Warren Kumari via Datatracker <[email protected]> wrote: > [ Be ye not afraid - this should be easy to answer / address ] The > Privacy Considerations says: "The use of a network ID may reveal > information about the network." Good point - but it also goes on to > say: "The use of a SHA256 hash of the DODAGID, rather than using the > DODAGID (which is usually derived from the LLN prefix) directly > provides some privacy for the the addresses used within the network, as > the DODAGID is usually the IPv6 address of the root of the RPL mesh."
> I don't know if this is an issue, but how much entropy is in a DODAGID?
> From what I could find, the DODAGID is often just an IP address - and
> subnets are not randomly distributed, nor are L2 addresses (inputs to
> address generation) - if I know that many of the nodes come from
> vendor_A, and I know their L2 / MAC range, can I enumerate this, and by
> extension the DODAGID, and so the hash?
The point of a good hash is to spread whatever entropy there is in the input
all over the output. If there are a very few number of inputs, then akin to
the /etc/passwd dictionary attacks, an attacker can just pre-calculate a
bunch of things.
So, can you enumerate the DODAGIDs? Maybe.
The 6LBR address which is usually used as the DODAGID is an IPv6 address.
So there is some ~32-bits of space assuming that the RIR assigned prefix
(e.g. 2001:db8::/32) is discoverable by looking up www.example.com
This assumes that you know who you are trying learn about.
The next 32-bits will be operator or DHCPv6-PD assigned, and maybe not guess
that part. And then the IID could be assigned via any number of our RFC8064,
or might be ::1.
So if you know what network you are looking for, you can probably find it.
The operator is allowed to generate the NetworkID with a random number
generator, btw.
But, if you observe ten LLNs the hash makes it hard to trivially map them
back to a specific operator.
Do you feel that I need to add this to the document?
I feel that it distracts: SHA256 is just a suggestion.
> I will happily admit that I haven't fully researched this / thought it
> through, so "Nah, won't work" or "Yes, will work, but we did say
> 'provides some privacy', not 'absolute privacy'" or all acceptable
> answers :-)
Some privacy.
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> I found this document to be well written, and helpfully explained the
> background, issue, etc. Thank you!
> Question: "Pledges which have not yet enrolled are unable to
> authenticate the beacons, and will be forced to temporarily take the
> contents on faith. After enrollment, a newly enrolled node will be able
> to return to the beacon and validate it." Yes, this is true - a newly
> enrolled node will be able to do this -- but I don't see a suggestion /
> requirement that they actually *do* so. I'm perfectly capable of
> picking up my socks, but.... :-)
You want to read draft-ietf-6tisch-minimal-security section 5 and section 9,
last paragraph.
Doing so is somewhat optional: if the pledge doesn't verify the beacon it saw
then it will verify the next beacon.
If the beacon was bogus, then the 6tisch-CoJP likely also failed, or the
pledge won't get to the Join Proxy at all, since it will not have a workable
TSCH schedule.
> Nit: "Although However, even in this case, a" - typo / redundancy.
> Please also see Qin Wu's Opsdir review
>
(https://datatracker.ietf.org/doc/review-ietf-6tisch-enrollment-enhanced-beacon-08-opsdir-lc-wu-2020-01-21/),
> which has some useful questions / nits.
I thought I had, but I don't have anything in my outbox, so I'll grab it when
I land.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
