IETF Logo Mail Archive

Re: [secdir] Secdir last call review of draft-ietf-6lo-fragment-recovery-08

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Mon, 10 February 2020 12:32 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 059DF1201CE; Mon, 10 Feb 2020 04:32:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=magsXimD; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=DnCfgKT0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8YTmErCnkBP; Mon, 10 Feb 2020 04:32:08 -0800 (PST)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DFCD1201A3; Mon, 10 Feb 2020 04:32:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=36905; q=dns/txt; s=iport; t=1581337927; x=1582547527; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=0kbIOC67t8OS8S1WlUaQ+ay8u3JM4Xjfa6GiXT+/VJQ=; b=magsXimD3HyvxCxbgog9xD97tgvW5WAdiOlgkdJUWkRrFY10p0EWDRkO JSI+j0FM8x2GUX9UjiKBGHCODGy41qE7ZK0sZJCO5fQqpABDqgu99RsVZ uiKsARbCKH9RWC/Ci6U2F8DxRCfhyse4YbfNrR5rHrFkjdmgLlAU3kT/6 s=;
IronPort-PHdr: 9a23:7lKjAh1T3eRTJbtosmDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxKGt+51ggrPWoPWo7JfhuzavrqoeFRI4I3J8RVgOIdJSwdDjMwXmwI6B8vQEVH7MfTndTASF8VZX1gj9Ha+YgBY
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BLFwDcS0Fe/4gNJK1mHQEBAQkBEQUFAYF7gSUvUAVsWCAECyqHWwOLAk6CEZMkhG6BQoEQA1QJAQEBDAEBJQgCAQGEQAKCRSQ4EwIDDQEBBAEBAQIBBQRthTcMhWYBAQEDARIbEwEBOAQLAgEIEQQBASEBBgcyFAkIAQEEARIIGoMFgX1NAw4gAQIMnBkCgTmILTWCJ4J/AQEFgTMChAYYggwDBoE4hR+EO4JJGoFBP4ERR4JMPoJkAQECARmBCgkBARIBIwwRDgmDDIIsjT0FEgYJiFyBBoFDhzaOSHAKgjqHTIIsjG+CSIgRBYtqhEeNKYE7iGySOQIEAgQFAg4BAQWBaSJncXAVgydQGA2BGo0DCRqDUIUUhT90AoEniw2BU18BAQ
X-IronPort-AV: E=Sophos;i="5.70,424,1574121600"; d="scan'208,217";a="718556957"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 10 Feb 2020 12:32:06 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 01ACW6vh027033 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 10 Feb 2020 12:32:06 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 10 Feb 2020 06:32:05 -0600
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 10 Feb 2020 06:32:05 -0600
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 10 Feb 2020 06:32:05 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IvsCiu0VKC1ElNxRd2vSeDM6bLYP1PV3Cv9OoLnjn0f6IGcQLhS9tqrdCe4Rzl5mlDA3rmr2n27bdyaUL1smw4+T2E6GF/PQMnRwcJCAfclSUKRUNQaqXzWprajtWOmxa8TINmyW6S9UuV6lzumITbSj91yf+illQfxHeVVCbHls4bs6lKtE2GMlzg2zxjPTDwRrIK8aavWPc3d7Rja/njWl7zjoiPMo8WG0a82RnlqzHQaG/dc+MrWJ49T0lCQs/dixdeQAk5oVKY3RcPbCfGk5pc70+DPcGsK9c9cuxt65PNmYSmBRABJgtA9/Pk0n4tadom3cxjPb4gJg+S7b7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G0GPMraIGSZCX8LupVPAKjFdKcrx+ESL92RnATNIYLg=; b=mIMv9l5ZrGtC0ejIOcUHNWOAX7AmQTL3QkH0EsN6aQ/V3lUlS3MijMs9JpxBF9wqMsFCTtOJijXxamRSrsFz69JZwtw6uk0og3vE1YvlWgH8WVZ3jHVKW/lN/RvcRsdz6f0QFiXBAFr/4GTsSwaxMW4SNd5jTqj+6++YQ/JRx6jBtcz0AHEMKom+W3xUm5HDnoLVk4wsfBminRi468QNKbLCJu5yO1T92cqDjIy2nQ4J62+UTbin7cKmSI+gIVYrrJwhqs5dBJ0vRw9V4PFwscv7cyM+/SqEz+boDWv6d4OoXsgW+mjOKRF94MmTT4CLtQqr2MHwOdC+ohhwOz/xnA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G0GPMraIGSZCX8LupVPAKjFdKcrx+ESL92RnATNIYLg=; b=DnCfgKT0oCmUnkdgbMj4h04HGgDp0PSpA/XxxDBoclXNxJmXdNPxSOPapCpn55j/HL+4W7rS9Z1rKBVyzkx5mR2BD2GX7OwjWN95QSXAx8TlUBRFigtjINIFAQXz5cKgtkcnPJR2PShhzibxGjpyURAbK0aJ1GFQG/gir+jFOVg=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4365.namprd11.prod.outlook.com (52.135.38.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2707.24; Mon, 10 Feb 2020 12:32:03 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::fd76:1534:4f9a:452a]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::fd76:1534:4f9a:452a%3]) with mapi id 15.20.2707.030; Mon, 10 Feb 2020 12:32:03 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-6lo-fragment-recovery.all@ietf.org" <draft-ietf-6lo-fragment-recovery.all@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-6lo-fragment-recovery-08
Thread-Index: AdXalCLFRlrAAOY/RCW/KaF9W1FCvAFSSLMwAAIQbvAABa7EcAAENPAgAAAaHwA=
Date: Mon, 10 Feb 2020 12:31:59 +0000
Deferred-Delivery: Mon, 10 Feb 2020 12:31:46 +0000
Message-ID: <MN2PR11MB3565C3CF04D7F17F70504449D8190@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <CY4PR1601MB1254AAB128CD71BB283BDA72EA000@CY4PR1601MB1254.namprd16.prod.outlook.com> <MN2PR11MB35652608BABFC6B1EB0B1A9FD8190@MN2PR11MB3565.namprd11.prod.outlook.com> <CY4PR1601MB1254EEDFF6B78FC0BC2BF3D0EA190@CY4PR1601MB1254.namprd16.prod.outlook.com> <MN2PR11MB35654B2E68BAE8C6B3BF46BBD8190@MN2PR11MB3565.namprd11.prod.outlook.com> <CY4PR1601MB1254C5AF8FE1543EAAEC55F9EA190@CY4PR1601MB1254.namprd16.prod.outlook.com>
In-Reply-To: <CY4PR1601MB1254C5AF8FE1543EAAEC55F9EA190@CY4PR1601MB1254.namprd16.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2a01:cb1d:4ec:2200:1177:ce8:44a5:7e4b]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 919974fb-46f9-444b-ff28-08d7ae253bc9
x-ms-traffictypediagnostic: MN2PR11MB4365:
x-microsoft-antispam-prvs: <MN2PR11MB4365C115605315398BE9E991D8190@MN2PR11MB4365.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03094A4065
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(346002)(376002)(39860400002)(396003)(366004)(189003)(199004)(6666004)(71200400001)(76116006)(66574012)(5660300002)(52536014)(86362001)(66946007)(66476007)(64756008)(66446008)(6506007)(53546011)(33656002)(9686003)(66556008)(110136005)(7696005)(2906002)(55016002)(478600001)(316002)(81166006)(81156014)(8936002)(8676002)(966005)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4365; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FyMhGj6TEBpomTZNXn+X/ortWJK3x4wzrM0sLptg8I9Ye4J8lSoBL6TxWEJyjG2Awa6HMEYPh1UbsRA8kpcrPr5sitzsptKsvJh3FRTTC/yO7WZc1GubDo72zJyzZA8uNo5JUC/LDUhSxepP33RanS16AEA8w1hG7MaUL2dNlRttt5pSErVSa1X2ZutP6tuWE/JQrqNRhjltgjEv//S+chOXpvaoQbisbQ1QCR+iBj7H/Vmq5Xmkb5DLIiHAb6TrDmq9G8wetW6yUzxbe7JLroNF7VH49t7CpWroZT7Dih+HOpuRKOjYPv22aiHt2fzPBxnOuCtpheHc+4lbs7mRKxpExTcTE/mTS7VSF2FAAtMc2aGJk9Qi67lfKgrDZmjHSXXTWKAM1+5adY+BU7lPwOM3MwZlbRkY7KERGPg8AUanN1c3lv6e/BhqaU86aHAFcS178pTxFy0mCsp0lbEzds0uMUDTTc+C36kZA19hESIfumyp4K2aR8mTcV3x7yLMmsT9Sz9gPdXmd08qekwm+g==
x-ms-exchange-antispam-messagedata: uaQhKTdhEI5q0gOkDIuKZ2sj4sntael5I3Eu/0/nOiup9GszLHNeC2IAhs9v+Uczx/xYOygqamBIds5v6CdhvvmOsvfHRFxr6vSpsMVfEn0c5CdTVuwxsmpzY2qBjoAf7Pp1OzNE9XOP1HRjmIqpfUB1usYJKkCVXxDuituyht7YHj5pxa/FBzoKhLRqHEMQog1REi2CpHYR22BEiqVk1w==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3565C3CF04D7F17F70504449D8190MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 919974fb-46f9-444b-ff28-08d7ae253bc9
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Feb 2020 12:32:03.5381 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Ft+8obbwAC5x4PiTimoFT/BmykSHgnSHeWcd4gFPwmoWk+8qxR+3c7c0F3P4u9+JULsanLZEqgmwXU4bpsZxXg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4365
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/yu3u3BW7OTnVqKt5vJdaD_ux2XQ>
Subject: Re: [secdir] Secdir last call review of draft-ietf-6lo-fragment-recovery-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2020 12:32:11 -0000

Great!


I posted v11. The diffs are visible here https://www.ietf.org/rfcdiff?url2=draft-ietf-6lo-fragment-recovery-11.

Please let me know if I missed something.



Many thanks again, Tiru.



Pascal

From: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>
Sent: lundi 10 février 2020 13:25
To: Pascal Thubert (pthubert) <pthubert@cisco.com>; secdir@ietf.org; draft-ietf-6lo-fragment-recovery.all@ietf.org
Subject: RE: Secdir last call review of draft-ietf-6lo-fragment-recovery-08

Thanks Pascal. Updated text looks good.

Cheers,
-Tiru

From: Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>>
Sent: Monday, February 10, 2020 5:48 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com<mailto:TirumaleswarReddy_Konda@McAfee.com>>; secdir@ietf.org<mailto:secdir@ietf.org>; draft-ietf-6lo-fragment-recovery.all@ietf.org<mailto:draft-ietf-6lo-fragment-recovery.all@ietf.org>
Subject: RE: Secdir last call review of draft-ietf-6lo-fragment-recovery-08


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

________________________________
Hello Tiru


>>>[1] It is not clear to me how the Security sections of I-D.ietf-core-cocoa apply to this specification ?

>> The specification depends on a Retransmission TimeOut (RTO) estimation that can be attacked. Adding the reference to cocoa was a earlier review comment that we got. Cocoa computes an RTO in a similar type of network. I agreed that the recommendation made sense but still, I can probably dig that email and start a thread with the reviewer if you think it is irrelevant.

> If coca is relevant, please add more details on how it is relevant. The security considerations in cocao is only discussing network access control to prevent an attacker from dropping packets to eventually increase the RTO.

Makes sense. I checked the status of cocoa and it appears stuck(
IESG state<https://datatracker.ietf.org/help/state/draft/iesg>
Expired (IESG: Dead)
).
Maybe the safest is to import the idea that we wanted to cover and avoid the reference.

What about schanging the first 3 paragraphs as follows:
"
   This document specifies an instantiation of a 6LoWPAN Fragment
   Forwarding technique.  "On Forwarding 6LoWPAN Fragments over a
   Multihop IPv6 Network" [I-D.ietf-6lo-minimal-fragment] provides the
   generic description of Fragment Forwarding and this specification
   inherits from it.  The generic considerations in the Security
   sections of [I-D.ietf-6lo-minimal-fragment] apply equally to this
   document.

   This specification does not recommend a particular algorithm for the
   estimation of the duration of the RTO that covers the detection of
   the loss of a fragment with the 'X' flag set; regardless, an attacker
   on the path may slow down or discard packets, which in turn can
   affect the throughput of fragmented packets.

   Compared to "Transmission of IPv6 Packets over IEEE 802.15.4
   Networks" [RFC4944], this specification reduces the datagram_tag to 8
   bits and the tag wraps faster than with [RFC4944].  But for a
   constrained network where a node is expected to be able to hold only
   one or a few large packets in memory, 256 is still a large number.
   Also, the acknowledgement mechanism allows cleaning up the state
   rapidly once the packet is fully transmitted or aborted.


"

Many thanks again, Tiru.

Pascal



From: Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>>
Sent: Monday, February 10, 2020 1:06 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com<mailto:TirumaleswarReddy_Konda@McAfee.com>>; secdir@ietf.org<mailto:secdir@ietf.org>; draft-ietf-6lo-fragment-recovery.all@ietf.org<mailto:draft-ietf-6lo-fragment-recovery.all@ietf.org>
Subject: RE: Secdir last call review of draft-ietf-6lo-fragment-recovery-08


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

________________________________
Hello Tiru;

Many thanks for your review!

Please see below

> [1] It is not clear to me how the Security sections of I-D.ietf-core-cocoa apply to this specification ?

The specification depends on a Retransmission TimeOut (RTO) estimation that can be attacked. Adding the reference to cocoa was a earlier review comment that we got. Cocoa computes an RTO in a similar type of network. I agreed that the recommendation made sense but still, I can probably dig that email and start a thread with the reviewer if you think it is irrelevant.

If coca is relevant, please add more details on how it is relevant. The security considerations in cocao is only discussing network access control to prevent an attacker from dropping packets to eventually increase the RTO.

> [2] The security considerations section discusses I-D.ietf-lwig-6lowpan-virtual-reassembly but that document does not discuss any security considerations yet.

Correct. When it does I hope it describes the issue that this specification discusses. In any fashion we use it to explain a difference: "here's a traditional drawback of fragments and here's why it does not hurt us", as opposed to an inheritance.
If you think that the text is not helpful, we can open another thread on that.

Thanks for the clarification.

> [3] It is not clear how the DoS attack of bogus first fragments is handled and other attacks discussed in https://tools.ietf.org/html/draft-ietf-intarea-frag-fragile-17#section-3.7 are tackled ?

They are not, apart from whatever protection we get from the requirement in L2 security (we are talking about an homogeneous mesh). This section is highly relevant. This is all detailed in section 7 of draft-ietf-6lo-minimal-fragment that this specification inherits.

Okay.

> [4] How does the document align with the recommendations given in https://tools.ietf.org/html/draft-ietf-intarea-frag-fragile-17#section-6 ?

Section 6 says that IP fragmentation should be avoided by new protocols. This Is not IP fragmentation, it is lower layer. We cannot avoid it if we are to support IPv6 that has a MIN MTU of 1280 bytes and the 6LoWPAN MTU is lower than that, see RFC 4944.

Got it.

Cheers,
-Tiru

Please let me know if you have a recommendation for a change, I saw questions but not real hiunt on how to act on them.


Many thanks again!

Pascal

v2.23.0 | Report a Bug | By Email