Re: [Roll] AD Review of draft-ietf-roll-useofrplinfo-41
Alvaro Retana <aretana.ietf@gmail.com> Tue, 10 November 2020 16:39 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3FE3A0A42; Tue, 10 Nov 2020 08:39:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OL7bCo0TjOGr; Tue, 10 Nov 2020 08:39:00 -0800 (PST)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB10E3A0A2B; Tue, 10 Nov 2020 08:38:59 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id b9so13426416edu.10; Tue, 10 Nov 2020 08:38:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=QLXm3rwACW+POKeKPFNtMFPWH8PaPmx7rGe2DOTYG8M=; b=RtoTSFtj2z/zCd7z4uK8ryqsoHoiwM9u2ofNpHEp5FRSFptfCs4Cq/74rwbgNA1ONz 4a1kqvou0Bq3ai+1ccrpyBK1kJ29yRsokMMDMHHC56K9T5XfXkrYkseXkfok1gf2OODL 9QuG3unfLmu0+aB/ZjFkIrC7esa3+mVMFlqTMMqgg/2ODybLTtzHSbjyENl/Ob2Rc+LZ iKaSuO97xU6QJweMgrlBbPHyytY0WB9UzwSyr5Z9RezmI/QUqK+0z+wRbYEFNLD0Pnbf lo0tuH4udpjhcWzWBifqY/gmsAHY8ZZ7JoaqxNV5r01qYh1Dpry717ixAEGG8EDJuOAt ecbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=QLXm3rwACW+POKeKPFNtMFPWH8PaPmx7rGe2DOTYG8M=; b=YVUYZmPitoGt0bduhJWpDCoJgl5UInc5SGw7picqTS+ckTrbcpMh7Wmo8IhYNEltSe Y1x1ko3mRB3L8jrm/bNc/P3Dk3CRawtuiJ0aUPxb057sThVp56U8q7bRkwbZaIz6shDg Qapzi9NTLtXjiUmN1/TCKRQSeditQKXq/ZLh0nNXxV5my6G/A8y3+uoTEGKk5UjJNmO/ 2Km2pXoq43tGR28yCyRg3XpzzRWL61c7IKhdD20m4ZoXzBaubiWEA972y6p0Q5muVUF3 ynOstSKC0H7pKHc5J95ognq8BD8Fpe3IUgcv4D/E/QLX3PpYPwC2JAyJRJKEj8Hd7JWY h6lA==
X-Gm-Message-State: AOAM530xgUtdGY05piFx6nKXqf9kRzRYgZjEau8VTes91gwaxchFB7XY FicYHu99q7DNhB6b3L11en9moTDmfvYNdgiLrGIL8cZhNg2sFw==
X-Google-Smtp-Source: ABdhPJweKepc0PmxVWojgWY7/Ub+AYJZp2zLieR21HcroYbVm/fc7Uss7ntVnsxTVk3+8CPodmDEAG/RfvlxqGUHOoE=
X-Received: by 2002:a05:6402:b8e:: with SMTP id cf14mr20992645edb.86.1605026338143; Tue, 10 Nov 2020 08:38:58 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Tue, 10 Nov 2020 08:38:57 -0800
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <CO1PR11MB48817CE5980B4B9E0E03B23DD8E90@CO1PR11MB4881.namprd11.prod.outlook.com>
References: <CAMMESsw9Ryj+aLmhqYu+NwkdQ11BoWxsEfbAvCr8OBk_DwRUGw@mail.gmail.com> <CO1PR11MB48817CE5980B4B9E0E03B23DD8E90@CO1PR11MB4881.namprd11.prod.outlook.com>
MIME-Version: 1.0
Date: Tue, 10 Nov 2020 08:38:57 -0800
Message-ID: <CAMMESsyovHi1OVvybSq1vGnW8qrky87xaZC_J-Nf2aj-H9euew@mail.gmail.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, "draft-ietf-roll-useofrplinfo@ietf.org" <draft-ietf-roll-useofrplinfo@ietf.org>
Cc: "roll-chairs@ietf.org" <roll-chairs@ietf.org>, Routing Over Low power and Lossy networks <roll@ietf.org>, Peter van der Stok <consultancy@vanderstok.org>
Content-Type: multipart/alternative; boundary="000000000000bd9c7b05b3c35083"
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/uF73EA9wKT29qdpNjJ2JglNfuHE>
Subject: Re: [Roll] AD Review of draft-ietf-roll-useofrplinfo-41
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2020 16:39:02 -0000
Just a quick note: the second case can also be due to a misconfiguration, or maybe even old Instance ID at the RUL. IOW, the general case of the instant not existing is not always due to an attack. Thanks! Alvaro. On November 10, 2020 at 7:51:46 AM, Pascal Thubert (pthubert) ( pthubert@cisco.com) wrote: Hello Alvaro and all Just to point out that during Alvaro's review of unaware leaves, we also mentioned the security aspect of injecting an RPI. There are 3 cases: - the leaf is an external router that passes a packet that it did not generate and that carries an unrelated RPI - we need to rewrite it - the leaf is an attacker that tries to inject traffic in a protected instance - we need to rewrite out or drop - the leaf is aware of the RPL instance and passes a correct RPI - to make the difference, the 6LR needs a configuration that allows that leaf to inject in that instance. This is why we ended up SHOULDing the rewrite. Do we need more text like the aboce in the security section? Keep safe; Pascal > -----Original Message----- > From: Alvaro Retana <aretana.ietf@gmail.com> > Sent: lundi 9 novembre 2020 19:57 > To: draft-ietf-roll-useofrplinfo@ietf.org > Cc: Peter van der Stok <consultancy@vanderstok.org>; roll-chairs@ietf.org; > Routing Over Low power and Lossy networks <roll@ietf.org> > Subject: AD Review of draft-ietf-roll-useofrplinfo-41 > > Dear authors: > > Thank you for all the work on this draft. > > I have a couple of comments in-line -- nothing hard to address. I mostly > looked at the diffs (wrt -31) and so my comments are just on new text. > > I want to progress this draft with unaware-leaves -- to make it easier on the > IESG. I'll start the IETF LC when both are ready. > > Thanks! > > Alvaro. > > > >From idnits: > > ** The abstract seems to contain references ([RFC8138]), which it > shouldn't. Please replace those with straight textual mentions of the > documents in question. > > > > [Line numbers from idnits.] > > > ... > 66 4. Updates to RFC6553, RFC6550 and RFC8138 . . . . . . . . . . . 7 > 67 4.1. Updates to RFC6550: Advertising External Routes with Non- > 68 Storing Mode Signaling. . . . . . . . . . . . . . . . . . 7 > 69 4.2. Updates to RFC6553: Indicating the new RPI Option Type. . 8 > 70 4.3. Updates to RFC6550: > 71 Configuration Options and Mode > 72 of Operation . . . . . . . . . . . . . . . . . . . . . . 11 > 73 4.4. Updates to RFC6550: Indicating the new RPI in the > 74 DODAG Configuration option Flag. . . . . . . . . . . . . 12 > 75 4.5. Updates to RFC8138: Indicating the way to decompress with > 76 the new RPI Option Type. . . . . . . . . . . . . . . . . 13 > > [nit - no action needed, just a suggestion] Group all the updates to > rfc6550: either in one sub-section or in consecutive ones. > > > ... > 493 4.3. Updates to RFC6550: Configuration Options and Mode of > Operation > > 495 RFC6550 section 6.7.6 describes the DODAG Configuration > Option. In > 496 this option are a series of Flags in the first octet of the payload. > 497 These flags are described by the DODAG Configuration Option Flags > 498 registry [dodagcfg], in section 20.14 of RFC6550. > > 500 Anticipating future work to revise RPL relating to how the LLN and > 501 DODAG is configured, this document changes the interpretation of > the > 502 [dodagcfg] Registry to be limited to Mode-of-Operation (MOP) > 503 specific. The MOP is described in [RFC6550] section 6.3.1. The > 504 Options Flags Registry is renamed, and applies to MOP values zero > (0) > 505 to six (6) only, leaving the flags reserved for MOP value seven (7). > > 507 In addition, this document reserves MOP value 7 for future > expansion. > > [] NEW> > Section 6.7.6 of RFC6550 describes the DODAG Configuration Option as > containing a series of Flags in the first octet of the payload
- [Roll] AD Review of draft-ietf-roll-useofrplinfo-… Alvaro Retana
- Re: [Roll] AD Review of draft-ietf-roll-useofrpli… Pascal Thubert (pthubert)
- Re: [Roll] AD Review of draft-ietf-roll-useofrpli… Alvaro Retana
- Re: [Roll] AD Review of draft-ietf-roll-useofrpli… Ines Robles
- Re: [Roll] AD Review of draft-ietf-roll-useofrpli… Michael Richardson
- Re: [Roll] AD Review of draft-ietf-roll-useofrpli… Alvaro Retana
- Re: [Roll] AD Review of draft-ietf-roll-useofrpli… Alvaro Retana