IETF Logo Mail Archive

Re: [Roll] [roll] #136: - draft-ietf-roll-applicability-ami - Add a section of the Security Considerations for each instance where the RPL security mechanism are not to be used

Chris Lonvick <clonvick@cisco.com> Fri, 24 January 2014 17:32 UTC

Return-Path: <clonvick@cisco.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FB5D1A0069 for <roll@ietfa.amsl.com>; Fri, 24 Jan 2014 09:32:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.036
X-Spam-Level:
X-Spam-Status: No, score=-15.036 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fz6vvv34HzNL for <roll@ietfa.amsl.com>; Fri, 24 Jan 2014 09:32:44 -0800 (PST)
Received: from mtv-iport-1.cisco.com (mtv-iport-1.cisco.com [173.36.130.12]) by ietfa.amsl.com (Postfix) with ESMTP id 2E1A71A0036 for <roll@ietf.org>; Fri, 24 Jan 2014 09:32:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4216; q=dns/txt; s=iport; t=1390584763; x=1391794363; h=date:from:to:cc:subject:in-reply-to:message-id: references:mime-version:content-id; bh=zl6P/AZEku9gRAX5flplOREAPRO3QYdvl2C9zuaXJjo=; b=JCr6cZLOA3s8Y0GywdUys8FFOwAVridw+oxQ0gtwytpCk2+gfrTzRyr2 xq70ku/riYbGi0E2cIz+KZDfcPodHn4HiqE86uqx6xem6GTjw3SMJRKKW no91Ogf0OboB33gd29xzbBDy4xSoWNrvVaiHOf1JzBtNJ/W9BJRXHYOBr s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjUFAHOi4lKrRDoI/2dsb2JhbABagww4g1S4HUtPgQ0WdIIlAQEBAwEjVgULCxQBJgQDAgIhJREGEwmHaAMJBw6rUZcADYVWF4x2gUUBAQo0EQeCL0CBSQSJSIxzgx6LK4VBgW+BX4FQ
X-IronPort-AV: E=Sophos;i="4.95,713,1384300800"; d="scan'208";a="100552612"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-1.cisco.com with ESMTP; 24 Jan 2014 17:32:42 +0000
Received: from sjc-xdm-112 (sjc-xdm-112.cisco.com [171.71.188.44]) by mtv-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s0OHWfva031175 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 24 Jan 2014 17:32:42 GMT
Date: Fri, 24 Jan 2014 09:32:41 -0800
From: Chris Lonvick <clonvick@cisco.com>
To: "Popa, Daniel" <Daniel.Popa@itron.com>
In-Reply-To: <9546f1bf3d68401a8cdf837ca5528de4@BY2PR04MB807.namprd04.prod.outlook.com>
Message-ID: <alpine.LRH.2.00.1401240912530.20137@sjc-xdm-112.cisco.com>
References: <067.78cf5d635bca77cded1fb433c133c835@trac.tools.ietf.org> <9546f1bf3d68401a8cdf837ca5528de4@BY2PR04MB807.namprd04.prod.outlook.com>
User-Agent: Alpine 2.00 (LRH 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; boundary="1202400444-1128537802-1390584669=:20137"
Content-ID: <alpine.LRH.2.00.1401240932010.20137@sjc-xdm-112.cisco.com>
X-Mailman-Approved-At: Sat, 25 Jan 2014 08:51:51 -0800
Cc: "draft-ietf-roll-applicability-ami.all@tools.ietf.org" <draft-ietf-roll-applicability-ami.all@tools.ietf.org>, "roll@ietf.org" <roll@ietf.org>
Subject: Re: [Roll] [roll] #136: - draft-ietf-roll-applicability-ami - Add a section of the Security Considerations for each instance where the RPL security mechanism are not to be used
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Routing Over Low power and Lossy networks <roll@ietf.org>
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2014 17:32:47 -0000

Hi Daniel,

Has a threat model been defined for RPL?  And do you know that the 
link-layer security provided by the two IEEE mechanisms will thwart the 
threats?  This isn't meant to be an onerous exercise.  :-)  What has been 
done in several WGs has been to define a simple threat model (usually 
taken from RFC 3552) and then describe how the security mechanisms will 
thwart the threats.  For example, see sections 2 and 3 in RFC 5426 (TLS 
for syslog).

If you can point to the threat model for RPL then you can probably state 
(just once in the Security Considerations section) how the IEEE link-layer 
security mechanisms will address the threats so therefore the security 
mechanisms already contained within RPL will not be needed.

Hope this helps,
Chris

On Tue, 14 Jan 2014, Popa, Daniel wrote:

> Hello all,
>
> Chris:
>
> Just to clarify: The applicability statement for AMI network focuses on 
> use of RPL (+ 6LowPAN/IPv6) over standard IEEE wireless and PLC 
> link-layer technologies (i.e., IEEE Std 802.15.4g/4e and IEEE Std 
> P1901.2, respectively). Each of these standards is coming with a 
> link-layer security specification.
>
> Following you recommendation: we can add a new section - "Security 
> Considerations" - to the section where we describe the link-layer 
> security features (i.e., to the Section 9.2.3 called "Security features 
> provided by the MAC sub-layer"). Alternatively, we can keep the Section 
> 9.2.3 as it is and in the content that will be provided we describe how 
> the link-layer security features will meet the requirements of the RPL 
> security services.  Which of these approaches will better answer your 
> request?
>
> Would such clarifications meet your expectations?
>
> Regards,
> Daniel
>
> -----Message d'origine-----
> De : roll issue tracker [mailto:trac+roll@grenache.tools.ietf.org]
> Envoyé : mardi 17 décembre 2013 06:51
> À : draft-ietf-roll-applicability-ami.all@tools.ietf.org; mariainesrobles@gmail.com
> Cc : roll@ietf.org
> Objet : [roll] #136: - draft-ietf-roll-applicability-ami - Add a section of the Security Considerations for each instance where the RPL security mechanism are not to be used
>
> #136: - draft-ietf-roll-applicability-ami - Add a section of the Security Considerations for each instance where the RPL security mechanism are not to be used
>
> Source: http://www.ietf.org/mail-archive/web/secdir/current/msg04477.html
>
>
> From: Chris Lonvick <clonvick at cisco.com>
> Date: Fri, 13 Dec 2013 11:41:54 -0800 (PST)
>
>
>
> “The authors note that other security mechanisms may be used, which would  mean that the security functions of RPL would not be needed. I would  recommend that a section of the Security Considerations be added for each  instance where the RPL security mechanism are not to be used. Each of  those sections should show how the replacement mechanisms will meet the  requirements of the RPL security services that are described in 6550.”
>
> -- 
> -------------------------------------+----------------------------------
> -------------------------------------+---
> Reporter:                           |      Owner:  draft-ietf-roll-
>  mariainesrobles@gmail.com          |  applicability-
>     Type:  defect                   |  ami.all@tools.ietf.org
> Priority:  major                    |     Status:  new
> Component:  applicability-ami        |  Milestone:
> Severity:  Active WG Document       |    Version:
>                                     |   Keywords:
> -------------------------------------+----------------------------------
> -------------------------------------+---
>
> Ticket URL: <http://trac.tools.ietf.org/wg/roll/trac/ticket/136>
> roll <http://tools.ietf.org/wg/roll/>
>
>

v2.23.0 | Report a Bug | By Email