Re: [Roll] Fwd: New Version Notification for draft-ietf-roll-nsa-extension-06.txt
Remous-Aris Koutsiamanis <aris@ariskou.com> Tue, 03 March 2020 14:54 UTC
Return-Path: <aris@ariskou.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBF783A130B for <roll@ietfa.amsl.com>; Tue, 3 Mar 2020 06:54:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailfence.com header.b=o2ea+rwH; dkim=pass (2048-bit key) header.d=ariskou.com header.b=KASq3BU+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eufEM-GmETyR for <roll@ietfa.amsl.com>; Tue, 3 Mar 2020 06:54:42 -0800 (PST)
Received: from mailout-l3b-97.contactoffice.com (mailout-l3b-97.contactoffice.com [212.3.242.97]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 265A83A0496 for <roll@ietf.org>; Tue, 3 Mar 2020 06:54:42 -0800 (PST)
Received: from smtpauth1.co-bxl (smtpauth1.co-bxl [10.2.0.15]) by mailout-l3b-97.contactoffice.com (Postfix) with ESMTP id 0CB043C7 for <roll@ietf.org>; Tue, 3 Mar 2020 15:54:40 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailfence.com; s=20160819-nLV10XS2; t=1583247280; bh=qyoyJmb52vnXwQzxRy6QTs2xm4DOmY6BTW6kNU9/rPA=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=o2ea+rwH8Dbzracqpzjtru+7RC0t84mZaM0K5MlSIf+tyArYmVm1Vd+6l3Hbh4Bbb d2VCHQWWtffzdQRIiZoESElGRs0tojuKJ+aHQiikeOLqOOHbCOs30vH9bvJAHcwEUp TZSc80BBxyp3LuoLPrcJF1yXtdIAGpi8tyORydek+Eas539UxXNrYXXvZt6q2jonpy ULexav9U9J7wksQCmKDjwTyz09ud2x4nhdxAjub6VqAs3jMSC2o/eRnBUeMutSIKt4 Rqpfqcm0Uc9l5rUlaydq7JASH9bwqzizHGedZ2xsaLn7YJml8d76eQ3/7TBXsqOAU6 lSk8G+arEs2vg==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1583247280; s=20191001-wvim; d=ariskou.com; i=aris@ariskou.com; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Content-Type; l=25833; bh=qyoyJmb52vnXwQzxRy6QTs2xm4DOmY6BTW6kNU9/rPA=; b=KASq3BU+tS+LP+9evzzNdrhTIhB8GMWkY4ggMCw8vzBeEWc92+7Tdqo5Ms11mCl+ llRQd/hgGxX4tnefoEoGFH/aCMEkW6Z/YNR4aNtMeiZrErTtzk6LgZKf1WhMyojv3rf jiBdJHsljKUnjVk4F5P8qLWmkR6uDIDlhZoINuMwP1IgQhuEgU9ClofCEWFUbuLA/CH HbI8XYxGHhQCBYBKiwmLHRPipZeeq+Lb134u/6Ohm08b9nTbuf/N4Ar0sqYgcLIGxBa r1P0RRXVmZi2jM+TcnmBLxUospgnzpEHTwdUMwj2Sxjf2X3nKKLQ4L7BrAv5FvFZNOr RIEGA0VrRw==
Received: by smtp.mailfence.com with ESMTPA for <roll@ietf.org> ; Tue, 3 Mar 2020 15:54:25 +0100 (CET)
Received: by mail-il1-f182.google.com with SMTP id r4so3021565iln.0 for <roll@ietf.org>; Tue, 03 Mar 2020 06:54:23 -0800 (PST)
X-Gm-Message-State: ANhLgQ2nIs4lrQOI7e45v35jAgKIuJ7YGfhdtP/LXT8IS2VFsw4ObbUA s9x3+OBsRqfTBJWonWzxaIguBoEKGMc3NxJvwwE=
X-Google-Smtp-Source: ADFU+vtAyC1NoftCFIMomxrHz5yJep/20iKGow/TOoOBUmd3VaL8fVT0q/aiV+2gHnS630rSLdLAA5YUiCs6S6RgPLo=
X-Received: by 2002:a92:3a86:: with SMTP id i6mr5400535ilf.168.1583247260959; Tue, 03 Mar 2020 06:54:20 -0800 (PST)
MIME-Version: 1.0
References: <158134776694.4117.16175545100765405335.idtracker@ietfa.amsl.com> <EDEA0416-1EEA-49DF-8F25-AF80F0ADA58E@imt-atlantique.fr> <25766_1582715717_5E565345_25766_121_1_DA7C0EE9.71074%dominique.barthel@orange.com><CAK76PrkcSdydZpJWvxPfOMF68uvMNvJiS2-O+R+XE9k5ZOrcJw@mail.gmail.com> <24622_1583244752_5E5E65D0_24622_294_1_DA841E11.712EF%dominique.barthel@orange.com>
In-Reply-To: <24622_1583244752_5E5E65D0_24622_294_1_DA841E11.712EF%dominique.barthel@orange.com>
From: Remous-Aris Koutsiamanis <aris@ariskou.com>
Date: Tue, 03 Mar 2020 15:54:27 +0100
X-Gmail-Original-Message-ID: <CAK76PrkrMVi3uWRc7=G79MC+MD3sy4K6yMNpa_-KCU1gxV+0Yg@mail.gmail.com>
Message-ID: <CAK76PrkrMVi3uWRc7=G79MC+MD3sy4K6yMNpa_-KCU1gxV+0Yg@mail.gmail.com>
To: dominique barthel <dominique.barthel@orange.com>
Cc: Routing Over Low power and Lossy networks <roll@ietf.org>, "Georgios Z. Papadopoulos" <georgios.papadopoulos@imt-atlantique.fr>
Content-Type: multipart/alternative; boundary="00000000000094cad3059ff47ad4"
X-ContactOffice-Account: com:113819248
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/SSkEwPWtuaDGpeE5NcXCbm2ve0k>
Subject: Re: [Roll] Fwd: New Version Notification for draft-ietf-roll-nsa-extension-06.txt
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2020 14:54:46 -0000
Thanks! I'll go through it an use it. Best, Aris On Tue, Mar 3, 2020 at 3:13 PM <dominique.barthel@orange.com> wrote: > Hello Aris, > > Here is a pointer to an IETF tutorial on writing Security Considerations > section. > > https://datatracker.ietf.org/meeting/105/materials/slides-105-edu-sessb-writing-security-considerations-01.pdf > > https://www.youtube.com/watch?v=Jpbfy3QeerU > See for example slide 23 that pertains to drafts extending prior protocols. > I'll review and respond to your comments below later. > Cheers, > > Dominique > > De : Remous-Aris Koutsiamanis <aris@ariskou.com> > Date : Saturday 29 February 2020 01:05 > À : Dominique Barthel <dominique.barthel@orange.com> > Cc : "roll@ietf.org" <roll@ietf.org>, "Georgios Z. Papadopoulos" < > georgios.papadopoulos@imt-atlantique.fr> > Objet : Re: [Roll] Fwd: New Version Notification for > draft-ietf-roll-nsa-extension-06.txt > > Hello Dominique, > > thank you very much for the thorough review. > Comments inline. > > On Wed, Feb 26, 2020 at 12:15 PM <dominique.barthel@orange.com> wrote: > >> Hello all, >> >> Another comment about this draft. The Security Considerations section >> currently says >> " The structure of the DIO control message is extended, within the pre- >> defined DIO options. Therefore, the security mechanisms defined in >> RPL [RFC6550] apply to this proposed extension." >> I don't think this addresses the purpose of a Security Considerations >> section. >> > > OK, maybe I misunderstood what exactly I should have elaborated on. > > I think it should talk about the potential security issues introduced by >> the draft, and why they are not real concerns. >> > > I thought that no real extra concerns are present, but as you propose, > maybe some more details would be helpful. > > >> I guess that, what this draft changes compared to RFC6550-6551, is the >> sending of the Parent Set of a node in its DIO. From there: >> - This could result in a privacy issue. Yes, but the Parent Set is not >> propagated further down the DODAG, so this disclosure does not reach far >> beyond the propagation range of the radios of the Parents. So no tracking >> of nodes by their IPv6 address possible from remote (a least no more than >> in the current situation). >> > > This is definitely present, I will add this issue, despite it not being > especially problematic. Just to be complete. > > >> - This could result in introducing a vulnerability: could an attacker >> exploit the knowledge gained from learning the PS? … >> > > Well, maybe with an assumption of a malicious node being able to decode > the DIO, i.e. having the correct enc/decryption keys. > 1. A malicious node that can read the DIO can "see" further than it's own > neighbourhood by one hop, learning the addresses of it's two hop neighbors. > So as mentioned, this is a privacy / network discovery issue. > 2. A node that can send DIOs can use the parent set to convince neighbours > to route through itself, instead of the normal preferred parent they would > use. However, with other OFs this is already possible by reporting a fake > rank value of 0 in the DIO, thus appearing as the DODAG root. > > As far as I can tell, if a malicious node manages to participate in the > RPL network (i.e. decode/encode the RPL control packet) it is game over and > it can definitely severely affect the operation of the whole network, just > by reporting a fake rank. > However, maybe this is not true; I'm not really an very familiar with the > security of RPL. > > I don't see any other opportunities for security issues. > I will add these two to the draft unless you have something additional. > > >> Best regards >> Dominique >> > > Thank you very much Dominique for the help. > > Best, > Aris > > >> >> De : Roll <roll-bounces@ietf.org> on behalf of "Georgios Z. >> Papadopoulos" <georgios.papadopoulos@imt-atlantique.fr> >> Répondre à : "roll@ietf.org" <roll@ietf.org> >> Date : Monday 10 February 2020 16:51 >> À : "roll@ietf.org" <roll@ietf.org> >> Objet : [Roll] Fwd: New Version Notification for >> draft-ietf-roll-nsa-extension-06.txt >> >> Dear all, >> >> FYI, we just submitted the 06 version where we addressed the comments >> from Rahul. >> >> Many thanks Rahul, >> Georgios and Aris >> >> >> Begin forwarded message: >> >> *From: *internet-drafts@ietf.org >> *Subject: **New Version Notification for >> draft-ietf-roll-nsa-extension-06.txt* >> *Date: *February 10, 2020 at 16:16:06 GMT+1 >> *To: *"Nicolas Montavont" <nicolas.montavont@imt-atlantique.fr>, "Pascal >> Thubert" <pthubert@cisco.com>, "Georgios Papadopoulos" < >> georgios.papadopoulos@imt-atlantique.fr>, "Remous-Aris Koutsiamanis" < >> aris@ariskou.com> >> >> >> A new version of I-D, draft-ietf-roll-nsa-extension-06.txt >> has been successfully submitted by Remous-Aris Koutsiamanis and posted to >> the >> IETF repository. >> >> Name: draft-ietf-roll-nsa-extension >> Revision: 06 >> Title: Common Ancestor Objective Function and Parent Set DAG Metric >> Container Extension >> Document date: 2020-02-10 >> Group: roll >> Pages: 15 >> URL: >> https://www.ietf.org/internet-drafts/draft-ietf-roll-nsa-extension-06.txt >> Status: >> https://datatracker.ietf.org/doc/draft-ietf-roll-nsa-extension/ >> Htmlized: >> https://tools.ietf.org/html/draft-ietf-roll-nsa-extension-06 >> Htmlized: >> https://datatracker.ietf.org/doc/html/draft-ietf-roll-nsa-extension >> Diff: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-roll-nsa-extension-06 >> >> Abstract: >> Implementing Packet Replication and Elimination from/to the RPL root >> requires the ability to forward copies of packets over different >> paths via different RPL parents. Selecting the appropriate parents >> to achieve ultra-low latency and jitter requires information about a >> node's parents. This document details what information needs to be >> transmitted and how it is encoded within RPL control packets to >> enable this functionality. This document also describes Objective >> Function which take advantage of this information to implement multi- >> path routing. >> >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> >> _________________________________________________________________________________________________________________________ >> >> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc >> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler >> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, >> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. >> >> This message and its attachments may contain confidential or privileged information that may be protected by law; >> they should not be distributed, used or copied without authorisation. >> If you have received this email in error, please notify the sender and delete this message and its attachments. >> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. >> Thank you. >> >> _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. > >
- [Roll] Fwd: New Version Notification for draft-ie… Georgios Z. Papadopoulos
- Re: [Roll] Fwd: New Version Notification for draf… dominique.barthel
- Re: [Roll] Fwd: New Version Notification for draf… Remous-Aris Koutsiamanis
- Re: [Roll] Fwd: New Version Notification for draf… dominique.barthel
- Re: [Roll] Fwd: New Version Notification for draf… Remous-Aris Koutsiamanis