Re: [conex] Ben Campbell's Discuss on draft-ietf-conex-mobile-05: (with DISCUSS and COMMENT)

Dirk Kutscher <> Fri, 16 October 2015 11:12 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id AE3B21A8AE9; Fri, 16 Oct 2015 04:12:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.161
X-Spam-Status: No, score=-0.161 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8WoPIS6mFqPM; Fri, 16 Oct 2015 04:12:15 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 83B7D1A8AEB; Fri, 16 Oct 2015 04:12:14 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id DD15310ACA0; Fri, 16 Oct 2015 13:12:12 +0200 (CEST)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2QZ75q2rmk1a; Fri, 16 Oct 2015 13:12:12 +0200 (CEST)
X-ENC: Last-Hop-TLS-encrypted
X-ENC: Last-Hop-TLS-encrypted
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A341710AC9A; Fri, 16 Oct 2015 13:11:58 +0200 (CEST)
Received: from ([]) by ([]) with mapi id 14.03.0210.002; Fri, 16 Oct 2015 13:11:58 +0200
From: Dirk Kutscher <>
To: Ben Campbell <>, The IESG <>
Thread-Topic: Ben Campbell's Discuss on draft-ietf-conex-mobile-05: (with DISCUSS and COMMENT)
Thread-Index: AQHQ+8VKPMg47AVai0eE3ieIjIoz/55uDVGQ
Date: Fri, 16 Oct 2015 11:11:58 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
x-originating-ip: []
Content-Type: multipart/mixed; boundary="_002_82AB329A76E2484D934BBCA77E9F5249A673802EPALLENEofficehd_"
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>, "" <>, "" <>, "" <>
Subject: Re: [conex] Ben Campbell's Discuss on draft-ietf-conex-mobile-05: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Congestion Exposure working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 16 Oct 2015 11:12:18 -0000

Hi Ben,

thanks for the review.

In general, you are right -- there are additional security considerations that could be mentioned more explicitly. Most of them apply to ConEx in general, regardless of the deployment scenario.

I am not sure whether you were on  the attached e-mail thread discussing this in the context of the security directorate review.

We will add something along those lines to the security considerations sections (there are other nits that warrant another rev).

The mentioned IPR applies all ConEx documents, and the WG is aware of that.

Best regards,

-----Original Message-----
From: Ben Campbell [] 
Sent: Mittwoch, 30. September 2015 23:16
To: The IESG
Cc:;;; Mirja Kuehlewind;
Subject: Ben Campbell's Discuss on draft-ietf-conex-mobile-05: (with DISCUSS and COMMENT)

Ben Campbell has entered the following ballot position for
draft-ietf-conex-mobile-05: Discuss

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)

Please refer to
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


The security considerations section seems substantially incomplete. The phrase "include, but are not limited to" seems to indicate that people thought there were additional considerations. Please write them down, or explain why there really aren't additional considerations.


There is an IPR declaration that lists this as an "associated draft". I'm not sure what to make of that, but it was not mentioned in the shepherd review.

This reads much like an advocacy white paper. There's useful information in it, but I would have preferred less of the marketing tone. But that's just me, and I don't expect that to change this late in the process.

--- Begin Message ---
Hi Frank,

In general, the ConEx-related risks regarding manipulating congestion notification/exposure can apply to mobile networks, too.

What could perhaps be said is that mobile networks (UMTS, LTE) employ a virtual-circuit-like bearer model for the access, i.e., users in a cell can generally not see other users¡¯ traffic ¨C so that would rule out some threats. Also, authentication is part of the bearer establishment, so the network generally knows the user and device identity.

Now, assuming that mobile networks can be subject to passive monitoring, one could claim that this would enable attackers to collect information about a user¡¯s congestion contribution (also over time), but that threat seems less critical (compared to exposing the payload itself).

Best regards,


From: Xialiang (Frank) []
Sent: Freitag, 11. September 2015 11:20
To: Dirk Kutscher
Cc: secdir;;
Subject: Re: secdir review of draft-ietf-conex-mobile-05

Hi Dirk,

Thank you for quick response.

I reviewed the drafts you mentioned below. I agree that they already discussed the general security issues I am concerned, especially in the draft-conex-abstract-mech-13 and its reference.

So, in general, my concerns are addressed. But I still have a little bit doubts about possibly new security issues for the use cases of using ConEx protocol over the mobile communication networks. I am not an expert in this area, can you clarify me?




·¢¼þÈË: Dirk Kutscher []
·¢ËÍʱ¼ä: 2015Äê9ÔÂ11ÈÕ 16:52
ÊÕ¼þÈË: Xialiang (Frank); secdir;<>;<>
Ö÷Ìâ: RE: secdir review of draft-ietf-conex-mobile-05

Hi Frank,

thanks for the review.

The security issues you mentioned would apply to ConEx in general. The corresponding documents are discussing potential security issues: (also see the references)

We¡¯d therefore rather not duplicate that discussion in conex-mobile.

Regarding the security risks you mentioned, I¡¯d say it is questionable whether ConEx introduces additional issues for confidentiality (compared to IP alone).



From: Xialiang (Frank) []
Sent: Freitag, 11. September 2015 02:49
To: secdir;<>;<>
Subject: secdir review of draft-ietf-conex-mobile-05


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comment.

This memo describes a mobile communications use case for congestion exposure (ConEx) with a particular focus on those mobile communication networks that are architecturally similar to the 3GPP Evolved Packet System (EPS).

I have the following comments:

l  1. It should be helpful to consider the communication security between the ConEx senders and receivers such as the Confidentiality, data integrity and peer entity authentication in the security considerations part. Because in general, the corresponding risks are still possible to exist.

l  2. The authentication mechanism among all the elements of ConEx solution should also be considered to handle the condition of faked messages or invalid peer elements.

Recommendation:  Ready With Issues



--- End Message ---