Re: [Roll] Stephen Farrell's Discuss on draft-ietf-roll-applicability-home-building-11: (with DISCUSS and COMMENT)

Robert Cragie <robert.cragie@gridmerge.com> Wed, 15 July 2015 09:23 UTC

Return-Path: <robert.cragie@gmail.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8A131A010F; Wed, 15 Jul 2015 02:23:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uAgwsNQt3Pgl; Wed, 15 Jul 2015 02:23:40 -0700 (PDT)
Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com [IPv6:2607:f8b0:400d:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF84E1A010D; Wed, 15 Jul 2015 02:23:39 -0700 (PDT)
Received: by qgef3 with SMTP id f3so15358176qge.0; Wed, 15 Jul 2015 02:23:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=rwPN0az/vC+DcSwcbPl5vHdWqX39m5Hss9X/AUa35Yk=; b=LDJDEVLuqdcl+iVg02ycqsUsYVlmhsOoPV/yD+6m80xtdkheBTOQOgDlWLc4LZKsyZ L4q9pc1CCZ6P6NN1GJJbZ6ic+jU/qyzYnbAh3xGLC3zmq5u1f6tSD1cUA1TVb67bxCfe C4DYIn37ohKA7CBHCXBc+4WZDuDlg8bGsXPYnkZRP1AmCg1od98zObeSeZ5mqacdpbyO rt3W/CzHSfTmPml2jlABsqiL5IzW4koHSpRaOhgDrDf/8KTHq1+nxkBqHlSr9X0nTjr1 IoRtSHVcalBbcNlPzGnxbbwqTKGpbjdyPYOklH07+blA8WiTviNaNlGFWT2YnlyxNps3 gXew==
MIME-Version: 1.0
X-Received: by 10.140.93.43 with SMTP id c40mr6732074qge.54.1436952219144; Wed, 15 Jul 2015 02:23:39 -0700 (PDT)
Sender: robert.cragie@gmail.com
Received: by 10.140.108.182 with HTTP; Wed, 15 Jul 2015 02:23:39 -0700 (PDT)
In-Reply-To: <55A58EF4.9020700@cs.tcd.ie>
References: <20150713215425.24718.94967.idtracker@ietfa.amsl.com> <CADrU+dK0tx-QGersyDUBTuOxOWF1kZgfTxx8AqMC_AY_c4r4bQ@mail.gmail.com> <55A58EF4.9020700@cs.tcd.ie>
Date: Wed, 15 Jul 2015 10:23:39 +0100
X-Google-Sender-Auth: w4CIDHsbEeh9AWFcp3GAbiCB2_A
Message-ID: <CADrU+dLnz0X+wz5LBDpQN+T6wJyA=zEHegYdJ4aBTUbmuOFioA@mail.gmail.com>
From: Robert Cragie <robert.cragie@gridmerge.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary=001a113abd6094dd3a051ae68274
Archived-At: <http://mailarchive.ietf.org/arch/msg/roll/U97qCQn4-oZlON4BEs2uBO4DcoA>
Cc: roll-chairs@ietf.org, Routing Over Low power and Lossy networks <roll@ietf.org>, draft-ietf-roll-applicability-home-building.ad@ietf.org, draft-ietf-roll-applicability-home-building@ietf.org, The IESG <iesg@ietf.org>, Yvonne-Anne Pignolet <yvonneanne.pignolet@gmail.com>, draft-ietf-roll-applicability-home-building.shepherd@ietf.org
Subject: Re: [Roll] Stephen Farrell's Discuss on draft-ietf-roll-applicability-home-building-11: (with DISCUSS and COMMENT)
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: robert.cragie@gridmerge.com, Routing Over Low power and Lossy networks <roll@ietf.org>
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 09:23:41 -0000

On 14 Jul 2015 23:36, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>; wrote:

Hi Stephen,

The text before 4.1.8.2 doesn't imply that some nodes are not using
security, it only implies that symmetric key scope used by nodes may be
less than the whole network. I will add clarification regarding this point.

Robert

>
> Hiya,
>
> On 14/07/15 23:17, Robert Cragie wrote:
> > Hi Stephen,
> >
> > Thanks for your further review. Answers and comments inline, bracketed by
> > <RCC></RCC>
> >
> > Robert
> >
> > 1) This could be my ignorance of zigbee, but how can we
> >> use layer 2 security for only some network nodes?  (In
> >> other words, I don't see how 4.1.8.2 works.)
> >>
> >
> > <RCC>All network nodes use L2 security once they have joined the network.
> > Prior to that, they communicate using an authentication protocol which is
> > unsecured at L2. Enforcement points police unsecured traffic to ensure it
> > is only related to authentication, thus preventing data or other control
> > plane traffic unsecured at L2 from being allowed into the network. So, to
> > your point, the only traffic allowed unsecured at L2 is authentication
> > traffic and those nodes are not yet participating in the network.</RCC>
>
> Right, that's what I thought. So I can't see how the text that
> implies that only a subset of nodes on the network are using l2
> security works which seems to be implied by the bullet just
> before the start of 4.1.8.2.
>
> [snip]


>
>