Hi Alissa,
I’m Younghwan. This is response on your DISCUSS and COMMENT about
draft-ietf-6lo-nfc-13.
Actually, I have already answered your DISCUSS and COMMENT before, and I have
produced -14 and -15.
However, I wonder I have addressed your DISCUSS and COMMENT about the
draft-ietf-6lo-nfc well or not.
Even though a lot of time has passed and so it is difficult for you to remember
details, I give you my answers again as bellows inline for the next step. If
you have another concerns, please response me..
Thanks a lot.
BRs,
Younghwan
-----Original Message-----
From: Alissa Cooper via Datatracker <[email protected]>
Sent: Wednesday, March 13, 2019 11:50 PM
To: The IESG <[email protected]>
Cc: [email protected]; Carles Gomez <[email protected]>;
Samita Chakrabarti <[email protected]>; [email protected];
[email protected]; [email protected]; [email protected]
Subject: Alissa Cooper's Discuss on draft-ietf-6lo-nfc-13: (with DISCUSS
and COMMENT)
Alissa Cooper has entered the following ballot position for
draft-ietf-6lo-nfc-13: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-6lo-nfc/
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
I support Benjamin's DISCUSS point about large antennas.
We can think of the larger antennas, but I don't think so. Even though the
third attackers have large antennas, they cannot get any of information by
using their large antennas from regular NFC antennas. If I have large antennas
with NFC, that's not secured. On the contrary, If I have regular antennas, such
an attack is not going to be happening. NFC RF distance is regularly less than
10cm. When I had the NFC RF with high-power transmitters in my experiments, the
RF distance was less than maximum 1 m. IPv6 over NFC is actually the first try
in IETF 6lo WG, and the NFC was normally just used RFID-like style these days.
So, many people who are not in the NFC technologies get wrong sometimes.
RFC 2119 specifies the keywords "RECOMMENDED" and "NOT RECOMMENDED." This
document uses these in verb form ("RECOMMEND" and "NOT RECOMMEND"). Please
change these instances so that the actual 2119 keywords are used.
I have checked them again as you concerned.
= Section 4.8 =
I think the Gen-ART reviewer's question about fragmentation is unresolved.
How is interoperability achieved if some nodes implement MIUX and not FAR, and
some nodes implement FAR and not MIUX? It seems as though IPv6-over-NFC needs
to be restricted to nodes that support one or the other (presumably MIUX).
IPv6-over-NFC is restricted to NFC devices that support MUIX in the final draft.
= Section 5.1 and 7 =
Per the Gen-ART review, one of these sections needs to say something about
how connecting to the Internet potentially changes the threat model for devices
that were perhaps not originally envisioned to connect to the Internet.
Agreed. I will put more explanations about the threat model at the end in
section 7.
" This document does not RECOMMEND sending NFC packets over the Internet or any
unsecured network.
Especially, there can be a threat model in the scenario of section 5.1. when
the NFC-enabled device links to a NFC-enabled gateway for connectivity with the
Internet, the gateway can be attacked. Even though IPv6 over NFC guarantees
security between the two NFC devices, there can be another threat during packet
forwarding. "
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
= General =
I agree with Benjamin that the marketing-type language in the document
should be removed.
Agreed. I have removed the marketing-like languages in the document (-15).
I wonder about the claims of security based on proximity in this document.
Presumably attacks in which users are induced to tap their device against
another node or terminal which has been compromised by an attacker are becoming
more common as NFC becomes more common; adding IPV6 connectivity to the
terminal stack surely broadens the potential damage done in such a case. This
seems worth noting.
= Section 1 =
OLD
It has been used in devices such as mobile phones, running Android
operating
system, named with a feature called "Android Beam". In addition, it
is expected for the other mobile phones, running the other operating
systems (e.g., iOS, etc.) to be equipped with NFC technology in the
near future.
NEW
At the time of this writing, it had been used in devices such as mobile
phones, running Android operating
system, named with a feature called "Android Beam". It was expected
for the
other mobile phones, running the other operating systems (e.g., iOS,
etc.)
to be equipped with NFC technology in the near future.
Thanks a lot. I have already put the new one. (in ver.-15)
= Section 4.5 =
Per the Gen-ART review, the use of the term "meet" is confusing in this
section. Please re-phrase.
Agreed, I have changed it with "are connected". (in ver.-15)
_______________________________________________
6lo mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lo
