[6lo] Secdir last call review of draft-ietf-6lo-nfc-13

Leif Johansson via Datatracker <noreply@ietf.org> Thu, 07 March 2019 16:34 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: 6lo@ietf.org
Delivered-To: 6lo@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F475131475; Thu, 7 Mar 2019 08:34:40 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Leif Johansson via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: draft-ietf-6lo-nfc.all@ietf.org, ietf@ietf.org, 6lo@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.93.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <155197648051.24840.16459568633516212522@ietfa.amsl.com>
Date: Thu, 07 Mar 2019 08:34:40 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/bQ_2Ylb1bweOc2lMUatUWERCjug>
Subject: [6lo] Secdir last call review of draft-ietf-6lo-nfc-13
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Mar 2019 16:34:50 -0000

Reviewer: Leif Johansson
Review result: Has Issues

 I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

I am not a subject matter expert but overall I find the document well 
written and readable. 

The issue I have is in the security considerations section where I 
really think there should be normative language around the use 
of permanent identifiers. In particular:

"Thus, every single touch connection can use a different short address of NFC
link with an extremely short-lived link.  This can mitigate address scanning 
as well as location tracking and device-specific vulnerability exploitation."

This is imo too weak. I suggest reformulating this and related text to 
normative language. Given the possible consequences of NFC correlation
attacks I would have thought that a mandatory requirement on generating
different short addresses for every link would be a good idea.