Re: [manet] AB#1 Comments for WGLC draft-ietf-manet-nhdp-sec-threats-02
Abdussalam Baryun <abdussalambaryun@gmail.com> Tue, 09 April 2013 04:33 UTC
Return-Path: <abdussalambaryun@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6142E21F907E for <manet@ietfa.amsl.com>; Mon, 8 Apr 2013 21:33:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JcYLK4mQz4A1 for <manet@ietfa.amsl.com>; Mon, 8 Apr 2013 21:33:10 -0700 (PDT)
Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 9D96021F905A for <manet@ietf.org>; Mon, 8 Apr 2013 21:33:09 -0700 (PDT)
Received: by mail-wg0-f42.google.com with SMTP id k13so4437473wgh.1 for <manet@ietf.org>; Mon, 08 Apr 2013 21:33:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=1wjiJBU4U5DzDq9PjduZ5yno292xuUGFgfSwJbvGRqA=; b=tEwmVEUt75CphNAsQsWQccB7u5pjNkNtrDWfaJTM//S5WTTxPEpf1oq8e722zQ6Exe DS2vKvUbJPFKfMdAiPnpjZ95viwfKEY+dTVZmkdDHozQGN5vjxZn9OBnW0JIwgkUPyzP CbdcQcu+ki3jViBMrePhdjZj9twMD/1brAWp5208X0TNHBnLfSbvHUItbofOL+V9b8xl QkTNzLIQAw7k4y52V+7zARSdBRR+jhM3tpmBYDx1AGe0NAIG1awDCwtHpSLD3gYWblDd nMJH0F1SjZ0Hh6cgESOJAD7cCNgRziEsHlSvBzsGu97weS3XbWLWM+Qw8wKJOi3KrvQM 59XQ==
MIME-Version: 1.0
X-Received: by 10.180.11.148 with SMTP id q20mr16875095wib.18.1365481988714; Mon, 08 Apr 2013 21:33:08 -0700 (PDT)
Received: by 10.180.76.209 with HTTP; Mon, 8 Apr 2013 21:33:08 -0700 (PDT)
In-Reply-To: <CAK=bVC8V_U5G9+2OhUZbMO+q_nsqs07UAsTVNyaAyGjHusWV6Q@mail.gmail.com>
References: <CADnDZ8_JzCupDar=0CORuAOenw3VYBG4eTVh1Z=cEtdBOsJ7jQ@mail.gmail.com> <CAK=bVC8V_U5G9+2OhUZbMO+q_nsqs07UAsTVNyaAyGjHusWV6Q@mail.gmail.com>
Date: Tue, 09 Apr 2013 06:33:08 +0200
Message-ID: <CADnDZ8-CO7Y0Lo2hVg5ZE+icRLAdSOL=zNPEWn+eTV8pGQ1Ncw@mail.gmail.com>
From: Abdussalam Baryun <abdussalambaryun@gmail.com>
To: Ulrich Herberg <ulrich@herberg.name>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Cc: manet <manet@ietf.org>
Subject: Re: [manet] AB#1 Comments for WGLC draft-ietf-manet-nhdp-sec-threats-02
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2013 04:33:11 -0000
Hi Ulrich, comments for the best of the draft, On 4/8/13, Ulrich Herberg <ulrich@herberg.name> wrote: > AB, > > see my answer below (note my reply represents my individual opinion; I > don't claim to speak for the whole author group): I understand that, > > On Mon, Apr 8, 2013 at 11:35 AM, Abdussalam Baryun > <abdussalambaryun@gmail.com> wrote: > [...] >> This message is to comment on the MANET WG work in progress I-D: >> draft-ietf-manet-nhdp-sec-threats-02 [I-D], which means this message >> may contain parts/texts of the I-D under review >> ==================================== >> >> [I-D] Abstract: >> [I-D] This document analyses common security threats of the Neighborhood >> Discovery Protocol (NHDP), and describes their potential impacts on >> MANET routing protocols using NHDP. >> >> AB>question> What is the meaning of *common* security threats? >> Mentioned in the abstract, > > I think the word is fairly clear. See > http://dictionary.reference.com/browse/common > (definition 4/5) I mean why common why not ALL threats, or the explaining the *Exploits Allowed by the NHDP* as per the reference [2] I gave in my AB#2 message. > > >> >> AB>question> How can I define threats when I don’t know on which layer >> NHDP[RFC6130] is located in router, is it in L4 or L3. Please define >> that you concern with IP layer if it is the only you concern with. > > That is given by RFC6130, which is running on the IP layer. I think > this is not a task of NHDP-sec-threats to define. I don't find that defined, but if so, does IP threats affect the NHDP threats? > > >> >> [I-D] Section 1.Introduction: >> >> [I-D] The information acquired by NHDP is used by other protocols, such >> as >> OLSRv2 [OLSRv2] and SMF [RFC6621]. >> >> AB> please add> AODVv2 as reactive protocol using NHDP, not only >> proactive, > > AODVv2 has no normative reference to RFC6130. In many cases of AODVv2 > deployments, I don't think that RFC6130 would be used (whereas it must > be used for OLSRv2 and SMF). I am against adding a reference. Anyway, > the sentence just lists some example protocols ("such as..."). > Just I prefered showing that NHDP explains all its threats when used by different MANET routings, if we explain one only then we don't explain all threats. > >> >> [I-D] As wireless radio waves can be captured as well as transmitted >> by any wireless >> device within radio range >> >> AB>confused> not true, different antennas have different >> waves/frequencies, please delete. > > I think that this is fairly clear; it's about contrasting > communication over cable vs wireless, where the access to the channel > is much easier, i.e., security threats can be exploited more easily > since there is no physical access protection (read: cable). > Please delete word *any* and change to *some*, because think it is not clear to me, >> >> [I-D] The document analyses possible attacks and mis-configurations on >> NHDP and outlines the consequences of such attacks/mis-configurations >> to the state >> maintained by NHDP in each router (and, thus, made available to >> protocols using this state). >> >> AB> I don’t think it makes full analyses for NHDP threats? Please see >> threat analysis by Tsao et al (2013) [1]. >> >> AB> the doc should consider information exchanged attacks and network >> attacks as well. > > > I think that this is exactly what NHDP-sec-threats does; section 4 > describes the possible exploits when using no protection of NHDP. > Section 5 outlines the consequences for protocols using NHDP. I need analysis which was mentioned but not done. I mean what is exploited by the NHDP messages and the NHDP IIB and NIB, don't see much explaining about those information and the exploitation. Yes in section 4 explains but in the point of view of the attacker, and no possibility of malfunctions or other issues, > > >> >> Section 2. Terminology: >> >> AB> you don’t define *Threat*, and *Attack*, please do same definition >> as threat analysis draft in ROLL WG (or refer to it). > > The words "threat" and "attack" are pretty well known; I don't see any > reason why they are ambiguous. I don't see any reason to cite the ROLL > draft; why is that related in any way to NHDP? It describes security > threats to a completely different protocol. In the I-D the titles of section make me feel that authors made; threats = attacks, so I need that to be answered in the doc. > > >> >> [I-D] Compromised NHDP Router: An attacker, present in the network and >> which generates syntactically correct NHDP control messages. >> Control messages emitted by a Compromised NHDP router may contain >> additional information, or omit information, as compared to a >> control message generated by a non-compromized NHDP router located >> in the same topological position in the network. >> >> AB> you mention network position, or topological position, but why the >> document ignores the network domain(s) (just topology), could the NHDP >> threats affect the network domain policy/states? If not say so, > > > I don't understand your point. What do you mean? Is the NHDP threats affecting the network domains? as it was mentioned in the RFC6130 the different deployments and low-value WSN. Does different deployments mean different NHDP threats. Regards AB
- [manet] AB#1 Comments for WGLC draft-ietf-manet-n… Abdussalam Baryun
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Ulrich Herberg
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Abdussalam Baryun
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Abdussalam Baryun
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Stewart Bryant
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Ulrich Herberg
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Dearlove, Christopher (UK)
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Jiazi Yi
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Abdussalam Baryun
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Abdussalam Baryun
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Dearlove, Christopher (UK)
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Stewart Bryant
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Ulrich Herberg
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Ulrich Herberg
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Ulrich Herberg