Re: [Roll] Fwd: New Version Notification for draft-ietf-roll-nsa-extension-06.txt

Remous-Aris Koutsiamanis <aris@ariskou.com> Tue, 03 March 2020 14:54 UTC

Return-Path: <aris@ariskou.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBF783A130B for <roll@ietfa.amsl.com>; Tue, 3 Mar 2020 06:54:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailfence.com header.b=o2ea+rwH; dkim=pass (2048-bit key) header.d=ariskou.com header.b=KASq3BU+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eufEM-GmETyR for <roll@ietfa.amsl.com>; Tue, 3 Mar 2020 06:54:42 -0800 (PST)
Received: from mailout-l3b-97.contactoffice.com (mailout-l3b-97.contactoffice.com [212.3.242.97]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 265A83A0496 for <roll@ietf.org>; Tue, 3 Mar 2020 06:54:42 -0800 (PST)
Received: from smtpauth1.co-bxl (smtpauth1.co-bxl [10.2.0.15]) by mailout-l3b-97.contactoffice.com (Postfix) with ESMTP id 0CB043C7 for <roll@ietf.org>; Tue, 3 Mar 2020 15:54:40 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailfence.com; s=20160819-nLV10XS2; t=1583247280; bh=qyoyJmb52vnXwQzxRy6QTs2xm4DOmY6BTW6kNU9/rPA=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=o2ea+rwH8Dbzracqpzjtru+7RC0t84mZaM0K5MlSIf+tyArYmVm1Vd+6l3Hbh4Bbb d2VCHQWWtffzdQRIiZoESElGRs0tojuKJ+aHQiikeOLqOOHbCOs30vH9bvJAHcwEUp TZSc80BBxyp3LuoLPrcJF1yXtdIAGpi8tyORydek+Eas539UxXNrYXXvZt6q2jonpy ULexav9U9J7wksQCmKDjwTyz09ud2x4nhdxAjub6VqAs3jMSC2o/eRnBUeMutSIKt4 Rqpfqcm0Uc9l5rUlaydq7JASH9bwqzizHGedZ2xsaLn7YJml8d76eQ3/7TBXsqOAU6 lSk8G+arEs2vg==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1583247280; s=20191001-wvim; d=ariskou.com; i=aris@ariskou.com; =?utf-8?q?h=3DMIME-Ver?= =?utf-8?q?sion=3AReferences=3AIn-Reply-To=3AFrom=3ADate=3AMessage-ID=3ASubj?= =?utf-8?q?ect=3ATo=3ACc=3AContent-Type=3B?= l=25833; bh=qyoyJmb52vnXwQzxRy6QTs2xm4DOmY6BTW6kNU9/rPA=; b=KASq3BU+tS+LP+9evzzNdrhTIhB8GMWkY4ggMCw8vzBeEWc92+7Tdqo5Ms11mCl+ llRQd/hgGxX4tnefoEoGFH/aCMEkW6Z/YNR4aNtMeiZrErTtzk6LgZKf1WhMyojv3rf jiBdJHsljKUnjVk4F5P8qLWmkR6uDIDlhZoINuMwP1IgQhuEgU9ClofCEWFUbuLA/CH HbI8XYxGHhQCBYBKiwmLHRPipZeeq+Lb134u/6Ohm08b9nTbuf/N4Ar0sqYgcLIGxBa r1P0RRXVmZi2jM+TcnmBLxUospgnzpEHTwdUMwj2Sxjf2X3nKKLQ4L7BrAv5FvFZNOr RIEGA0VrRw==
Received: by smtp.mailfence.com with ESMTPA for <roll@ietf.org> ; Tue, 3 Mar 2020 15:54:25 +0100 (CET)
Received: by mail-il1-f182.google.com with SMTP id r4so3021565iln.0 for <roll@ietf.org>; Tue, 03 Mar 2020 06:54:23 -0800 (PST)
X-Gm-Message-State: ANhLgQ2nIs4lrQOI7e45v35jAgKIuJ7YGfhdtP/LXT8IS2VFsw4ObbUA s9x3+OBsRqfTBJWonWzxaIguBoEKGMc3NxJvwwE=
X-Google-Smtp-Source: =?utf-8?q?ADFU+vtAyC1NoftCFIMomxrHz5yJep/20iKGow/TOoOB?= =?utf-8?q?Umd3VaL8fVT0q/aiV+2gHnS630rSLdLAA5YUiCs6S6RgPLo=3D?=
X-Received: by 2002:a92:3a86:: with SMTP id i6mr5400535ilf.168.1583247260959; Tue, 03 Mar 2020 06:54:20 -0800 (PST)
MIME-Version: 1.0
References: <158134776694.4117.16175545100765405335.idtracker@ietfa.amsl.com> <EDEA0416-1EEA-49DF-8F25-AF80F0ADA58E@imt-atlantique.fr> =?utf-8?q?=3C25766?= =?utf-8?q?=5F1582715717=5F5E565345=5F25766=5F121=5F1=5FDA7C0EE9=2E71074=25d?= =?utf-8?q?ominique=2Ebarthel=40orange=2Ecom=3E?= =?utf-8?q?=3CCAK76PrkcSdydZpJWvxPfOMF68uvMNvJiS2-O+R+XE9k5ZOrcJw=40mail=2Eg?= =?utf-8?q?mail=2Ecom=3E_=3C24622=5F1583244752=5F5E5E65D0=5F24622=5F294=5F1?= =?utf-8?q?=5FDA841E11=2E712EF=25dominique=2Ebarthel=40orange=2Ecom=3E?=
In-Reply-To: =?utf-8?q?=3C24622=5F1583244752=5F5E5E65D0=5F24622=5F294=5F1=5F?= =?utf-8?q?DA841E11=2E712EF=25dominique=2Ebarthel=40orange=2Ecom=3E?=
From: Remous-Aris Koutsiamanis <aris@ariskou.com>
Date: Tue, 3 Mar 2020 15:54:27 +0100 (CET)
X-Gmail-Original-Message-ID: <CAK76PrkrMVi3uWRc7=G79MC+MD3sy4K6yMNpa_-KCU1gxV+0Yg@mail.gmail.com>
Message-ID: <CAK76PrkrMVi3uWRc7=G79MC+MD3sy4K6yMNpa_-KCU1gxV+0Yg@mail.gmail.com>
To: dominique barthel <dominique.barthel@orange.com>
Cc: Routing Over Low power and Lossy networks <roll@ietf.org>, "Georgios Z. Papadopoulos" <georgios.papadopoulos@imt-atlantique.fr>
Content-Type: multipart/alternative; boundary="00000000000094cad3059ff47ad4"
X-ContactOffice-Account: com:113819248
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/SSkEwPWtuaDGpeE5NcXCbm2ve0k>
Subject: Re: [Roll] Fwd: New Version Notification for draft-ietf-roll-nsa-extension-06.txt
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2020 14:54:46 -0000

Thanks!

I'll go through it an use it.

Best,
Aris

On Tue, Mar 3, 2020 at 3:13 PM <dominique.barthel@orange.com> wrote:

> Hello Aris,
>
> Here is a pointer to an IETF tutorial on writing Security Considerations
> section.
>
> https://datatracker.ietf.org/meeting/105/materials/slides-105-edu-sessb-writing-security-considerations-01.pdf
>
> https://www.youtube.com/watch?v=Jpbfy3QeerU
> See for example slide 23 that pertains to drafts extending prior protocols.
> I'll review and respond to your comments below later.
> Cheers,
>
> Dominique
>
> De : Remous-Aris Koutsiamanis <aris@ariskou.com>
> Date : Saturday 29 February 2020 01:05
> À : Dominique Barthel <dominique.barthel@orange.com>
> Cc : "roll@ietf.org" <roll@ietf.org>rg>, "Georgios Z. Papadopoulos" <
> georgios.papadopoulos@imt-atlantique.fr>
> Objet : Re: [Roll] Fwd: New Version Notification for
> draft-ietf-roll-nsa-extension-06.txt
>
> Hello Dominique,
>
> thank you very much for the thorough review.
> Comments inline.
>
> On Wed, Feb 26, 2020 at 12:15 PM <dominique.barthel@orange.com> wrote:
>
>> Hello all,
>>
>> Another comment about this draft. The Security Considerations section
>> currently says
>> " The structure of the DIO control message is extended, within the pre-
>>    defined DIO options.  Therefore, the security mechanisms defined in
>>    RPL [RFC6550] apply to this proposed extension."
>> I don't think this addresses the purpose of a Security Considerations
>> section.
>>
>
> OK, maybe I misunderstood what exactly I should have elaborated on.
>
> I think it should talk about the potential security issues introduced by
>> the draft, and why they are not real concerns.
>>
>
> I thought that no real extra concerns are present, but as you propose,
> maybe some more details would be helpful.
>
>
>> I guess that, what this draft changes compared to RFC6550-6551, is the
>> sending of the Parent Set of a node in its DIO. From there:
>> - This could result in a privacy issue. Yes, but the Parent Set is not
>> propagated further down the DODAG, so this disclosure does not reach far
>> beyond the propagation range of the radios of the Parents. So no tracking
>> of nodes by their IPv6 address possible from remote (a least no more than
>> in the current situation).
>>
>
> This is definitely present, I will add this issue, despite it not being
> especially problematic. Just to be complete.
>
>
>> - This could result in introducing a vulnerability: could an attacker
>> exploit the knowledge gained from learning the PS? …
>>
>
> Well, maybe with an assumption of a malicious node being able to decode
> the DIO, i.e. having the correct enc/decryption keys.
> 1. A malicious node that can read the DIO can "see" further than it's own
> neighbourhood by one hop, learning the addresses of it's two hop neighbors.
> So as mentioned, this is a privacy / network discovery issue.
> 2. A node that can send DIOs can use the parent set to convince neighbours
> to route through itself, instead of the normal preferred parent they would
> use. However, with other OFs this is already possible by reporting a fake
> rank value of 0 in the DIO, thus appearing as the DODAG root.
>
> As far as I can tell, if a malicious node manages to participate in the
> RPL network (i.e. decode/encode the RPL control packet) it is game over and
> it can definitely severely affect the operation of the whole network, just
> by reporting a fake rank.
> However, maybe this is not true; I'm not really an very familiar with the
> security of RPL.
>
> I don't see any other opportunities for security issues.
> I will add these two to the draft unless you have something additional.
>
>
>> Best regards
>> Dominique
>>
>
> Thank you very much Dominique for the help.
>
> Best,
> Aris
>
>
>>
>> De : Roll <roll-bounces@ietf.org> on behalf of "Georgios Z.
>> Papadopoulos" <georgios.papadopoulos@imt-atlantique.fr>
>> Répondre à : "roll@ietf.org" <roll@ietf.org>
>> Date : Monday 10 February 2020 16:51
>> À : "roll@ietf.org" <roll@ietf.org>
>> Objet : [Roll] Fwd: New Version Notification for
>> draft-ietf-roll-nsa-extension-06.txt
>>
>> Dear all,
>>
>> FYI, we just submitted the 06 version where we addressed the comments
>> from Rahul.
>>
>> Many thanks Rahul,
>> Georgios and Aris
>>
>>
>> Begin forwarded message:
>>
>> *From: *internet-drafts@ietf.org
>> *Subject: **New Version Notification for
>> draft-ietf-roll-nsa-extension-06.txt*
>> *Date: *February 10, 2020 at 16:16:06 GMT+1
>> *To: *"Nicolas Montavont" <nicolas.montavont@imt-atlantique.fr>fr>, "Pascal
>> Thubert" <pthubert@cisco.com>om>, "Georgios Papadopoulos" <
>> georgios.papadopoulos@imt-atlantique.fr>gt;, "Remous-Aris Koutsiamanis" <
>> aris@ariskou.com>
>>
>>
>> A new version of I-D, draft-ietf-roll-nsa-extension-06.txt
>> has been successfully submitted by Remous-Aris Koutsiamanis and posted to
>> the
>> IETF repository.
>>
>> Name: draft-ietf-roll-nsa-extension
>> Revision: 06
>> Title: Common Ancestor Objective Function and Parent Set DAG Metric
>> Container Extension
>> Document date: 2020-02-10
>> Group: roll
>> Pages: 15
>> URL:
>> https://www.ietf.org/internet-drafts/draft-ietf-roll-nsa-extension-06.txt
>> Status:
>> https://datatracker.ietf.org/doc/draft-ietf-roll-nsa-extension/
>> Htmlized:
>> https://tools.ietf.org/html/draft-ietf-roll-nsa-extension-06
>> Htmlized:
>> https://datatracker.ietf.org/doc/html/draft-ietf-roll-nsa-extension
>> Diff:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-roll-nsa-extension-06
>>
>> Abstract:
>>   Implementing Packet Replication and Elimination from/to the RPL root
>>   requires the ability to forward copies of packets over different
>>   paths via different RPL parents.  Selecting the appropriate parents
>>   to achieve ultra-low latency and jitter requires information about a
>>   node's parents.  This document details what information needs to be
>>   transmitted and how it is encoded within RPL control packets to
>>   enable this functionality.  This document also describes Objective
>>   Function which take advantage of this information to implement multi-
>>   path routing.
>>
>>
>>
>>
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> The IETF Secretariat
>>
>>
>> _________________________________________________________________________________________________________________________
>>
>> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
>> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
>> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
>> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>>
>> This message and its attachments may contain confidential or privileged information that may be protected by law;
>> they should not be distributed, used or copied without authorisation.
>> If you have received this email in error, please notify the sender and delete this message and its attachments.
>> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
>> Thank you.
>>
>> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
>