OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

openc2 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [openc2] Re: Broadcast IP addresses and OpenC2

Certainly the only transfer spec we have right now, HTTPS, is designed for point-to-point connection so broadcast IP addresses don't make sense there.

If you're using a pub/sub protocol you could do broadcast to actuators within the messaging fabric and again broadcast IP addresses don't make sense.

There might be some cases for using broadcast IP addresses on isolated networks, but all of the things that occur to me right now where that might be an operational fit are SCADA / OT type networks, and my understanding is that those are usually very brittle when presented with unexpected traffic, so it seems likely to be a bad idea in that context.

The security concerns with such are broadcast are also concerning.Â

Lacking a supporting use case I'd think it would be better to prohibit it. That said, I don't see a good place in our current fleet of specifications to place any kind of prohibition.

Dave

David P. Lemire, CISSP
 OpenC2 Technical Committee Secretary
 OpenC2 Implementation Considerations SC Co-chair
 Contractor support to NSA
Email: dave.lemire@g2-inc.com
Office: 301-575-5190 / Mobile: 240-938-9350

On Mon, Feb 4, 2019 at 3:50 PM Everett, Alex D <alex.everett@unc.edu> wrote:

Toby:


So I dont think it is legal. The transports we have today dont support it, and it just wouldnt work. But its probably a better question to those who are directly working on the transfer/transport specs than for me to answer.


-Alex


From: openc2@lists.oasis-open.org <openc2@lists.oasis-open.org> on behalf of Considine, Toby <Toby.Considine@unc.edu>
Sent: Monday, February 4, 2019 2:19:05 PM
To: TC OpenC2
Subject: [openc2] Broadcast IP addresses and OpenC2
Â

Last week, I attempted to start a discussion about OpenC2 and Broadcast.

Â

I seem to have been too obscure, or not able to explain myself well, or something. This note describes the background of my comment and then raises the questions again.

Â

Definitions:

Â

In IPv4, we talk of CIDR range, and this comment discusses CIDR ranges. Class C ranges are the easiest to discuss, because they match the IP notation.

Â

If I have the CIDR range 1.2.3.1/24, which means all 256 addresses from 1.2.3.0 to 1,2.3,255 are in the range. This comment is about the address 1.2.3.255, i.e., the highest address in each range, i.e., the broadcast address. It is called the broadcast address because all devices in the range 1.2.3.0, 1.2.3.1, ... 1.2,3,254 should receive and potentially respond to this address.

Â

This is not just for 255 in a 24 bit mask. It applies to the top number in in CIDR range, where the remaining bits of the mask are replaced with all ones. There is a broadcast address for each CIDR range, no matter how small or large the range.

Â

Â

The Issue:

Â

Is it legal to send an OpenC2 message to Âa broadcast address?

If it is legal, what should be the response of the Consumers>

Â

tc

Â

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]