Transmission of IPv6 Packets over Near Field Communication
draft-ietf-6lo-nfc-13

Summary: Has 3 DISCUSSes. Needs 4 more YES or NO OBJECTION positions to pass.

Alissa Cooper Discuss

Discuss (2019-03-13)
I support Benjamin's DISCUSS point about large antennas. 

RFC 2119 specifies the keywords "RECOMMENDED" and "NOT RECOMMENDED." This document uses these in verb form ("RECOMMEND" and "NOT RECOMMEND"). Please change these instances so that the actual 2119 keywords are used.

= Section 4.8 =

I think the Gen-ART reviewer's question about fragmentation is unresolved. How is interoperability achieved if some nodes implement MIUX and not FAR, and some nodes implement FAR and not MIUX? It seems as though IPv6-over-NFC needs to be restricted to nodes that support one or the other (presumably MIUX).

= Section 5.1 and 7 =

Per the Gen-ART review, one of these sections needs to say something about how connecting to the Internet potentially changes the threat model for devices that were perhaps not originally envisioned to connect to the Internet.
Comment (2019-03-13)
= General =

I agree with Benjamin that the marketing-type language in the document should be removed.

I wonder about the claims of security based on proximity in this document. Presumably attacks in which users are induced to tap their device against another node or terminal which has been compromised by an attacker are becoming more common as NFC becomes more common; adding IPV6 connectivity to the terminal stack surely broadens the potential damage done in such a case. This seems worth noting.

= Section 1 =

OLD
It has been used in devices such as mobile phones, running Android operating
   system, named with a feature called "Android Beam".  In addition, it
   is expected for the other mobile phones, running the other operating
   systems (e.g., iOS, etc.) to be equipped with NFC technology in the
   near future.

NEW
At the time of this writing, it had been used in devices such as mobile phones, running Android operating
   system, named with a feature called "Android Beam".  It was expected for the other mobile phones, running the other operating
   systems (e.g., iOS, etc.) to be equipped with NFC technology in the
   near future.

= Section 4.5 =

Per the Gen-ART review, the use of the term "meet" is confusing in this section. Please re-phrase.

Benjamin Kaduk Discuss

Discuss (2019-03-11)
In general, I'm worried that this document is so unreadable that I can't
give it a proper review.  I just don't have a clear picture of how all
the pieces fit together, and which pieces are new as opposed to reused
from other specifications.  That said, here are my notes as they stand
at present.

If I understand correctly, the statements about "distance of 10 cm or
less" and "safe" or "secure communications" apply only for usage
compliant with the relevant legal regulations.  We cannot expect
attackers to abide by such regulations, and large (directional) antennas
and/or high-power transmitters should be presumed to expand that
distance by some factor, in adversarial environments.

Section 4.3 should probably provide some guidance on choosing the PRF
F().  We are implicitly relying on RFC 7217 for a lot of things, some of
which 7127 doesn't even cover, and the suggested construction in RFC
7127 may not still be best practice.

I don't understand why MIUX is not mandatory (and thus we could get rid
of all the "FAR is NOT RECOMMENDED" stuff).  Is there known demand for
IPv6 over NFC on devices that cannot do MIUX?

Some section-by-section points as well:

Section 3.1

   peer mode is used for ipv6-over-nfc.  In addition, NFC-enabled
   devices can securely send IPv6 packets to any corresponding node on
   the Internet when an NFC-enabled gateway is linked to the Internet.

I don't see anything in the document that justifies the usage of
"securely".

Section 3.4

   When the MIUX parameter is encoded as a TLV option, the TLV Type
   field MUST be 0x02 and the TLV Length field MUST be 0x02.  The MIUX
   parameter MUST be encoded into the least significant 11 bits of the
   TLV Value field.  The unused bits in the TLV Value field MUST be set
   to zero by the sender and ignored by the receiver.  A maximum value

Either the MIUX occupies 11 bits and there are five unused bits to be
set to zero, or the four bits marked in the figure are 1011 and there is
only one unused bit (singular) to be marked as zero.  This needs to be
more clear, as right now I can't tell what's intended.

Section 4.4

How does a device know that the link-local address is a public address?

Section 4.5

   o  When an NFC-enabled device (6LN) is directly connected to a 6LBR,
      an NFC 6LN MUST register its address with the 6LBR by sending a

How does the device know that it's talking NFC to a 6LBR as opposed to
some non-border-router peer?
Comment (2019-03-11)
A lot of this document reads like marketing material for NFC, which is a
bit off-putting in a technical specification.  (Some examples:
"outstanding performance", "NFC builds upon RFID systems by allowing
two-way communication between endpoints, where earlier systems such as
contactless smart cards were one-way only", "NFC also has the strongest
ability (e.g., secure communication distance of 10 cm) to prevent a
third party from attacking privacy", "NFC technology enables simple and
safe two-way interactions between electronic devices", "NFC's
bidirectional communication ability is ideal for establishing
connections with other technologies by the simplicity of touch", etc.)

Section 1

   Considering the potential for exponential growth in the number of
   heterogeneous air interface technologies, NFC would be widely used as
   one of the other air interface technologies, such as Bluetooth Low
   Energy (BT-LE), Wi-Fi, and so on.

nit: I think there's a word missing here or something, maybe "as widely
used".

Section 3

   NFC's bidirectional communication ability is ideal for establishing
   connections with other technologies by the simplicity of touch.  In

nit: other technologies, or other devices?

Section 3.2

There's no "IPv6 layer" in Figure 1.

Section 3.3

                      Address values between 10h and 1Fh SHALL be
   assigned by the local LLC to services registered by local service
   environment.  [...]

Is this duplicating a requirement from LLCP-1.3 or new to this spec?

Section 3.4

   MIUX extension parameter within the information field.  If no MIUX
   parameter is transmitted, the default MIU value is 128 bytes.

nit: I think this reads better (in context) without "default" here.

   When the MIUX parameter is encoded as a TLV option, the TLV Type
   field MUST be 0x02 and the TLV Length field MUST be 0x02.  The MIUX
   parameter MUST be encoded into the least significant 11 bits of the
   TLV Value field.  The unused bits in the TLV Value field MUST be set
   to zero by the sender and ignored by the receiver.  A maximum value

(Figure 2 is a little confusing because the '|' separator inside the
value field occupies a bit position; this type of diagram is frequently
laid out "double width", to allow a '| separator between each bit, with 
'+' characters in the horizontal delimiting lines to mark off bit
boundaries.)

Also, you say "least significant bits" without specifying network byte
order.

nit: isn't this "The" maximum value?

   of the TLV Value field can be 0x7FF, and a maximum size of the MTU in
   NFC LLCP is 2176 bytes including the 128 byte default of MIU.

How can we use all 128 bytes of MIU when we need to spend four bytes on
the MIUX TLV?

Section 4.1

It's unclear to me what information I'm supposed to get from Figure 3
that differs from what was in Figure 1.

Section 4.2

   This document does NOT RECOMMEND using FAR over NFC link due to
   simplicity of the protocol and implementation.  [...]

nit: this isn't clear about what is simple.  ("If FAR is simple,
wouldn't that make it easy to implement and use?")

Section 4.3

   An NFC-enabled device (i.e., 6LN) performs stateless address
   autoconfiguration as per [RFC4862].  A 64-bit Interface identifier
   (IID) for an NFC interface is formed by utilizing the 6-bit NFC LLCP
   address (see Section 3.3).  In the viewpoint of address
   configuration, such an IID SHOULD guarantee a stable IPv6 address
   because each data link connection is uniquely identified by the pair
   of DSAP and SSAP included in the header of each LLC PDU in NFC.

(Just to check: these DSAP and SSAP are only unique within the context
of the current NFC pairing between two devices?)

The writing here is hard to follow -- I'm supposed to utilize the 6-bit
NFC LLCP address to form an IID (with nothing about how), but then we
see that IIDs for unicast are randomly generated (without using the LLCP
address), and only finally at the end do we mention the RFC 7217 PRF
(and not even by name!)

Section 4.4

Show me where the "Universal/Local" bit is, in the figure.

Expand 6LBR (and 6LR) on first use, and/or have a terminology section
that mentions that familiarity with the 6LoWPAN RFCs is assumed.

Section 4.5

      accordingly.  In addition, if DHCPv6 is used to assign an address,
      Duplicate Address Detection (DAD) is not necessary.

Not necessary in the DHCPv6 server or some other element?

   o  When two or more NFC 6LNs(or 6LRs) meet, there are two cases.  One
      is that three or more NFC devices are linked with multi-hop
      connections, and the other is that they meet within a single hop

I thought we said that NFC was a two-party thing only.  How are we
getting multi-hop connections?  If I assume that this is talking about
the IPv6 layer, how do we guarantee that only NFC-capable devices are
participating in the IPv6 network?

      router.  When the NFC nodes are not of uniform category (e.g.,
      different MTU, level of remaining energy, connectivity, etc.), a
      performance-outstanding device can become a router.  [...]

This seems rather under-specified.

Section 4.9

A link to Section 4.6.1 of RFC 4861 and a note that the field
descriptions are largely copied therefrom would be helpful.

Section 5.1

This section is laying out the physical mechanics of how a NFC node can
be connected to the Internet, but does not say why this is "typical" or
what the NFC node would be talking to on the Internet.

   One of the key applications of using IPv6 over NFC is securely
   transmitting IPv6 packets because the RF distance between 6LN and
   6LBR is typically within 10 cm.  If any third party wants to hack
   into the RF between them, it must come to nearly touch them.

Or use a big and ungainly high-gain antenna/illegal transmit power, right?

Section 5.2

This example does a little better than the previous one at conveying
what might motivate such a topology, but it's still pretty vague.

What is "outstanding performance"?  This doesn't seem actionable.

Section 7

   IPv6-over-NFC is, in practice, not used for long-lived links for big
   size data transfer or multimedia streaming, but used for extremely
   short-lived links (i.e., single touch-based approaches) for ID
   verification and mobile payment.  This will mitigate the threat of
   correlation of activities over time.

This mitigation only occurs if the IID is freshly generated for each
link, which isn't mentioned until the next paragraph, so it's an
unsupported claim at this point in the text.

   IPv6-over-NFC uses an IPv6 interface identifier formed from a "Short
   Address" and a set of well-known constant bits (such as padding with
   '0's) for the modified EUI-64 format.  However, the short address of

nit: Is the zero-padding really a "such as" or just a fact, given the
protocol specification?

   NFC link layer (LLC) is not generated as a physically permanent value
   but logically generated for each connection.  Thus, every single
   touch connection can use a different short address of NFC link with

nit: I don't think this is "can use"; I think this is "uses".

   an extremely short-lived link.  This can mitigate address scanning as
   well as location tracking and device-specific vulnerability
   exploitation.

These last two seem to have high overlap with the "correlation of
activities over time" from the previous paragraph.

   Thus, this document does not RECOMMEND sending NFC packets over the
   Internet or any unsecured network.

I don't see any preceding argument that leads into or supports this
claim; why is the word "thus" present?
Also, such a recommendation seems like it should be more prominently
made near the start of the document and not relegated to the security
considerations.

This document also does not give any indication of what might be
considered to be a "secure" network.  Note that per the RFC 3552 threat
model, we generally do not place any trust in the network.

Section 9.2

Isn't the whole point of this work that you are doing IPv6 over NFC?
How do you not need to implement NFC in order to implement this?

(Eric Rescorla) Discuss

Discuss (2019-03-13)
I am unable to adequately review this document because the first normative reference and hence this DISCUSS is incomplete (ordinarily this would conflict with the DISCUSS guidelines, but I believe it is necessary in this case).

   [LLCP-1.3]
              "NFC Logical Link Control Protocol version 1.3", NFC Forum
              Technical Specification , March 2016.

Does not appear to be publicly available (the web site contains a single-page PDF which reads in part "To view the complete specification, go to http://nfc-forum.org/our- work/specifications-and-application-documents/specifications/nfc-forum- technical-specifications/. Complete the license agreement, and then download the specification."). Please supply an unencumbered specification and then I can rereview.


I have read S 3.4 repeatedly, but am unable to work out the mapping of an IPv6 datagram to LLCP. Please provide a diagram that shows how this works and then perhaps I can assist you with the text.

Adam Roach Discuss

Discuss (2019-03-13)
Thanks to everyone who has worked on this document.

I generally agree with Benjamin's discuss points, and in particular agree with
his comment that it's kind of hard to figure out how all these pieces work
together. I have an additional issue that is somewhat related to some of the
points he raised, but which is (I think) not completely covered.

I'm really confused about what the purported privacy properties of this
protocol are. In section 4.3 (which I *think* talks about globally-routable IP
addresses, although this is a bit unclear), the document says:

   such an IID SHOULD guarantee a stable IPv6 address
   because each data link connection is uniquely identified by the pair
   of DSAP and SSAP included in the header of each LLC PDU in NFC

(Aside: this "should" is a simple statement of fact, not a described behavior of
the protocol, and so the use of RFC-2119-style all-caps is not appropriate.)

The presence of "a stable IPv6 address" inherently implies the ability to
track devices.

Then, in section 7, I find the following text:


   ...the short address of
   NFC link layer (LLC) is not generated as a physically permanent value
   but logically generated for each connection.  Thus, every single
   touch connection can use a different short address of NFC link with
   an extremely short-lived link.

This text seems to imply that addressing information is, in general, not stable,
which appears to flatly contradict the text in section 4.3.

Please clarify, in section 4.3, what the duration of stability of these
identifiers is.
Comment (2019-03-13)
ID Nits reports:

  == Unused Reference: 'RFC4291' is defined on line 697, but no explicit
     reference was found in the text

---------------------------------------------------------------------------

§1:

>  IPv6 is an ideal internet
>  protocols owing to its large address space

Nit: "protocol"

Suresh Krishnan Yes

Deborah Brungard No Objection

(Spencer Dawkins) No Objection

Comment (2019-03-13)
I support Alissa's second Discuss point about the plan for fragmentation interoperation, and her third Discuss point about connecting unsuspecting devices to the Internet :-) 

Other people have said this, but requiring MIUX would be awesome.

Warren Kumari No Objection

Comment (2019-03-14)
I apologize - I've read the document, but it doesn't seem like it contains enough information to allow a full implementation.

The document keeps talking about the fact that the range is limited to 10cm, and makes some security assertions from this - from the little that I understand about this technology (and I wasn't able to follow all the references), ISO 15693 tags using NDEF are now part of the NFC specification - these  work up to 1M. I have no idea if this protocol is supposed to work over that, but if so, 1M is greater than 10cm.

Also, I see you did respond to the OpsDir review ( https://datatracker.ietf.org/doc/review-ietf-6lo-nfc-12-opsdir-lc-wu-2018-12-19/ -- thank you very much, Qin) , but there are things in these which don't seem fully addressed. As an example, Qin asked:
----
 Section 3.4 said ” the MTU size in NFC LLCP MUST be calculated from the MIU
   value as follows:
                             MIU = 128 + MIUX.”
Can you provide formula to calculate MTU from MIU? Not clear how MTU is related to MIU? 
---

You responded: "YH >> Actually, MIU is the same as MTU. Specifications in NFC forum use 'MIU', and we use 'MTU'. But these two has the same meaning."

I read version 13 of this document and had the exact same question -- how do I calculate the MTU from the MIU? If they really are the same thing (which I'm not sure they are), the document should state that, so readers can more easily implement.

Mirja Kühlewind No Objection

Comment (2019-03-13)
1) I agree with Benjamin's discuss point on sec 3.4: there seems to be a mismatch between the text and the figure that needs to be resolved or clarified before publication.

2)Use of normative language doesn't always seem quite appropriate, especially SHALL. Benjamin already identified some cases in section 3.3. 

Here is an additional one in sec 4.1:
"The adaptation layer for IPv6 over NFC SHALL support neighbor
   discovery, stateless address auto-configuration, header compression,
   and fragmentation & reassembly."

Also this MAY in sec 5.2:
"In an isolated NFC-enabled device network,
   when two or more LRs MAY be connected with each other, and then they
   are acting like routers, the 6LR MUST ensure address collisions do
   not occur."

Please also check other occurrences.

3) I would have expected to see some discussion about the ability to potentially connect devices over an IP-gateway device to the Internet that were previously not designed to be connected to the Internet. However, maybe that's asked too much as that is certainly something that needs to be addressed by either a higher layer or the device system architecture as a whole.

Alexey Melnikov No Objection

Comment (2019-03-13)
I agree with Benjamin about antenna size. Despite that I have enjoyed reading this document. I have some questions/comments that I would like to discuss before recommending publication of this document as an RFC:

In 3.2:

   The LLCP consists of Logical Link Control (LLC) and MAC Mapping.  The
   MAC Mapping integrates an existing RF protocol into the LLCP
   architecture.  The LLC contains three components, such as Link
   Management, Connection-oriented Transmission, and Connection-less
   Transmission.  The Link Management component is responsible for
   serializing all connection-oriented and connection-less LLC PDU
   (Protocol Data Unit) exchanges and for aggregation and disaggregation
   of small PDUs.  This component also guarantees asynchronous balanced
   mode communication and provides link status supervision by performing
   the symmetry procedure.

Can you translate the last sentence for somebody who is not an expert in this?

In 4.4:

   The tool for a 6LBR to obtain an IPv6 prefix for numbering the NFC
   network is can be accomplished via DHCPv6 Prefix Delegation

I think "is" before "can be" should be deleted above.

   ([RFC3633]).

In 4.5:

   o  When two or more NFC 6LNs(or 6LRs) meet, there are two cases.  One
      is that three or more NFC devices are linked with multi-hop
      connections, and the other is that they meet within a single hop
      range (e.g., isolated network).  In a case of multi-hops, all of
      6LNs, which have two or more connections with different neighbors,
      MAY be a router for 6LR/6LBR.  In a case that they meet within a
      single hop and they have the same properties, any of them can be a
      router.  When the NFC nodes are not of uniform category (e.g.,
      different MTU, level of remaining energy, connectivity, etc.), a
      performance-outstanding device can become a router.

The last sentence: how can 2 NFC nodes figure out which one has higher level or remaining energy, etc?

In 4.7:

   Therefore, IPv6 header compression in [RFC6282] MUST be implemented.
   Further, implementations MAY also support Generic Header Compression
   (GHC) of [RFC7400].

Will 2 NFC implementations interoperate if one of them supports GHC and the other one doesn't?
If they can't, then "MAY" seems to be too weak here.


In 4.8:

   IPv6-over-NFC fragmentation and reassembly (FAR) for the payloads is
   NOT RECOMMENDED in this document as discussed in Section 3.4.

You are using "NOT RECOMMENDED", which is "SHOULD NOT". Why is this not a "MUST NOT" and why implementation of FAR would be Ok if one node supports it and another one doesn't?

Alvaro Retana No Objection

Ignas Bagdonas No Record

Roman Danyliw No Record

Barry Leiba No Record

Martin Vigoureux No Record

Éric Vyncke No Record

Magnus Westerlund No Record