IETF Logo Mail Archive

Re: [homenet] Please review security considerations of draft-homenet-babel-profile

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 25 July 2017 21:58 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD026131CDE for <homenet@ietfa.amsl.com>; Tue, 25 Jul 2017 14:58:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r3q-_4s5kw-F for <homenet@ietfa.amsl.com>; Tue, 25 Jul 2017 14:58:22 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00034129AF9 for <homenet@ietf.org>; Tue, 25 Jul 2017 14:58:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A62B3BE49; Tue, 25 Jul 2017 22:58:18 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4dY4NGtPung5; Tue, 25 Jul 2017 22:58:16 +0100 (IST)
Received: from [10.244.2.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 395F7BE2C; Tue, 25 Jul 2017 22:58:16 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1501019896; bh=8dekmC/Snwu78Ti/GaJQtzAfw/3pzWE95sUdG3Z24xI=; h=Subject:To:References:From:Date:In-Reply-To:From; b=D/0FDIX538MdCePKWxfteIo8Jv1UisDrHabJ7u5Stt23uAsrtcv8eGiI9eb6NLtBJ UTD/oMIYy1N5EvIUCjGJqqT7W3C5ATtEKVSAaUSpIkYKp82iiGDzLoVqrMp7Rx4SjM TnobCNeOXq7Ck6BcHmwe5NGoakv2K/JPLqm8KPbs=
To: Juliusz Chroboczek <jch@irif.fr>, homenet@ietf.org
References: <874lu045zs.wl-jch@irif.fr>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <2a01c4f9-8961-3b8a-0746-f7c77a9e65e3@cs.tcd.ie>
Date: Tue, 25 Jul 2017 22:58:15 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <874lu045zs.wl-jch@irif.fr>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="WbROtgQMi6EAUCi2L5mtOSUiqkIiHSBl6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/L4B3r1CfZht5czSqGsUf7JwAteU>
Subject: Re: [homenet] Please review security considerations of draft-homenet-babel-profile
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jul 2017 21:58:25 -0000

Hiya,

I suggest asking the chairs to hit the "request directorate" review
(iirc only they can see that button?) for an early secdir review.

For myself, I've not read the draft yet (I will over the next few
weeks) but have two questions while I'm here:

1) The first sentence seems to not say what to do if a packet comes
from a 1918 IPv4 address. Even if that's not supposed to happen, it
could be attempted. What's an implementation supposed to do then?

2) Again I need to read the rest of the draft, but does this mean
that anyone on that link of the homenet can inject these messages
without any authentication, and if so why is that ok? (I'm not
asking for now why doing better is too hard, just why it's ok for
any node on link to be able to play here.)

Cheers,
S.

On 25/07/17 21:27, Juliusz Chroboczek wrote:
> Dear all,
> 
> All security wizards are kindly requested to carefully read and if
> necessary criticise the following section:
> 
>   https://tools.ietf.org/html/draft-ietf-homenet-babel-profile-02#section-4
> 
> Nasty comments on list, please, compliments by private mail ;-)
> 
> Thanks,
> 
> -- Juliusz
> 
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet
>

v2.23.0 | Report a Bug | By Email