Re: [Roll] Stephen Farrell's No Objection on charter-ietf-roll-04-06: (with COMMENT)

peter van der Stok <> Thu, 15 December 2016 10:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 908EA1297EE for <>; Thu, 15 Dec 2016 02:02:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HILD9po0g5sz for <>; Thu, 15 Dec 2016 02:02:14 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AD835129561 for <>; Thu, 15 Dec 2016 02:02:13 -0800 (PST)
Received: from ([IPv6:2001:888:0:22:194:109:20:216]) by with ESMTP id LA2B1u00A25pRQy01A2Bms; Thu, 15 Dec 2016 11:02:11 +0100
Received: from 2001:983:a264:1:466:a346:51ef:6889 by with HTTP (HTTP/1.1 POST); Thu, 15 Dec 2016 11:02:11 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 15 Dec 2016 11:02:11 +0100
From: peter van der Stok <>
To: Routing Over Low power and Lossy networks <>
Organization: vanderstok consultancy
In-Reply-To: <>
References: <>
Message-ID: <>
X-Sender: (C2Um/KFrl3Cfuy8WOMUaHQaFb+JPO7VT)
User-Agent: XS4ALL Webmail
Archived-At: <>
Cc:, The IESG <>
Subject: Re: [Roll] Stephen Farrell's No Objection on charter-ietf-roll-04-06: (with COMMENT)
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To:, Routing Over Low power and Lossy networks <>
List-Id: Routing Over Low power and Lossy networks <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 15 Dec 2016 10:02:15 -0000

Hi Stephen,

Indeed, formulating security attacks, analysing their consequences, and 
findig adequate remedies for a routing protocol is a challenging task.
It starts with formulating the attacks, which in my understanding evolve 
over time.

In the 6lo WG a draft has been written to handle privacy issues in a 
coherent way; which proves extremely useful during the IP-over-foo draft 
In Roll Michael has written a template for the applicabiity statements, 
including security issues.

In my opinion a draft which helps identifying the threats and their 
(existing) remedies could be a proper way forward.
For Roll such a draft together with Manet, which faces similar wireless 
issues, might be a good starting point.

Any other suggestions, or showing this one to be inadequate, are 

> The charter continues to say "The Working Group will pay
> particular attention to routing security..."
> How do we think that's going? I'm not sure that it's going
> that well - we seem to have a history where ROLL documents
> arrive at the IESG lacking security analysis. I don't think
> that's because folks are bad or lazy, but it's maybe more
> down to people assuming that security is someone else's
> problem (e.g. will be handled by layer 2, or will be part
> of some applicability statement, or will be handled by
> some RPL security document etc...)
> Anyway, now that we're re-chartering, maybe it's a good
> time to review how we've been doing on this, given the
> history and see if there's anything we could do to avoid
> problems arising for future ROLL documents. (I don't have
> any specific suggestion for what to do, I just wanted to
> see if a discussion of this might be useful.)