Re: [Roll] AD Review of draft-ietf-roll-efficient-npdao-09
Alvaro Retana <aretana.ietf@gmail.com> Tue, 07 May 2019 23:23 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E70F41200CD; Tue, 7 May 2019 16:23:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.904
X-Spam-Level:
X-Spam-Status: No, score=-0.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_10_20=0.093, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12uG1iC4j_zJ; Tue, 7 May 2019 16:23:04 -0700 (PDT)
Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 861A7120098; Tue, 7 May 2019 16:23:03 -0700 (PDT)
Received: by mail-ed1-x535.google.com with SMTP id e56so20269437ede.7; Tue, 07 May 2019 16:23:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=69nQ7cxwk4EuEy9xKyX4jLdZyov8oHFnLI6/Khm2Yww=; b=WwtqO+gpxIFtFjQBFtOplq0gJkaSSscAbpJNVAr5sm2PTnSyFuuqdjzG5cuOtqCjqd s20ls1/NGx36JUCcjPoZ1zrg5rRJgAhQzL7bZT542auhna54TA2ZEyp6QMJxygyhePZp +FTMUn2yn3HXDZreM+x/DO+aOGxcToojmTK6RVQqlpdVboT8x0q4wIRmtIUQHf6fPQ+z vq4qQ+UD6NRbVN4845QlaaoShOn7HtLxoh1ucgoC2dMZF4gcvk9rzL/sJ86TdQv5VzCo 2t3qwDkbfkuZ8Me0HpZJmeYRANtIuj29KSxZsBhANFFospToAHikVciAnq0TcmrXt604 ys3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=69nQ7cxwk4EuEy9xKyX4jLdZyov8oHFnLI6/Khm2Yww=; b=Yxqd8gmqlrhB2ngjCdVEICKi6a6+nEyVio7/wDspeuFT0GH6MsImYz+vCWuRy1RMrZ YJr/8rCqKEAmJSiwAs1nLJIrTn7+Gle8OVGOsa9XNmhxMfo/6NDVk8nbs0FwyYPwyK6F f1hbbFii6Udg+iYuIVzoQv8kUpouxSyodwwh2NoOqpNhc7yLEPok26eefQFCEk+D1ZVo MQR+e+uX2AIx0d2+Gi2+gsixLSUmD1rGsJv5omOe82IB1hWey5ktZhg5uyUjtWLK7XV/ eZzo3R6JzYg/MAm4Tsx6GdWOYrFXnBXz3+iR5ZBLr9qOtP3/cLXEFTk4xW0tcDLPldZv 2PeA==
X-Gm-Message-State: APjAAAWYyFWmt8fbGT+W8COt5UY3aBVTwoTzvGcqL8+7Nulxw1Wfcqzt bSiRy0pdanNNQiOXPL5EIajYydwVdSQgAI098B25Ek6j
X-Google-Smtp-Source: APXvYqzayPbqaeI0mZxSJkrJvwmkvdM2mBnBfjvo0S7XBU2lhnBXGGeogrCxd6r4oIAu7ov0SkwwAJ0C5wsJopTtKLc=
X-Received: by 2002:a17:906:2f0d:: with SMTP id v13mr26330307eji.99.1557271381860; Tue, 07 May 2019 16:23:01 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Tue, 7 May 2019 16:23:01 -0700
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <CAO0Djp16zsnfq266Y5=5sw6HbWx3KDdGqQfoQZ9jJfyUahVAfw@mail.gmail.com>
References: <CAMMESsy11FvVEZ6VGRK7PYo4FXzVs8x=G-y-0U8C3bkgyK5R8A@mail.gmail.com> <CAO0Djp16zsnfq266Y5=5sw6HbWx3KDdGqQfoQZ9jJfyUahVAfw@mail.gmail.com>
MIME-Version: 1.0
Date: Tue, 07 May 2019 16:23:01 -0700
Message-ID: <CAMMESswxytDEfBbtFxM0-cd7QTZ-j5-JTrCF6pDSckZQVM5KrQ@mail.gmail.com>
To: Rahul Jadhav <rahul.ietf@gmail.com>
Cc: roll <roll@ietf.org>, Peter van der Stok <consultancy@vanderstok.org>, roll-chairs <roll-chairs@ietf.org>, draft-ietf-roll-efficient-npdao@ietf.org
Content-Type: multipart/alternative; boundary="00000000000088e8df0588547fcd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/VskTOWnM5aLV7VuPWx09qguHjS0>
Subject: Re: [Roll] AD Review of draft-ietf-roll-efficient-npdao-09
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 May 2019 23:23:06 -0000
On April 27, 2019 at 2:07:34 PM, Rahul Jadhav (rahul.ietf@gmail.com) wrote: Rahul Hi! I have some remaining comments below. I think that all of them can be handled as IETF Last Call comments — so I’ll go ahead and start it. The only remaining item is whether you (the WG) want an ancestor to be able (as a feature) to generate a DCO without the corresponding DAO…. I’ll let you discuss that in the WG an include it (or not) before we start IESG Evaluation. Thanks! Alvaro. ... 418 4.3.2. DCO Options 420 The DCO message MAY carry valid options. This specification allows 421 for the DCO message to carry the following options: 423 0x00 Pad1 424 0x01 PadN 425 0x05 RPL Target 426 0x06 Transit Information 427 0x09 RPL Target Descriptor 429 The DCO carries a Target option and an associated Transit Information 430 option with a lifetime of 0x00000000 to indicate a loss of 431 reachability to that Target. [major] Are the RPL Target and Transit Information options mandatory? If so, then that is at odds with the MAY above. [RJ] Explicitly added the MUST clause for Target and Transit options. Also the lifetime field in the transit option MUST be set to 0 in DCO's transit option. The new text is redundant (talks about the lifetime twice): The DCO carries an RPL Target Option and an associated Transit Information Option with a lifetime of 0x00000000 to indicate a loss of reachability to that Target. The lifetime indicated in the Transit Information Option of the DCO message MUST be set to 0x00000000. ... 433 4.3.3. Path Sequence number in the DCO 435 A DCO message may contain a Path Sequence in the transit information 436 option to identify the freshness of the DCO message. The Path 437 Sequence in the DCO MUST use the same Path Sequence number present in 438 the regular DAO message when the DCO is generated in response to DAO 439 message. The DAO and DCO path sequence are picked from the same 440 sequence number set. Thus if a DCO is received by a 6LR and 441 subsequently a DAO is received with old seqeunce number, then the DAO 442 should be ignored. [minor] To make sure I'm clear: the "DCO path sequence" refers to the Path Sequence field in the Transit Information Option, right? If so, please be clear and specific. [RJ] Updated. There is redundant text here too: Option to identify the freshness of the DCO message. The Path Sequence in the DCO MUST use the same Path Sequence number present in the regular DAO message when the DCO is generated in response to a DAO message. The Path Sequence present in the Transit Information Option of the DAO and the correspondingly triggered DCO MUST be same. ... [major] "Path Sequence in the DCO MUST use the same Path Sequence number present in the regular DAO message when the DCO is generated in response to DAO message" The DAO message is obviously the one that triggered the DCO... When would a DCO *not* be originated in response to a DAO? Are there other cases when the DCO can be originated? Requiring the same Path Sequence is fine...the reason for this comment is the condition ("when the DCO..."). [RJ] One other condition that i can think of is, if the common ancestor node somehow believes that there are other high priority routing entries that it must entertain, thus evicting existing ones. During such eviction the common ancestor node could make use of the stored path sequence and initiate a DCO. DCO can fully support this in current form. Do you think this use-case makes sense? We introduced 'I' bit especially so that target is in full control of its own invalidation. With such change we loosen up that part. Hmm…I initially thought that this case would be a vulnerability. :-( Are there cases that you can come up with where those other “high priority routing entries” would have to be invalidated and that they wouldn’t just be preferred normally?? It is really up to the WG to determine if that is an use case that makes sense…. Either way, the vulnerability still exists. ... 498 4.4.1. Dependent Nodes invalidation 500 Current RPL [RFC6550] does not provide a mechanism for route 501 invalidation for dependent nodes. This document allows the dependent 502 nodes invalidation. Dependent nodes will generate their respective 503 DAOs to update their paths, and the previous route invalidation for 504 those nodes should work in the similar manner described for switching 505 node. The dependent node may set the I-bit in the transit 506 information option as part of regular DAO so as to request 507 invalidation of previous route from the common ancestor node. [major] This part is underspecified. How do the dependent nodes know of the switch? Is A (Figure 1) the common ancestor node mentioned above? I found the same question being asked during WGLC, and the answer seems to be: "the dependent nodes will always set the I-flag". Is that my correct interpretation? The behavior needs to be reflected in the specification. https://mailarchive.ietf.org/arch/msg/roll/LejLNET8Hk92wPWU3Xi6OaxCujg [RJ] I have added a para to describe this more. Please check if it makes sense. If the dependent node always sets the I bit, wouldn’t that result in constant invalidation (unless no route existed before)? IOW, it seems like the setting of the I bit has to be conditional. The mail archive talks about the DTSN incrementing — I’m assuming this will happen then the parent switches to a different parent…is that true? If so, then I think that this piece of text still needs some work. [nit] The I bit is sometimes called the I flag…please be consistent. ... 570 7. Security Considerations [major] This section mostly points at rfc6550 (which is ok), but it doesn't say anything about vulnerabilities (if any) that this specification may be introducing...or why it doesn't. [See my related comment in §4.3.3.] I would like to see (perhaps after the current text) something along the lines of "This document introduces the ability to do abc. It doesn't introduce any new vulnerabilities becasue... OR ... These are the new vulnerabilities and this is how they can be mitigated...or why they are not really of concern..." [RJ] Have added this text in the beginning of the security considerations section. Also have updated the "Unsecured" mode para, to say that the DCO and DCO-ACK MUST be link-layer encrypted if link-layer security is been put to use. That is not what I read in the new text: "A DCO and DCO-ACK message which is not encrypted at link-layer MUST not be handled by the RPL layer. Also all the DCO and DCO-ACK messages that are transmitted MUST be link-layer encrypted.” I read this text as saying that the DCO/DCO-ACK MUST always be link-layer encrypted… I couldn’t find that to be the same expectation as in rfc6550.
- [Roll] AD Review of draft-ietf-roll-efficient-npd… Alvaro Retana
- Re: [Roll] AD Review of draft-ietf-roll-efficient… Rahul Jadhav
- Re: [Roll] AD Review of draft-ietf-roll-efficient… Rahul Jadhav
- Re: [Roll] AD Review of draft-ietf-roll-efficient… Alvaro Retana
- Re: [Roll] AD Review of draft-ietf-roll-efficient… Rahul Arvind Jadhav
- Re: [Roll] AD Review of draft-ietf-roll-efficient… Rahul Arvind Jadhav
- Re: [Roll] AD Review of draft-ietf-roll-efficient… Pascal Thubert (pthubert)