Re: [Int-area] WGLC for draft-ietf-intarea-adhoc-wireless-com-01

["Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com>]

Security considerations generally fall in two parts (a) that which is essential to the matter in hand, and (b) that which is needed to show people - especially SEC ADs - that you've really thought about the problem. I'd agree that 7182 does not fall under (a). Whether it falls under (b) as a "will mention as part of a rounded picture" is a borderline case.

As for OSPF, my recollection was three and you've found three. I'd guess that's right then. That was one of my only two "definitely should do" issues, the other being to include 7181. I haven't yet seen what revisions you've made, but it's PS, I think everything else is EXP, so that should be clear.

(All three are experimental, it would actually be interesting to know which have gone anywhere. But that's a RTG question, not an INT question.)

--
Christopher Dearlove
Senior Principal Engineer
BAE Systems Applied Intelligence Laboratories
__________________________________________________________________________

T:  +44 (0)1245 242194  |  E: chris.dearlove@baesystems.com<mailto:chris.dearlove@baesystems.com>

BAE Systems Applied Intelligence, Chelmsford Technology Park, Great Baddow, Chelmsford, Essex CM2 8HN.
www.baesystems.com/ai<http://www.baesystems.com/ai>
BAE Systems Applied Intelligence Limited
Registered in England & Wales No: 01337451
Registered Office: Surrey Research Park, Guildford, Surrey, GU2 7YP

From: Charlie Perkins [mailto:charles.perkins@earthlink.net]
Sent: 20 July 2016 12:09
To: Dearlove, Christopher (UK); int-area@ietf.org
Subject: Re: [Int-area] WGLC for draft-ietf-intarea-adhoc-wireless-com-01


*** WARNING ***
This message originates from outside our organisation, either from an external partner or the internet.
Consider carefully whether you should click on any links, open any attachments or reply.
For information regarding Red Flags that you can look out for in emails you receive, click here<http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Red%20Flags.pdf>.
If you feel the email is suspicious, please follow this process<http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Dealing%20With%20Suspicious%20Emails.pdf>.

Hello Chris,

Thanks for your review of this document.  Your email somehow eluded my attention until today, please excuse the delay.

Follow-up below...

On 5/26/2016 9:27 AM, Dearlove, Christopher (UK) wrote:
I haven't yet found time to read this (I'm still hoping to before indicated date).

But one thing immediately jumps out.

The document references the four Experimental protocols produced by the MANET WG. It references a draft produced for OSPF. From recollection, there were three separate drafts produced for OSPF, all of which became Experimental RFCs. But two are not referred to.

I found the following:

OSPF (<xref target="RFC5449"/>, <xref target="RFC5820"/> and <xref target="RFC7137"/>)

If there are others please let me know.



But there is also a Proposed Standard MANET routing protocol, OLSRv2, RFC 7181.

Fixed.



There are of course many other protocols; the only other one that I'm aware of and might need mentioning (here I need to read the draft) is NHDP (RFC 6130). This can be viewed as the neighbourhood discovery part of OLSRv2, but is specified as a separate protocol. Some of this paper is about neighbours, and possibly it may be appropriate to reference RFC 6130, but also possibly it might not. (I'm an author of that RFC too.)

While posting, but nits, two other things jumped out at me. One is the white space on page 6.

Fixed!


The other (since I was looking at references) is the rather odd reference DoD01 with two authors, then a title, then an editor. Of course the RFC Editor would in due course change this to whatever is approved style, but might as well get it closer.

And now, looking at my records, I see I have already made (and since forgotten) my main comment (though I didn't then discuss the OSPF situation) in January, and nothing was done, though there was an indication it should be then. I don't think this should have proceeded to WGLC with that unaddressed.

I'll try to go find that comment, but in case I don't find it please note that we have made a good bit more discussion about security in Section 5.



That trip into records indicated there was a comment then (not from me) about the security considerations section. It's worth noting that there's a security framework for OLSRv2, and other protocols to use the manet part/protocol (as specified in RFC 5498) in RFC 7182.

This document isn't really about securing multi-hop communications routing protocols, but instead it is about certain characteristics of the underlying medium over which such protocols run.  Do you think there is something particular about the security considerations in RFC 7182 that has to do with asymmetry, non-transitivity, or time variance?  If so I would be happy to indicate that in the document and cite the relevant material.  Or, if there is a relevant discussion about MitM attacks, that could merit a specific citation.

Regards,
Charlie P.
********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************