Babel Routing Protocol over Datagram Transport Layer Security
draft-ietf-babel-dtls-10
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2020-12-22
|
10 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2020-11-23
|
10 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2020-10-01
|
10 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2020-09-08
|
10 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2020-09-08
|
10 | (System) | RFC Editor state changed to EDIT from MISSREF |
2020-09-04
|
10 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2020-09-04
|
10 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2020-09-04
|
10 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2020-09-03
|
10 | (System) | RFC Editor state changed to MISSREF from EDIT |
2020-09-03
|
10 | (System) | RFC Editor state changed to EDIT |
2020-09-03
|
10 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2020-09-03
|
10 | (System) | Announcement was received by RFC Editor |
2020-09-03
|
10 | (System) | IANA Action state changed to In Progress |
2020-09-03
|
10 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2020-09-03
|
10 | Amy Vezza | IESG has approved the document |
2020-09-03
|
10 | Amy Vezza | Closed "Approve" ballot |
2020-09-03
|
10 | Martin Vigoureux | IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup |
2020-09-03
|
10 | Martin Vigoureux | Ballot approval text was generated |
2020-08-25
|
10 | Martin Vigoureux | Ballot approval text was generated |
2020-08-16
|
10 | Erik Kline | [Ballot comment] [[ comments ]] [ section 5 ] * The first sentence of the 3rd paragraphs reads to me like "while DTLS provides … [Ballot comment] [[ comments ]] [ section 5 ] * The first sentence of the 3rd paragraphs reads to me like "while DTLS provides protection against replay attacks an attacker can still mount a replay attack". I don't have any constructive proposal to change this, but if it tickles something in your mind that might be more clear to those not super knowledgeable about DTLS, I'm sure that'll be great. |
2020-08-16
|
10 | Erik Kline | [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline |
2020-06-30
|
10 | David Schinazi | New version available: draft-ietf-babel-dtls-10.txt |
2020-06-30
|
10 | (System) | New version accepted (logged-in submitter: David Schinazi) |
2020-06-30
|
10 | David Schinazi | Uploaded new revision |
2020-06-27
|
09 | Murray Kucherawy | [Ballot comment] Reading the shorter document before the longer one, so I may be missing some important context here. This was pretty easy to read, … [Ballot comment] Reading the shorter document before the longer one, so I may be missing some important context here. This was pretty easy to read, so nice work. A number of editorial comments and suggestions follow: Section 2: * "... sent over to both unicast ..." -- s/over to both/over both/, right? Section 2.1: * "... intervals, to avoid ..." -- remove the comma * "Nodes SHOULD drop packets that have been reordered ..." -- Why would an implementer not do this? (i.e., why is it only a SHOULD?) Section 2.2: * "... from the Magic byte ..." -- s/Magic/magic/ Section 2.3: * Please expand/explain "TLV" on first use. * Just an aesthetic suggestion: In this sentence... Since Babel over DTLS only protects unicast packets, implementors may implement Babel over DTLS by modifying an implementation of Babel without DTLS support, and replacing any TLV previously sent over multicast with a separate TLV sent over unicast for each neighbour. ...you use "implementors", "implement", and "implementation". Maybe this? Since Babel over DTLS only protects unicast packets, implementors may provide Babel over DTLS by using a variant of Babel without DTLS support, and replacing any TLV previously sent over multicast with a separate TLV sent over unicast for each neighbour. Section 2.5: * Why is the stuff in the first paragraph only SHOULD/RECOMMENDED? (The answer may lie in the second paragraph, but I'm uncertain.) * I suggest that Section 5 should make a backward reference to this section since it talks about mitigation of an attack. Section 2.6: * "A node MAY allow configuration options to allow ..." -- change one of those "allow"s to "permit" |
2020-06-27
|
09 | Murray Kucherawy | [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy |
2020-04-15
|
09 | Martin Duke | [Ballot comment] This is very well written draft. Nits: - - Please update the DTLS-CID reference; I see that even the current draft is going … [Ballot comment] This is very well written draft. Nits: - - Please update the DTLS-CID reference; I see that even the current draft is going to expire on 23 April. |
2020-04-15
|
09 | Martin Duke | Ballot comment text updated for Martin Duke |
2020-04-15
|
09 | Martin Duke | [Ballot comment] This is very well written draft. Nits: - In section 2.1, could we change "nodes could use DTLS connection identifiers" to a MAY? … [Ballot comment] This is very well written draft. Nits: - In section 2.1, could we change "nodes could use DTLS connection identifiers" to a MAY? - Please update the DTLS-CID reference; I see that even the current draft is going to expire on 23 April. |
2020-04-15
|
09 | Martin Duke | [Ballot Position Update] New position, No Objection, has been recorded for Martin Duke |
2019-08-27
|
09 | Roman Danyliw | [Ballot comment] Thank you for addressing my DISCUSSes and COMMENTs. |
2019-08-27
|
09 | Roman Danyliw | [Ballot Position Update] Position for Roman Danyliw has been changed to No Objection from Discuss |
2019-08-26
|
09 | Gunter Van de Velde | Assignment of request for Last Call review by OPSDIR to Tina Tsou was marked no-response |
2019-08-14
|
09 | Benjamin Kaduk | [Ballot comment] Thank you for resolving my Discuss points! |
2019-08-14
|
09 | Benjamin Kaduk | [Ballot Position Update] Position for Benjamin Kaduk has been changed to No Objection from Discuss |
2019-08-14
|
09 | Mirja Kühlewind | [Ballot comment] Thanks for discussing the port assignment (again)! |
2019-08-14
|
09 | Mirja Kühlewind | [Ballot Position Update] Position for Mirja Kühlewind has been changed to No Objection from Discuss |
2019-08-13
|
09 | David Schinazi | New version available: draft-ietf-babel-dtls-09.txt |
2019-08-13
|
09 | (System) | New version approved |
2019-08-13
|
09 | (System) | Request for posting confirmation emailed to previous authors: Antonin Decimo , Juliusz Chroboczek , David Schinazi |
2019-08-13
|
09 | David Schinazi | Uploaded new revision |
2019-08-09
|
08 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2019-08-09
|
08 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2019-08-09
|
08 | David Schinazi | New version available: draft-ietf-babel-dtls-08.txt |
2019-08-09
|
08 | (System) | New version approved |
2019-08-09
|
08 | (System) | Request for posting confirmation emailed to previous authors: Antonin Decimo , Juliusz Chroboczek , David Schinazi |
2019-08-09
|
08 | David Schinazi | Uploaded new revision |
2019-08-08
|
07 | Cindy Morgan | IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation |
2019-08-08
|
07 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2019-08-08
|
07 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2019-08-07
|
07 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2019-08-07
|
07 | Benjamin Kaduk | [Ballot discuss] I support Roman's Discuss point (1) (and basically cover the same as his (2) below). Let's have a discussion about (DTLS) identity. Section … [Ballot discuss] I support Roman's Discuss point (1) (and basically cover the same as his (2) below). Let's have a discussion about (DTLS) identity. Section 2.1 says that we use mutual authentication and that implementations "MUST support authenticating peers against a local store of credentials"; also that "if a node receives a new DTLS connection from a neighbour to whom it already has a connection, the node MUST NOT discard the older connection until it has completed the handshake of the new one and validated the identity of the peer". But how does this authentication occur, and what constitutes the identity of the peer. We will frequently have (D)TLS consumers cite RFC 6125 and say that (e.g.) DNS-ID or SRV-ID must match the name obtained in some fashion. But for Babel, we are authenticating routers -- router identity is usually in the form of just an IP address on a loopback interface! Are we expected to get certificates that certify IP addresses as identity, or use some sort of PSK or password-based TLS authentication? (The last two are not really compatible with the "MUST send a CertificateRequest", BTW.) Raw public keys? I think we can give a more clear picture of how to build a secure system. Relatedly, once DTLS authenticates an identity, what level of authorization checks are performed? Are we still in a single authorization domain, where any router that authenticates as being part of a given domain is implictily authorized to be a babel peer and convey any and all routing information? We should also give some guidance on ciphers and algorithms where we discuss the DTLS details (BCP 195 is probably the safest bet here, even if it's a little in need of an update). |
2019-08-07
|
07 | Benjamin Kaduk | [Ballot comment] Section 1.2 The protocol described in this document protects Babel packets with DTLS. As such, it inherits the features offered by … [Ballot comment] Section 1.2 The protocol described in this document protects Babel packets with DTLS. As such, it inherits the features offered by DTLS, notably authentication, integrity, replay protection, confidentiality and asymmetric keying. It is therefore expected to be applicable in a replay protection is not an inherent feature of DTLS, so I suggest "optional replay protection" to emphasize that an implementation of babel may need to explicitly configure it. There exists another mechanism for securing Babel, namely Babel HMAC authentication [BABEL-HMAC]. HMAC only offers basic features, namely authentication, integrity and replay protection with a small number of symmetric keys. A comparison of Babel security mechanisms and Even the authentication is limited, as it is group authentication, not true per-entity authentication. Section 2.1 information last longer. If a node receives a new DTLS connection from a neighbour to whom it already has a connection, the node MUST NOT discard the older connection until it has completed the handshake of the new one and validated the identity of the peer. (Does the validated identity of the peer have to match the one from the previous handshake?) Section 2.3 I agree with the RtgDir reviewer that unprotected (multicast) Hellos are at risk of tampering by an attacker, who could drop them or modify the seqno/interval, for DoS purposes. I see the text about use of multicast Hellos for discovery and the acknowledgment that an out-of-band neighbor discovery mechanism may be available. Are there any such discovery mechanism under development? Regardless, I think we should consider mandating/suggesting (to some strength; maybe SHOULD is enough) the use of protected unicast Hellos instead of just stating that nodes can either rely on multicast or send protected unicast Hellos. When unicast (protected) Hellos are in use, even tampering with multicast Hellos will not be enough to cause a DoS attack, since a node must be detected as down on both unicast and multicast to be considered gone. (Of course, a sufficiently powerful attacker can still just drop all traffic and cause DoS.) Section 2.4 Note that receiving an unprotected packet can still be used to discover new neighbours, even when all TLVs in that packet are silently ignored. Is this going to cause a lot of spurious DTLS handshake attempts if we ever end up with a babel-dtls implementation adjacent to a classic-babel-only implementation? Is there any rate limiting on that? Section 2.5 Do we want to talk about the potential consequences of an attacker arbitrarily delaying valid content (to justify the need for a timeout)? Section 2.6 A node MAY allow configuration options to allow unprotected Babel on some interfaces but not others; this effectively gives nodes on that interface the same access as authenticated nodes, and SHOULD NOT be done unless that interface has a mechanism to authenticate nodes at a lower layer (e.g., IPsec). I'm unhappy that this SHOULD NOT is not a MUST NOT, but cannot quite justify making it a Discuss-level point. Section 3 IP, UDP and DTLS. Nodes MUST NOT send Babel packets larger than the attached interface's MTU adjusted for known lower-layer headers (at least UDP and IP) or 512 octets, whichever is larger, but not exceeding 2^16 - 1 adjusted for lower-layer headers. Every Babel speaker MUST be able to receive packets that are as large as any Aren't these requirements just duplicating what's in 6126bis? We probably don't need to repeat the normative language, at least, even if there's a desire to repeat the content. Note that distinct DTLS connections can use different ciphers, which can have different amounts of overhead per packet. Therefore, the nit: I think the intention here was "per-packet overhead", though the statement is true as currently written (due to variable length padding for block ciphers). Section 5 The RFC 7525 ref is probably better spelled as BCP 195, and arguably moved earlier in the text (i.e., where I mentioned it previously). A malicious client might attempt to perform a high number of DTLS handshakes with a server. As the clients are not uniquely identified by the protocol and can be obfuscated with IPv6 temporary addresses, a server needs to mitigate the impact of such an attack. Such nit: they're not uniquely identified by the protocol *until the handshake completes* -- our requirement for mutual authentication will cause all valid clients to be identified. However, the DoS risk does not require the client to let the handshake complete, so the core statement here remains valid. It may also be worth mentioning "Slowloris"-style attacks that keep handshake state active for as long as possible to increase resource consumption. Section 6.2 DTLS-CID needs to be normative if it is a MAY-level feature. (See https://www6.ietf.org/iesg/statement/normative-informative.html .) RFC 7525 (i.e., BCP 195) definitely needs to be normative, as a MUST-level requirement! |
2019-08-07
|
07 | Benjamin Kaduk | [Ballot Position Update] New position, Discuss, has been recorded for Benjamin Kaduk |
2019-08-07
|
07 | Roman Danyliw | [Ballot discuss] (1) Section 1. These are different than the ones listed in Section 6 of draft-ietf-babel-rfc6126bis and Section 1 of draft-ietf-babel-dtls. As DTLS and … [Ballot discuss] (1) Section 1. These are different than the ones listed in Section 6 of draft-ietf-babel-rfc6126bis and Section 1 of draft-ietf-babel-dtls. As DTLS and HMAC are mitigations for attacks in draft-ietf-babel-rfc6126bis, they really should be harmonized. (2) Section 2.1. Per “Implementations MUST support authenticating peers against a local store of credentials”, what does that credentialing look like? Is it certificates, PSK, etc? What validation procedure is being used for this authentication? |
2019-08-07
|
07 | Roman Danyliw | [Ballot comment] (3) Abstract. Per “Babel does not contain any means … [to] protect messages”, be more precise in the definition of protect (i.e., integrity … [Ballot comment] (3) Abstract. Per “Babel does not contain any means … [to] protect messages”, be more precise in the definition of protect (i.e., integrity and confidentiality) (4) Section 1.2. Per “A comparison of Babel security mechanisms and their applicability can be found in [RFC6126bis]”, where in draft-ietf-babel-rfc6126bis does this comparison occur. The references to HMAC and TLS are in a single paragraph in in Section 6/Security Considerations which roughly reiterate the one sentence statements written here. (5) Section 2.1. Per “When a node receives a new DTLS connection, it MUST verify that the source IP address is an IPv6 link-local address …”, what happens if IPv4 is in use? (6) Section 2.1. Per “Nodes MUST only negotiate DTLS version 1.2 or higher”, this is stricter than RFC7525 cited in the Security Consideration later in the draft. That’s fine, but please reiterate that in Section 5. (7) Section 2.6 Suggest being clearer that this is a deployment not an implementation issue. s/Implementations MAY implement both Babel over DTLS and unprotected Babel./ /A node MAY run both Babel over DTLS and unprotected Babel./ (8) Section 2.6, Per “However, accepting unprotected Babel packets … loses the security properties of Babel over DTLS”. This seems misleading. The security properties of “Babel over DTLS” as a protocol are stated in Section 1.2. In this section there is discussion of the security properties of the node (and the resulting neighbor table). These are different. The issue seems to be that a node is building a neighbor table with updates from sources which need to be trusted to different degrees. (9) Section 5. Per “Confidential interaction between two Babel peers requires Datagram Transport Layer Security (DTLS) with a cipher suite offering confidentiality protection. The guidance given in [RFC7525] MUST be followed to avoid attacks on DTLS.”, the first sentence is true, but incomplete, in that we’d also want cipher suites with a strong key exchange algorithm, etc. Section 4.2 of RFC7525, which is cited as a MUST, provides a list of recommended ciphers suites. Do we need this first sentence? (10) Editorial -- Section 2.1. Expand “IHU” on first use -- Section 3. Nit. s/ciphers/ciphersuites/ |
2019-08-07
|
07 | Roman Danyliw | [Ballot Position Update] New position, Discuss, has been recorded for Roman Danyliw |
2019-08-07
|
07 | Mirja Kühlewind | [Ballot discuss] Unfortunately I need to discuss the port request again. First of all I would like to comment on the shepherd write-up which says: … [Ballot discuss] Unfortunately I need to discuss the port request again. First of all I would like to comment on the shepherd write-up which says: "The document requires only the allocation of a port number for Babel over DTLS. Having such a second port for the secured version of a protocol is a fairly common practice. This is shown in the IANA Considerations section." This is not correct. Having a second port for the secured version of a protocol WAS common practice. However RFC6335 say now "The use of separate service name or port number assignments for secure and insecure variants of the same service is to be avoided in order to discourage the deployment of insecure services." Anyway, in this case I understand that a different port is desired because unencrypted HELLO messages are still received over the default babel port. However, it is not clear to me why a fixed/default port is needed. The neighbour needs to be discovered in some why, no matter what, before a DTLS connection can be established and this discovery procedure could indicate a dynamic port number that the peer is listening on for babel over DTLS. E.g. the multicast HELLO could have a new TLV with this port information. Please clarify why this option is not suitable! Thanks! |
2019-08-07
|
07 | Mirja Kühlewind | [Ballot comment] This specification seems to only support babel over DTLS for IPv6. This should be stated clearly in the introduction. |
2019-08-07
|
07 | Mirja Kühlewind | [Ballot Position Update] New position, Discuss, has been recorded for Mirja Kühlewind |
2019-08-06
|
07 | Alvaro Retana | [Ballot comment] Please reply to the rtg-dir review: https://mailarchive.ietf.org/arch/msg/rtg-dir/fuvl_TQmvfqxbtq5Qv12qB_ok4M |
2019-08-06
|
07 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2019-08-05
|
07 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2019-08-05
|
07 | Éric Vyncke | [Ballot comment] Thank you for the work put into this document. I have only two COMMENTs. Regards, -éric == COMMENTS == -- Section 1.2 -- … [Ballot comment] Thank you for the work put into this document. I have only two COMMENTs. Regards, -éric == COMMENTS == -- Section 1.2 -- The text refers to the security consideration of RFC6121bis for an extended comparison of HMAC & DTLS except that there is no additional information in RFC 6121bis. -- Section 2.1 -- It is a little unclear to me whether a mix of DTLS and non-DTLS Babel nodes can exist on the same layer-2 network. I guess no (as implied later) but a clear sentence would help. |
2019-08-05
|
07 | Éric Vyncke | [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke |
2019-07-30
|
07 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov |
2019-07-16
|
07 | (System) | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2019-07-15
|
07 | Sean Turner | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Sean Turner. Sent review to list. |
2019-07-12
|
07 | Cindy Morgan | Placed on agenda for telechat - 2019-08-08 |
2019-07-12
|
07 | Martin Vigoureux | IESG state changed to IESG Evaluation from Waiting for Writeup |
2019-07-12
|
07 | Martin Vigoureux | Ballot has been issued |
2019-07-12
|
07 | Martin Vigoureux | [Ballot Position Update] New position, Yes, has been recorded for Martin Vigoureux |
2019-07-12
|
07 | Martin Vigoureux | Created "Approve" ballot |
2019-07-12
|
07 | Martin Vigoureux | Ballot writeup was changed |
2019-07-05
|
07 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA - Not OK |
2019-07-05
|
07 | David Schinazi | New version available: draft-ietf-babel-dtls-07.txt |
2019-07-05
|
07 | (System) | New version approved |
2019-07-05
|
07 | (System) | Request for posting confirmation emailed to previous authors: Antonin Decimo , Juliusz Chroboczek , David Schinazi |
2019-07-05
|
07 | David Schinazi | Uploaded new revision |
2019-07-05
|
07 | (System) | Request for posting confirmation emailed to previous authors: Antonin Decimo , Juliusz Chroboczek , David Schinazi |
2019-07-05
|
07 | David Schinazi | Uploaded new revision |
2019-07-05
|
06 | Min Ye | Request for Last Call review by RTGDIR Completed: Has Issues. Reviewer: Henning Rogge. Sent review to list. |
2019-07-04
|
06 | (System) | IANA Review state changed to IANA - Not OK from IANA - Review Needed |
2019-07-04
|
06 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-babel-dtls-05. If any part of this review is inaccurate, please let … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-babel-dtls-05. If any part of this review is inaccurate, please let us know. The IANA Functions Operator has a question about the IANA Considerations section of this document. We understand that, upon approval of this document, there is a single action which we must complete. In the Service Name and Transport Protocol Port Number Registry located at: https://www.iana.org/assignments/service-names-port-numbers the following port number will be registered as follows: Service Name: babel-dtls Port Number: TBD Description: Babel Routing Protocol over DTLS Assignee: David Schinazi Contact: David Schinazi Reference: [RFC to be] IANA notes the authors have suggested port 6699 for this registration. IANA Question: Should the assignee be the IESG and the contact be the IETF Chair ? Please see RFC 6335, Section 8.1.1 Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed. Thank you, Sabrina Tanamal Senior IANA Services Specialist |
2019-07-04
|
06 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2019-07-02
|
06 | David Schinazi | New version available: draft-ietf-babel-dtls-06.txt |
2019-07-02
|
06 | (System) | New version approved |
2019-07-02
|
06 | (System) | Request for posting confirmation emailed to previous authors: Antonin Decimo , Juliusz Chroboczek , David Schinazi |
2019-07-02
|
06 | David Schinazi | Uploaded new revision |
2019-06-28
|
05 | Min Ye | Request for Last Call review by RTGDIR is assigned to Henning Rogge |
2019-06-28
|
05 | Min Ye | Request for Last Call review by RTGDIR is assigned to Henning Rogge |
2019-06-28
|
05 | Min Ye | Assignment of request for Last Call review by RTGDIR to Tony Przygienda was marked no-response |
2019-06-25
|
05 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Tina Tsou |
2019-06-25
|
05 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Tina Tsou |
2019-06-25
|
05 | Dan Romascanu | Request for Last Call review by GENART Completed: Ready. Reviewer: Dan Romascanu. Sent review to list. |
2019-06-22
|
05 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Sean Turner |
2019-06-22
|
05 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Sean Turner |
2019-06-20
|
05 | Min Ye | Request for Last Call review by RTGDIR is assigned to Tony Przygienda |
2019-06-20
|
05 | Min Ye | Request for Last Call review by RTGDIR is assigned to Tony Przygienda |
2019-06-20
|
05 | Jean Mahoney | Request for Last Call review by GENART is assigned to Dan Romascanu |
2019-06-20
|
05 | Jean Mahoney | Request for Last Call review by GENART is assigned to Dan Romascanu |
2019-06-20
|
05 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2019-06-20
|
05 | Cindy Morgan | The following Last Call announcement was sent out (ends 2019-07-04): From: The IESG To: IETF-Announce CC: babel-chairs@ietf.org, babel@ietf.org, Donald Eastlake , d3e3e3@gmail.com, … The following Last Call announcement was sent out (ends 2019-07-04): From: The IESG To: IETF-Announce CC: babel-chairs@ietf.org, babel@ietf.org, Donald Eastlake , d3e3e3@gmail.com, draft-ietf-babel-dtls@ietf.org, martin.vigoureux@nokia.com Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Babel Routing Protocol over Datagram Transport Layer Security) to Proposed Standard The IESG has received a request from the Babel routing protocol WG (babel) to consider the following document: - 'Babel Routing Protocol over Datagram Transport Layer Security' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2019-07-04. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Babel Routing Protocol does not contain any means to authenticate neighbours or protect messages sent between them. This document specifies a mechanism to ensure these properties, using Datagram Transport Layer Security (DTLS). The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-babel-dtls/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-babel-dtls/ballot/ No IPR declarations have been submitted directly on this I-D. |
2019-06-20
|
05 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2019-06-20
|
05 | Martin Vigoureux | Requested Last Call review by RTGDIR |
2019-06-20
|
05 | Martin Vigoureux | Last call was requested |
2019-06-20
|
05 | Martin Vigoureux | Ballot approval text was generated |
2019-06-20
|
05 | Martin Vigoureux | Ballot writeup was generated |
2019-06-20
|
05 | Martin Vigoureux | IESG state changed to Last Call Requested from AD Evaluation::AD Followup |
2019-06-20
|
05 | Martin Vigoureux | Last call announcement was generated |
2019-06-06
|
05 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2019-06-06
|
05 | David Schinazi | New version available: draft-ietf-babel-dtls-05.txt |
2019-06-06
|
05 | (System) | New version approved |
2019-06-06
|
05 | (System) | Request for posting confirmation emailed to previous authors: Antonin Decimo , Juliusz Chroboczek , David Schinazi |
2019-06-06
|
05 | David Schinazi | Uploaded new revision |
2019-05-24
|
04 | Martin Vigoureux | IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation |
2019-03-12
|
04 | Martin Vigoureux | IESG state changed to AD Evaluation from Publication Requested |
2019-02-08
|
04 | Donald Eastlake | PROTO for draft-ietf-babel-dtls-07.txt -------------------------------------- (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Proposed Standard. … PROTO for draft-ietf-babel-dtls-07.txt -------------------------------------- (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Proposed Standard. Title page indicates Standards Track. This document standardizes the securing of Babel with DTLS. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: The Babel Routing Protocol does not contain any means to authenticate neighbours or protect messages sent between them. This documents specifies a mechanism to ensure these properties, using Datagram Transport Layer Security (DTLS). Working Group Summary: There was a clear consensus in favor of the document. There was no opposition except for one participant who changed to support. Document Quality: The document is of good quality and has had a reasonable variety of reviews with comments resolved to the satisfaction of the reviewers. Personnel: Document Shepherd: Donald Eastlake Responsible Area Director: Martin Vigoureux (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document Shepherd's review is here: https://mailarchive.ietf.org/arch/msg/babel/AzjslHG1bVLksmXMs62gLDqeN_M (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. An early security review took place. See https://mailarchive.ietf.org/arch/msg/babel/1i3PTpCYZ5uXgNxIsWR8Ken3Tnw An early routing review took place. See https://mailarchive.ietf.org/arch/msg/babel/cKA2BYaRP08UPgPSeIWp7K-ci6A (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? No special concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. Yes, see: https://mailarchive.ietf.org/arch/msg/babel/CcIbTcuyYI7GdJfGvYg7S3CxddQ https://mailarchive.ietf.org/arch/msg/babel/XacfODvwa5WHp7VG5tTCgV3AL28 https://mailarchive.ietf.org/arch/msg/babel/071D6tjivX4agtaUzFGlmxL0DT8 (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosures. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is a good consensus of active participants in the WG. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? No. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. No nits. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. No such formal review required. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? There is a normative reference to draft-ietf-babel-rfc6126bis but that draft is in WG Last Call and expected to advance shortly. (15) Are there downward normative references (see RFC 3967)? There are no down-refs. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? The front page indicates that this document Updates rfc6126bis. This is an arguable point. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. The document requires only the allocation of a port number for Babel over DTLS. Having such a second port for the secured version of a protocol is a fairly common practice. This is shown in the IANA Considerations section. (18) List any new IANA registries that require Expert Review for future allocations. No new registries created. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. No automated checks required. |
2019-02-08
|
04 | Donald Eastlake | Responsible AD changed to Martin Vigoureux |
2019-02-08
|
04 | Donald Eastlake | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2019-02-08
|
04 | Donald Eastlake | IESG state changed to Publication Requested from I-D Exists |
2019-02-08
|
04 | Donald Eastlake | IESG process started in state Publication Requested |
2019-02-08
|
04 | Donald Eastlake | Tag Revised I-D Needed - Issue raised by WGLC cleared. |
2019-02-08
|
04 | Donald Eastlake | PROTO for draft-ietf-babel-dtls-07.txt -------------------------------------- (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Proposed Standard. … PROTO for draft-ietf-babel-dtls-07.txt -------------------------------------- (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Proposed Standard. Title page indicates Standards Track. This document standardizes the securing of Babel with DTLS. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: The Babel Routing Protocol does not contain any means to authenticate neighbours or protect messages sent between them. This documents specifies a mechanism to ensure these properties, using Datagram Transport Layer Security (DTLS). Working Group Summary: There was a clear consensus in favor of the document. There was no opposition except for one participant who changed to support. Document Quality: The document is of good quality and has had a reasonable variety of reviews with comments resolved to the satisfaction of the reviewers. Personnel: Document Shepherd: Donald Eastlake Responsible Area Director: Martin Vigoureux (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document Shepherd's review is here: https://mailarchive.ietf.org/arch/msg/babel/AzjslHG1bVLksmXMs62gLDqeN_M (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. An early security review took place. See https://mailarchive.ietf.org/arch/msg/babel/1i3PTpCYZ5uXgNxIsWR8Ken3Tnw An early routing review took place. See https://mailarchive.ietf.org/arch/msg/babel/cKA2BYaRP08UPgPSeIWp7K-ci6A (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? No special concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. Yes, see: https://mailarchive.ietf.org/arch/msg/babel/CcIbTcuyYI7GdJfGvYg7S3CxddQ https://mailarchive.ietf.org/arch/msg/babel/XacfODvwa5WHp7VG5tTCgV3AL28 https://mailarchive.ietf.org/arch/msg/babel/071D6tjivX4agtaUzFGlmxL0DT8 (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosures. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is a good consensus of active participants in the WG. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? No. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. No nits. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. No such formal review required. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? There is a normative reference to draft-ietf-babel-rfc6126bis but that draft is in WG Last Call and expected to advance shortly. (15) Are there downward normative references (see RFC 3967)? There are no down-refs. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? The front page indicates that this document Updates rfc6126bis. This is an arguable point. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. The document requires only the allocation of a port number for Babel over DTLS. Having such a second port for the secured version of a protocol is a fairly common practice. This is shown in the IANA Considerations section. (18) List any new IANA registries that require Expert Review for future allocations. No new registries created. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. No automated checks required. |
2019-02-06
|
04 | David Schinazi | New version available: draft-ietf-babel-dtls-04.txt |
2019-02-06
|
04 | (System) | New version approved |
2019-02-06
|
04 | (System) | Request for posting confirmation emailed to previous authors: Antonin Decimo , Juliusz Chroboczek , David Schinazi |
2019-02-06
|
04 | David Schinazi | Uploaded new revision |
2019-02-06
|
03 | Donald Eastlake | https://mailarchive.ietf.org/arch/msg/babel/5wdPPZWyaF9KngoBcdqkLdWgMS8 |
2019-02-06
|
03 | Donald Eastlake | Tag Revised I-D Needed - Issue raised by WGLC set. |
2019-02-06
|
03 | Donald Eastlake | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2019-01-29
|
03 | Sean Turner | Request for Early review by SECDIR Completed: Has Nits. Reviewer: Sean Turner. Sent review to list. |
2019-01-08
|
03 | Donald Eastlake | IETF WG state changed to In WG Last Call from WG Document |
2019-01-08
|
03 | David Schinazi | New version available: draft-ietf-babel-dtls-03.txt |
2019-01-08
|
03 | (System) | New version approved |
2019-01-08
|
03 | (System) | Request for posting confirmation emailed to previous authors: Antonin Decimo , Juliusz Chroboczek , David Schinazi |
2019-01-08
|
03 | David Schinazi | Uploaded new revision |
2018-12-20
|
02 | Donald Eastlake | Notification list changed to Donald Eastlake <d3e3e3@gmail.com> |
2018-12-20
|
02 | Donald Eastlake | Document shepherd changed to Donald E. Eastlake 3rd |
2018-12-20
|
02 | Donald Eastlake | Changed consensus to Yes from Unknown |
2018-12-20
|
02 | Donald Eastlake | Intended Status changed to Proposed Standard from None |
2018-11-14
|
02 | Juliusz Chroboczek | New version available: draft-ietf-babel-dtls-02.txt |
2018-11-14
|
02 | (System) | New version approved |
2018-11-14
|
02 | (System) | Request for posting confirmation emailed to previous authors: babel-chairs@ietf.org, Antonin Decimo , Juliusz Chroboczek , David Schinazi |
2018-11-14
|
02 | Juliusz Chroboczek | Uploaded new revision |
2018-11-03
|
01 | Donald Eastlake | Added to session: IETF-103: babel Wed-1540 |
2018-10-25
|
01 | Tero Kivinen | Request for Early review by SECDIR is assigned to Sean Turner |
2018-10-25
|
01 | Tero Kivinen | Request for Early review by SECDIR is assigned to Sean Turner |
2018-10-23
|
01 | Donald Eastlake | Requested Early review by SECDIR |
2018-10-08
|
01 | David Schinazi | New version available: draft-ietf-babel-dtls-01.txt |
2018-10-08
|
01 | (System) | New version approved |
2018-10-08
|
01 | (System) | Request for posting confirmation emailed to previous authors: Antonin Decimo , Juliusz Chroboczek , David Schinazi |
2018-10-08
|
01 | David Schinazi | Uploaded new revision |
2018-09-26
|
00 | Min Ye | Request for Early review by RTGDIR Completed: Has Issues. Reviewer: Tony Przygienda. |
2018-09-13
|
00 | Min Ye | Request for Early review by RTGDIR is assigned to Tony Przygienda |
2018-09-13
|
00 | Min Ye | Request for Early review by RTGDIR is assigned to Tony Przygienda |
2018-09-12
|
00 | Min Ye | Request for Early review by RTGDIR is assigned to Victoria Pritchard |
2018-09-12
|
00 | Min Ye | Request for Early review by RTGDIR is assigned to Victoria Pritchard |
2018-08-30
|
00 | Min Ye | Request for Early review by RTGDIR is assigned to Jon Mitchell |
2018-08-30
|
00 | Min Ye | Request for Early review by RTGDIR is assigned to Jon Mitchell |
2018-08-27
|
00 | Min Ye | Request for Early review by RTGDIR is assigned to Andrew Malis |
2018-08-27
|
00 | Min Ye | Request for Early review by RTGDIR is assigned to Andrew Malis |
2018-08-27
|
00 | Donald Eastlake | Requested Early review by RTGDIR |
2018-08-15
|
00 | David Schinazi | This document now replaces draft-decimo-babel-dtls instead of None |
2018-08-15
|
00 | David Schinazi | New version available: draft-ietf-babel-dtls-00.txt |
2018-08-15
|
00 | (System) | New version approved |
2018-08-15
|
00 | David Schinazi | Request for posting confirmation emailed to submitter and authors: Juliusz Chroboczek , =?utf-8?q?Antonin_D=C3=A9cimo?= , David Schinazi |
2018-08-15
|
00 | David Schinazi | Uploaded new revision |