[Gen-art] Genart telechat review of draft-ietf-ipwave-ipv6-over-80211ocb-47

2019-07-03 Thread Roni Even via Datatracker 
Reviewer: Roni Even
Review result: Ready with Issues

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at

.

Document: draft-ietf-ipwave-ipv6-over-80211ocb-47
Reviewer: Roni Even
Review Date: 2019-07-03
IETF LC End Date: None
IESG Telechat date: 2019-07-11

Summary:
The document is ready to be published as a standard track RFC with an issue

Major issues:

Minor issues:

this is about my previous comment.
The text in section 5.1 "A vehicle embarking  an IP-OBU whose egress interface
is 802.11-OCB may expose itself to  eavesdropping and subsequent correlation of
data; this may reveal data considered private by the vehicle owner; there is a
risk of being tracked.  In outdoors public environments, where vehicles
typically circulate, the privacy risks are more important than in indoors
settings." and "there is a strong necessity to use protection tools such  as
dynamically changing MAC addresses"
 so even though there are privacy concerns there is no normative text saying
 that some method is needed. "strong necessity" is not normative .

A new sentence was added to section 5.1 "An example of change policy is to
change the MAC address of the OCB interface each time the system boots up"

I got more confused by section 5.2 text "The policy dictating when the MAC
address is changed on the 802.11-OCB interface is to-be-determined."

So what I got from section 5.1 and 5.2 is that protection tools to address
privacy concern are needed but without any normative text.  Dynamic changing 
of MAC address is an option, no other option is mentioned.  Example for when to
change MAC address is on system boot and the policy when to change MAC address
is to be determined.

To summarize what the document currently says is that privacy risks are more
important for outdoor public environment and it is left for implementations to
decide if and how to address it.

Nits/editorial comments:


___
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art

Re: [Gen-art] Genart telechat review of draft-ietf-ipwave-ipv6-over-80211ocb-47

2019-07-05 Thread Nabil Benamar 
Dear Roni,

Thank you for your review. Indeed, you raised a crucial privacy issue that
we need to tackle in this draft.

If we look at https://tools.ietf.org/html/rfc8065 which recommends the
generic https://tools.ietf.org/html/rfc8064, we can say that we  comply by
inheritance from Ethernet since our current draft is targeted at using the
RFC 2464 (plus IPv6 suite over Ethernet) with minimal changes, as we
mention in the abstract (...for using IPv6 to communicate among nodes in
range of

   one another over a single IEEE 802.11-OCB link *with minimal change to *

*   existing stacks*).


However, there are some specificities related to vehicles. Since they roam
a lot, the use of a same Link Local Address over time can leak the presence
of the same vehicle in multiple places. Location tracking, if the same
interface identifier is used with different prefixes as a device/vehicle
moves between different networks.


Hence, a vehicle should get hints about a change of environment (e.g. ,
engine running, GPS, whatever) and renew the IID in LLAs.



I can make these proposed changes in a separate sub-section to emphasize
the concern and fix the privacy issue.


Thank you!

On Thu, Jul 4, 2019 at 7:05 AM Roni Even via Datatracker 
wrote:

> Reviewer: Roni Even
> Review result: Ready with Issues
>
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair. Please wait for direction from your
> document shepherd or AD before posting a new version of the draft.
>
> For more information, please see the FAQ at
>
> .
>
> Document: draft-ietf-ipwave-ipv6-over-80211ocb-47
> Reviewer: Roni Even
> Review Date: 2019-07-03
> IETF LC End Date: None
> IESG Telechat date: 2019-07-11
>
> Summary:
> The document is ready to be published as a standard track RFC with an issue
>
> Major issues:
>
> Minor issues:
>
> this is about my previous comment.
> The text in section 5.1 "A vehicle embarking  an IP-OBU whose egress
> interface
> is 802.11-OCB may expose itself to  eavesdropping and subsequent
> correlation of
> data; this may reveal data considered private by the vehicle owner; there
> is a
> risk of being tracked.  In outdoors public environments, where vehicles
> typically circulate, the privacy risks are more important than in indoors
> settings." and "there is a strong necessity to use protection tools such
> as
> dynamically changing MAC addresses"
>  so even though there are privacy concerns there is no normative text
> saying
>  that some method is needed. "strong necessity" is not normative .
>
> A new sentence was added to section 5.1 "An example of change policy is to
> change the MAC address of the OCB interface each time the system boots up"
>
> I got more confused by section 5.2 text "The policy dictating when the MAC
> address is changed on the 802.11-OCB interface is to-be-determined."
>
> So what I got from section 5.1 and 5.2 is that protection tools to address
> privacy concern are needed but without any normative text.  Dynamic
> changing
> of MAC address is an option, no other option is mentioned.  Example for
> when to
> change MAC address is on system boot and the policy when to change MAC
> address
> is to be determined.
>
> To summarize what the document currently says is that privacy risks are
> more
> important for outdoor public environment and it is left for
> implementations to
> decide if and how to address it.
>
> Nits/editorial comments:
>
>
>

-- 

Best Regards

Nabil Benamar
Associate Professor
Department of Computer Sciences
School of Technology
Moulay Ismail University
Meknes. Morocco
___
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art

Re: [Gen-art] Genart telechat review of draft-ietf-ipwave-ipv6-over-80211ocb-47

2019-07-10 Thread Alissa Cooper 
Roni, thanks for your review. Alex, Nabil, thanks for your responses. I entered 
a DISCUSS ballot to try to get more clarity about the relationship between MAC 
address changes and IID changes, among other things.

Alissa

> On Jul 4, 2019, at 2:05 AM, Roni Even via Datatracker  
> wrote:
> 
> Reviewer: Roni Even
> Review result: Ready with Issues
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair. Please wait for direction from your
> document shepherd or AD before posting a new version of the draft.
> 
> For more information, please see the FAQ at
> 
> .
> 
> Document: draft-ietf-ipwave-ipv6-over-80211ocb-47
> Reviewer: Roni Even
> Review Date: 2019-07-03
> IETF LC End Date: None
> IESG Telechat date: 2019-07-11
> 
> Summary:
> The document is ready to be published as a standard track RFC with an issue
> 
> Major issues:
> 
> Minor issues:
> 
> this is about my previous comment.
> The text in section 5.1 "A vehicle embarking  an IP-OBU whose egress interface
> is 802.11-OCB may expose itself to  eavesdropping and subsequent correlation 
> of
> data; this may reveal data considered private by the vehicle owner; there is a
> risk of being tracked.  In outdoors public environments, where vehicles
> typically circulate, the privacy risks are more important than in indoors
> settings." and "there is a strong necessity to use protection tools such  as
> dynamically changing MAC addresses"
> so even though there are privacy concerns there is no normative text saying
> that some method is needed. "strong necessity" is not normative .
> 
> A new sentence was added to section 5.1 "An example of change policy is to
> change the MAC address of the OCB interface each time the system boots up"
> 
> I got more confused by section 5.2 text "The policy dictating when the MAC
> address is changed on the 802.11-OCB interface is to-be-determined."
> 
> So what I got from section 5.1 and 5.2 is that protection tools to address
> privacy concern are needed but without any normative text.  Dynamic changing 
> of MAC address is an option, no other option is mentioned.  Example for when 
> to
> change MAC address is on system boot and the policy when to change MAC address
> is to be determined.
> 
> To summarize what the document currently says is that privacy risks are more
> important for outdoor public environment and it is left for implementations to
> decide if and how to address it.
> 
> Nits/editorial comments:
> 
> 
> ___
> Gen-art mailing list
> Gen-art@ietf.org
> https://www.ietf.org/mailman/listinfo/gen-art

___
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art

Re: [Gen-art] Genart telechat review of draft-ietf-ipwave-ipv6-over-80211ocb-47 - privacy

2019-07-04 Thread Alexandre Petrescu 



Le 04/07/2019 à 08:05, Roni Even via Datatracker a écrit :

Reviewer: Roni Even
Review result: Ready with Issues

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at

.

Document: draft-ietf-ipwave-ipv6-over-80211ocb-47
Reviewer: Roni Even
Review Date: 2019-07-03
IETF LC End Date: None
IESG Telechat date: 2019-07-11

Summary:
The document is ready to be published as a standard track RFC with an issue

Major issues:

Minor issues:

this is about my previous comment.
The text in section 5.1 "A vehicle embarking  an IP-OBU whose egress interface
is 802.11-OCB may expose itself to  eavesdropping and subsequent correlation of
data; this may reveal data considered private by the vehicle owner; there is a
risk of being tracked.  In outdoors public environments, where vehicles
typically circulate, the privacy risks are more important than in indoors
settings." and "there is a strong necessity to use protection tools such  as
dynamically changing MAC addresses"
  so even though there are privacy concerns there is no normative text saying
  that some method is needed. "strong necessity" is not normative .

A new sentence was added to section 5.1 "An example of change policy is to
change the MAC address of the OCB interface each time the system boots up"

I got more confused by section 5.2 text "The policy dictating when the MAC
address is changed on the 802.11-OCB interface is to-be-determined."

So what I got from section 5.1 and 5.2 is that protection tools to address
privacy concern are needed but without any normative text.  Dynamic changing
of MAC address is an option, no other option is mentioned.  Example for when to
change MAC address is on system boot and the policy when to change MAC address
is to be determined.

To summarize what the document currently says is that privacy risks are more
important for outdoor public environment and it is left for implementations to
decide if and how to address it.


Thank you for the comment.

In a sense, I agree with you: normative text is always helpful for 
implementer.  S/he will know what method for privacy of IID MUST be 
implemented, and do it.


However, I do not want to work on this because of the following: (1) the 
random MAC generation has an unknown IPR status (to me) and (2) the 
64bit IID length is imposed.


This draft imposes a 64bit for the IID length.  Given that, it is 
impossible for me personally to make sense about what should be 
implemented for privacy for IID.  I have several methods in mind, and I 
can get help from implementer to test and demonstrate.  But not within 
the upper and lower bounds of the 64bit boundaries.


Shorter than 64bit IIDs (like ::1, or ::5) are easier to manipulate by 
humans when building systems, and they can be obfuscated as well: 
instead of saying '1' one can say '2' so the listener is fooled, 
provided a secret agreement between the ends is in place.  Also, longer 
IIDs (like ::1:2:3:4:5) resist better to brute force algorithm attacks.


There is a method for generating the MAC address in a more random 
manner, and use it to form a 64bit IID.  That method is implemented 
widely in Windows on PC and on Windows Phone.  There is also an ETSI 
standard that suggests the same.  This draft IPv6-over-OCB has that 
method in mind when it talks about changing the MAC address each time a 
system boots up.  However, I do not know the IPR status of that method. 
I would like to know it, because personally I dont want to work on 
documents that are IPRed by other organisations.  It is also for this 
reason that it says 'a possibility is', and not 'MUST do'.


Finally, having retired my name from the author list, please consider 
these comments as an individual opinion.  The fact that I state it with 
certainty does not mean any form of authority on the document.  There is 
a WG for authority, an Editor, etc. (see IPWAVE WG).


I do not know what others think about privacy and IIDs and IPv6-over-OCB?

Alex



Nits/editorial comments:





___
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art