Address Protected Neighbor Discovery for Low-power and Lossy Networks
draft-ietf-6lo-ap-nd-12
|
Document |
Type |
|
Active Internet-Draft (6lo WG)
|
|
Last updated |
|
2019-07-03
(latest revision 2019-04-10)
|
|
Replaces |
|
draft-sarikaya-6lo-ap-nd
|
|
Stream |
|
IETF
|
|
Intended RFC status |
|
Proposed Standard
|
|
Formats |
|
plain text
xml
pdf
htmlized
bibtex
|
Stream |
WG state
|
|
Submitted to IESG for Publication
|
|
Document shepherd |
|
Shwetha Bhandari
|
|
Shepherd write-up |
|
Show
(last changed 2019-04-25)
|
IESG |
IESG state |
|
AD Evaluation
|
|
Consensus Boilerplate |
|
Yes
|
|
Telechat date |
|
|
|
Responsible AD |
|
Suresh Krishnan
|
|
Send notices to |
|
Shwetha Bhandari <shwethab@cisco.com>
|
6lo P. Thubert, Ed.
Internet-Draft Cisco
Updates: 8505 (if approved) B. Sarikaya
Intended status: Standards Track
Expires: October 12, 2019 M. Sethi
Ericsson
R. Struik
Struik Security Consultancy
April 10, 2019
Address Protected Neighbor Discovery for Low-power and Lossy Networks
draft-ietf-6lo-ap-nd-12
Abstract
This document specifies an extension to 6LoWPAN Neighbor Discovery
(ND) protocol defined in RFC6775 and updated in RFC8505. The new
extension is called Address Protected Neighbor Discovery (AP-ND) and
it protects the owner of an address against address theft and
impersonation attacks in a low-power and lossy network (LLN). Nodes
supporting this extension compute a cryptographic identifier (Crypto-
ID) and use it with one or more of their Registered Addresses. The
Crypto-ID identifies the owner of the Registered Address and can be
used to provide proof of ownership of the Registered Addresses. Once
an address is registered with the Crypto-ID and a proof-of-ownership
is provided, only the owner of that address can modify the
registration information, thereby enforcing Source Address
Validation.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 12, 2019.
Thubert, et al. Expires October 12, 2019 [Page 1]
Internet-Draft Address Protection ND for LLN April 2019
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. BCP 14 . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2. References . . . . . . . . . . . . . . . . . . . . . . . 4
2.3. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 5
3. Updating RFC 8505 . . . . . . . . . . . . . . . . . . . . . . 6
4. New Fields and Options . . . . . . . . . . . . . . . . . . . 6
4.1. New Crypto-ID . . . . . . . . . . . . . . . . . . . . . . 6
4.2. Updated EARO . . . . . . . . . . . . . . . . . . . . . . 7
4.3. Crypto-ID Parameters Option . . . . . . . . . . . . . . . 8
4.4. NDP Signature Option . . . . . . . . . . . . . . . . . . 9
5. Protocol Scope . . . . . . . . . . . . . . . . . . . . . . . 11
6. Protocol Flows . . . . . . . . . . . . . . . . . . . . . . . 11
6.1. First Exchange with a 6LR . . . . . . . . . . . . . . . . 12
6.2. NDPSO generation and verification . . . . . . . . . . . . 14
6.3. Multihop Operation . . . . . . . . . . . . . . . . . . . 16
7. Security Considerations . . . . . . . . . . . . . . . . . . . 17
7.1. Inheriting from RFC 3971 . . . . . . . . . . . . . . . . 17
7.2. Related to 6LoWPAN ND . . . . . . . . . . . . . . . . . . 18
7.3. ROVR Collisions . . . . . . . . . . . . . . . . . . . . . 18
7.4. Implementation Attacks . . . . . . . . . . . . . . . . . 19
7.5. Cross-Protocol Attacks . . . . . . . . . . . . . . . . . 19
8. IANA considerations . . . . . . . . . . . . . . . . . . . . . 19
8.1. CGA Message Type . . . . . . . . . . . . . . . . . . . . 19
8.2. IPv6 ND option types . . . . . . . . . . . . . . . . . . 19
Show full document text