IETF Logo Mail Archive

Re: [DMM] Requirements

Alper Yegin <alper.yegin@yegin.org> Wed, 06 November 2013 14:07 UTC

Return-Path: <alper.yegin@yegin.org>
X-Original-To: dmm@ietfa.amsl.com
Delivered-To: dmm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00D2011E8150 for <dmm@ietfa.amsl.com>; Wed, 6 Nov 2013 06:07:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.598
X-Spam-Level:
X-Spam-Status: No, score=-102.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BztCBGwdAvMi for <dmm@ietfa.amsl.com>; Wed, 6 Nov 2013 06:07:22 -0800 (PST)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id C940A21F9E28 for <dmm@ietf.org>; Wed, 6 Nov 2013 06:07:21 -0800 (PST)
Received: from vpn-cust-10-119-8-1.witopia.net (213-128-81-68.turkrdns.com [213.128.81.68]) by mrelay.perfora.net (node=mrus2) with ESMTP (Nemesis) id 0LvUlP-1VmgnN1VYp-010Ukj; Wed, 06 Nov 2013 09:07:15 -0500
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: multipart/alternative; boundary="Apple-Mail=_EEECB8E8-FE3E-4844-8841-81291A51168D"
From: Alper Yegin <alper.yegin@yegin.org>
In-Reply-To: <6E31144C030982429702B11D6746B98C370D77CD@szxeml557-mbx.china.huawei.com>
Date: Wed, 06 Nov 2013 16:07:10 +0200
Message-Id: <00A21EA3-6531-4E4D-AF80-3CCCCC9309C5@yegin.org>
References: <660E41D7-7F6A-47B4-86CE-C00ECA136DA8@yegin.org> <6E31144C030982429702B11D6746B98C370D7705@szxeml557-mbx.china.huawei.com> <E11B6E84-6BD7-4E9D-B8DE-25BCEA6E30C9@yegin.org> <6E31144C030982429702B11D6746B98C370D776E@szxeml557-mbx.china.huawei.com> <101C778B-D174-40D6-BA06-54AC51B97A32@yegin.org> <6E31144C030982429702B11D6746B98C370D77CD@szxeml557-mbx.china.huawei.com>
To: h chan <h.anthony.chan@huawei.com>
X-Mailer: Apple Mail (2.1283)
X-Provags-ID: V02:K0:NGukXmi7E4pgwVYCYssOFGtAf+wg9ZY1E/EwJO3uaHS eiMdJMAiavraSOL5jaJjqEBhKSmrWZiOWE+8EFhg36xydBrjJB jDEIj237Rck5r6uBJ9Ooqtt84kgbNblYGeZlIlDudx8gvouI0l /i6s0MEVpa/pdMe4LkcAAQKLfHwKsBNVzuhRRDi9AOSxs4dJ6e G9o7nyt15qWljmg2a9plJV2DMKQNIHBBL8YkrDxvt1NWRuFI9+ 0LqwdwnSB2l2mo1ug6rYKQZtQlRjVqwa7nb52jhaJwHPfEtk8b NPfb/yJW1+Q0mGN/TElMNTSNdkywTxZeNsRgEa4Fc4BNpHK/Fc 6HX+aaDDd3MeRJsljXqRaUOS6CU024nZa7EBg0tEuRvlQUoZGt Sa0QT3kudPHvh9qxUxy876h9u0caziWcA8=
Cc: dmm <dmm@ietf.org>
Subject: Re: [DMM] Requirements
X-BeenThere: dmm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Distributed Mobility Management Working Group <dmm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmm>, <mailto:dmm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmm>
List-Post: <mailto:dmm@ietf.org>
List-Help: <mailto:dmm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmm>, <mailto:dmm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 14:07:28 -0000

Looks good, thank you Anthony.

Alper

On Nov 6, 2013, at 4:47 AM, h chan wrote:

> Motivation:
> Various attacks such as impersonation, denial of service,
> man-in-the-middle attacks, and so on,
> may be launched in a DMM deployment.
> For instance,
> an illegitimate node
> may attempt to access a network providing DMM.
> Another example is that
> a malicious node can forge a number of signaling messages
> thus redirecting traffic from its legitimate path.
> Consequently,
> the specific node is under a denial of service attack,
> whereas other nodes do not receive their traffic.
> Accordingly,
> security mechanisms/protocols providing access control,
> integrity, authentication, authorization,
> confidentiality, etc.
> can be used to protect the DMM entities
> as they are already used to protect
> against existing networks
> and existing mobility protocols defined in IETF.
>  
>  
> H Anthony Chan
>  
> From: Alper Yegin [mailto:alper.yegin@yegin.org] 
> Sent: Tuesday, November 05, 2013 6:32 PM
> To: h chan
> Cc: dmm
> Subject: Re: [DMM] Requirements
>  
> Anthony,
>  
>  
>  
> Alper,
> The sentence in question is not in the requirement but rather one of the sentences in the motivation of the requirement.
>  
> Unfortunately it's using normative language. Hence it reads like a requirement. 
>  
>  When the existing security mechanisms/protocols are applied to protect the DMM entities, the security risks that may be introduced by DMM MUSTbe considered to be eliminated. [1]
> 
> 
>  
> 
> 
> When deleting that sentence, it affects the rest of the motivation and the requirement, which will not flow.
>  
> The security requirement is:
> [2] A DMM solution MUST not introduce new security risks
> or amplify existing security risks
> against which the existing security mechanisms/protocols
> cannot offer sufficient protection.
>  
>  
> This is a good requirement. We shall keep that. No problem with that.
>  
> My problem was with another statement ([1])
>  
>  
> 
> 
> This text was agreed upon by Byoung-Jo Kim.
> Do you have problem with it? Or do you have better wording?
>  
> My understanding is that a design that increases security risks is indeed a problem. Is that right?
>  
>  
>  
> No problem with [2].
>  
> [1] seems to be broken, like I explained. 
>  
> Alper
>  
>  
>  
> 
> 
> H Anthony Chan
>  
> From: Alper Yegin [mailto:alper.yegin@yegin.org] 
> Sent: Tuesday, November 05, 2013 5:08 PM
> To: h chan
> Cc: dmm
> Subject: Re: [DMM] Requirements
>  
> Hello Anthony,
>  
>  
>  
> Regarding:
> "When the existing security mechanisms/protocols are
> applied to protect the DMM entities, the security risks that
> may be introduced by DMM MUST be considered to be eliminated."
> My understanding of the intention is that it is sufficient to apply the existing security mechanisms/protocols to protect the DMM entities.
> Ideally, we don’t want DMM to add new security risks.
> Yet, DMM can introduce new DMM entities, which can be vulnerable to security risks, and it is necessary to protect the new DMM entities.
> So we basically don’t want DMM to introduce new security risks that cannot be handled with the existing security mechanisms.
>  
> If the wording “considered to be eliminated” does not clarify the above, how about the following:
> "When the existing security mechanisms/protocols are
> applied to protect the DMM entities, the security risks that
> may be introduced by DMM MUST be eliminated."
>  
> Or, can you come up with better text prior to Friday. I am trying to close all requirements issues prior to the meeting on Friday to enable the wg to move to the next step.
>  
> I recommend we delete that sentence. It's not easy to understand. And if I try hard to understand, what I understand does not make sense.
> It sounds like the following:
> - There are already security solutions applied to legacy/existing/non-DMM solutions.
> - Those solutions must be sufficient for securing DMM solutions.
> - In other words, DMM solutions must be designed in such a way that they must not require any new security solutions.
>  
> That does not make sense, IMHO.
> Obviously, we'd like to minimize the work. We prefer not having to design additional stuff to secure DMM solutions.
> But we cannot mandate that.
> We shall not block solutions that may require additional security mechanisms. We can discourage that, but not prohibit.
>  
>  
>  
> Regarding your comment on the helpful references, I understand that there are many other individual drafts in the solution space. I did recently accept a prior comment to add the coloring reference. Yet now if we continue to respond to requests to add references to the individual drafts, it will not end. With the many individual drafts in the solution space, I hope the wg will have drafts that will merge/incorporate many solution drafts in future. May I now ask all the authors of the individual drafts to kindly wait for such future wg draft to consider what solutions to include/exclude?
>  
> I'm fine with that.
> I saw two drafts referenced in the I-D which are complemented by two other drafts, hence I proposed them. It's OK if you don't add them.
>  
> Alper
>  
>  
>  
>  
> 
> 
> 
>  
> H Anthony Chan
>  
> From: dmm-bounces@ietf.org [mailto:dmm-bounces@ietf.org] On Behalf Of Alper Yegin
> Sent: Monday, November 04, 2013 10:20 AM
> To: dmm
> Subject: [DMM] Requirements
>  
> Hello folks,
>  
> Here I have two comments on this document.
>  
> "When the existing security mechanisms/protocols are
> applied to protect the DMM entities, the security risks that
> may be introduced by DMM MUST be considered to be eliminated."
>  
> I don't quite understand what that means. 
>  
> "Infrequent node mobility coupled with
> application intelligence suggest that mobility support could be
> provided selectively such as in [I-D.bhandari-dhc-class-based-
> prefix] and [I-D.korhonen-6man-prefix-properties], thus reducing
> the amount of context maintained in the network."
>  
> Two more related work references that are complementary to the ones already provided are:
> - draft-yegin-dmm-ondemand-mobility-00
> - draft-liu-dmm-mobility-api-01
>  
> I recommend we include these references as well.
>  
> Alper
>  
>

v2.23.0 | Report a Bug | By Email