>> for RPL. (Same for 7.3) Or, and better, to fix that lack. (See
>>> my discuss point.)
>>> 
>> 
>> <RCC>Section has been rewritten</RCC>
>> 
>>> 
>>> - 7.2, 1st sentence: this is meaningless as I read it - what
>>> are you trying to say?
>>> 
>> 
>> <RCC>Section has been rewritten</RCC>
>> 
>>> 
>>> - 7.2, when a node is stolen, the chances are that any keys
>>> contained in the node are at significant risk of being leaked.
>>> 
>> 
>> <RCC>The text has been changed but probably doesn't meet your 
>> requirements
>> regarding this point. I would say nodes have to be re-keyed at L2 and 
>> MAY
>> need to have additional measures taken depending on the other 
>> credentials
>> they have and how the confidential information is stored. e.g. 
>> certificate
>> revocation..</RCC>
>> 
>>> 
>>> - 7.3, I do not believe that [I-D.keoh-dice-multicast-security]
>>> is necessarily going to proceed via the DICE WG. Depending
>>> on it would be fairly high-risk in any case.
>>> 
>> 
>> <RCC>Has been removed</RCC>
>> 
>>> 
>>> - 7.4, last sentence: more sales talk
>>> 
>> 
>> <RCC>I'm not sure we even need a section on MPL; MPL has nothing to do 
>> with
>> RPL. Assuming we do, this is still outstanding, so I suggest replacing 
>> "The
>> application of security measures for the specification of the 
>> multicast
>> addresses assures that the routing of MPL packets is secured." with
>> something like "For secure dissemination of MPL packets, layer 2 
>> security
>> SHOULD be used and the configuration of multicast addresses MUST be 
>> secure."
>> 
>>> 
>>> - 7.5, what is this specifying? I don't get it. Does 7416 set
>>> out what to implement to get interop? (I didn't think so, but
>>> nor does this seem to.)
>>> 
>> 
>> <RCC>This is still outstanding. I think it is OK to briefly highlight 
>> the
>> steps being taken to mitigate against the threats outlined in RFC 
>> 7416. The
>> statement "Key management discussed in section 7.4, "Key Management" 
>> of
>> [RFC7416], is not standardized and discussions continue." is now not
>> relevant as there is now a proposal in this document. I will work with
>> Peter to produce some new text on this.</RCC>
>> 
>> 
>> 
>> _______________________________________________
>> Roll mailing list
>> Roll@ietf.org
>> https://www.ietf.org/mailman/listinfo/roll
>> 
> 
> _______________________________________________
> Roll mailing list
> Roll@ietf.org
> https://www.ietf.org/mailman/listinfo/roll