Re: [manet] RTG-Dir Review of draft-ietf-manet-smf-sec-threats-05
Jiazi YI <ietf@jiaziyi.com> Fri, 26 August 2016 22:44 UTC
Return-Path: <yi.jiazi@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87DD2126D74; Fri, 26 Aug 2016 15:44:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h_m0vKneWPCN; Fri, 26 Aug 2016 15:43:57 -0700 (PDT)
Received: from mail-lf0-x22b.google.com (mail-lf0-x22b.google.com [IPv6:2a00:1450:4010:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14CE012B05E; Fri, 26 Aug 2016 15:43:57 -0700 (PDT)
Received: by mail-lf0-x22b.google.com with SMTP id f93so66103522lfi.2; Fri, 26 Aug 2016 15:43:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=nptLnSQR0DUfaxPsEK5+kSjLlSqaGqz2gHojpONoD78=; b=FtIzfFtsJXozQgztqHvaUuLDUN4kgHIxs8sj5abRlTZa9OhQXNy1lZZNVPdVOGH2Qj BAgZg2CgjSOSkeA4blgDpkHfO3jQELXNbTXjQAnzFnz8K9ys38biJ2r+JfukIOmiDoSB tqdvLoO4BsUvxBq0MKDcELLBqAofjw4RYidZ31WKZbE5mft/RE1AodmsGce2PhNwxBbj K+EBYDwwxHc4DuGBukIMu+gaLrMZEHVf5m25P5dx+uc6aU4a02U0ZiqS7Yta2h7+GEeY WNs0yJ1ybewOuAL8GmCxwDBX0e+FqQNJdAiJhzIIczJofYeejEsb0i0tpM7bQdQEyMex rXpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=nptLnSQR0DUfaxPsEK5+kSjLlSqaGqz2gHojpONoD78=; b=bRxjlNeHD25nJCayfwYjcStzYURTiLnleDU/8JHgvDjwfvvIAWQPu8yqXdDNhs/ep9 NuB7Cu0/a2j8vhoLLYXEAOUkQ9vgM0ElfxXtDlJlAS6KEc+R7FK2xe7SukYr2kehUrNC yN7VWaTC55FFiS/4PPWwL3rJPTclnqVk2jnnUKqT0nADzzTw53gP6dlCL10MHHwfsaaQ nrSA8M5eLpc2E3wxnPK2qjcIzEGoC7VIXoSe3DDzYWET5Zlx7XqW/vAxYB/AFYa5+0a6 MBxiLCMiSWV5u1GZrL+sMQOVe0RrmOzJbKwMX3XzVx1Zfr0fa7M6uNTpVRPb1tUrgywk sBCg==
X-Gm-Message-State: AE9vXwOw8jWWwRJPE2IONXpm7C5CuIZnpooksQaqALKMEamb9uOtk9SaQR6I7PIX7NCXdveYMYK3xWt/OCCzNg==
X-Received: by 10.25.24.30 with SMTP id o30mr2358580lfi.58.1472251435107; Fri, 26 Aug 2016 15:43:55 -0700 (PDT)
MIME-Version: 1.0
Sender: yi.jiazi@gmail.com
Received: by 10.114.184.2 with HTTP; Fri, 26 Aug 2016 15:43:54 -0700 (PDT)
In-Reply-To: <48E1A67CB9CA044EADFEAB87D814BFF64A871DE8@eusaamb107.ericsson.se>
References: <48E1A67CB9CA044EADFEAB87D814BFF64A871DE8@eusaamb107.ericsson.se>
From: Jiazi YI <ietf@jiaziyi.com>
Date: Sat, 27 Aug 2016 00:43:54 +0200
X-Google-Sender-Auth: b_S5Ux4N3cgNsBQ29psKvfwE0Ps
Message-ID: <CAN1bDFyam4pXa9ix-k85zmMh-FueiETK9k=x=y-aL4M6+jvgtg@mail.gmail.com>
To: Eric Gray <eric.gray@ericsson.com>
Content-Type: multipart/alternative; boundary="001a11401606cf4af8053b013ff8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/manet/CEVMYVRN9BAaAgcewS2V4k2lccs>
Cc: "rtg-ads@ietf.org" <rtg-ads@ietf.org>, "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "manet@ietf.org" <manet@ietf.org>, "draft-ietf-manet-smf-sec-threats@tools.ietf.org" <draft-ietf-manet-smf-sec-threats@tools.ietf.org>
Subject: Re: [manet] RTG-Dir Review of draft-ietf-manet-smf-sec-threats-05
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Aug 2016 22:44:00 -0000
Dear Eric, all: Thanks very much for your review and comments. We just submitted a new revision based on the comments received. The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-manet-smf-sec-threats/ > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-manet-smf-sec-threats-06 > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-manet-smf-sec-threats-06 Please find the reply inline: On Tue, Aug 9, 2016 at 9:26 PM, Eric Gray <eric.gray@ericsson.com> wrote: <snip> > > > Major Issues: > > No major issues found. > > > > Minor Issues: > > RFC 6621 discusses a few security issues which do not look to have been > referenced in this draft, even indirectly. There are good reasons why this > is unusual. > More explicit references to the security consideration section of RFC6621 are added both in the introduction and related sections. > Similarly, while the draft does make at least an oblique reference to the > security issues that apply to RFC 6130, it is not clear without extensive > reading what this draft addresses that is not (at least sufficiently) > addressed there (or in RFC 7186). > > > Toward the end of the first paragraph in section 3 (SMF Threats Overview), > the draft makes an assertion that is not consistent with other text in the > same paragraph; it claims that “SMF relies on NHDP” while other text, > including text in the same paragraph, seems strongly to indicate that NHDP > is *one alternative approach that might be used*. > > > Note that I was unable to parse part of this same sentence: what does > “(not matter if other … for 1-hop neighbor discovery)” mean? > SMF requires 1-hop and 2-hop neighbourhood information to reduce the relay set. SMF allows alternative low-layer information to provide necessary neighbourhood information -- but that's only for 1-hop neighbourhood. But for 2-hop neighbour information, only NHDP is used in SMF. We clarified the difference in the section. > > > Section 4.1.1 (Replay Attack) appears to address an issue that a) is not > necessarily a control plane attack (as implied in the first paragraph), > and b) is clearly a variation of a threat described in the Security > Considerations section of RFC 6621 as a DoS attack. Because the specific > threat in both cases (the case described in this section and that described > in RFC 6621) involves using some means of delivering bogus packets earlier > than subsequent legitimate packets, this does not (at least intuitively) > seem like a replay attack. > We changed the name of the section to Attack to Hop Limit to avoid ambiguity. > > > Section 4.2.1 – Pre-activation Attacks (Pre-Play) – similarly appears to > address one specific example of a second general class of threat described > in the Security Considerations section of RFC 6621 (issues with use of > predictable sequencing techniques). > > > > The same applies to section 4.2.2 – De-activation attacks. > > > It would be useful if the leading text in section 4.2 talked generally > about the related attack vector described in the Security Considerations > section of RFC 6621 and why this draft needs to expand on this class of > threat (associated with I-DPD) described there. > > > Section 4.3 also similarly provides an expansion on a class of threats > (associated with H-DPD) already described in RFC 6621. > > > In general, I feel that the expansions provided in section 4 of this draft > provide useful information – as examples, at least. However, this section > should explicitly refer to applicable text in RFC 6621, which includes > suggestions on ways to mitigate these threats. If the authors and/or the > working group feel that the suggestions made in RFC 6621 are insufficient, > it would be useful to say why this is the case in this document. > We added references to related sections in RFC6621 and explained why those are expanded in this document at the begin of section 4. > > > The sentence comprising section 5.1 (Relay Set Selection Common Threats) > does not appear to be correct as written; RFC 7186 does not include > anything about RSS algorithms. To the extent that RSS MAY depend on NHDP, > RFC 7186 does describe threats to NHDP that would impact RSS for these > cases. Arguably the same threats may apply independent of how SMF routers > become aware of the neighborhood topology, but this is not (and possibly > cannot be) known without exhaustive analysis of all methods by which this > information might be determined. > The RSS is based on the neighbourhood information obtained from the control plane. For SMF, as far as I can see, only NHDP is used in practice to obtain neighbourhood information. So the common threats listed in section 5.1 such as DoS, eavesdropping, etc. can be applied to SMF directly -- that's also one of the purpose of having RFC7186 as an independent document: related content can be reused by protocols such as SMF and OLSRv2. > > In Section 5.2 (Threats to E-CDS Algorithm), RFC 5614 is given as a > reference for “Essential Connected Dominating Set” (or the E-CDS > algorithm), when RFC 5614 actually does not mention either one (it defines > CDS and talks about a small number of algorithms – none of which are > directly related to E-CDS; the word “essential” does not appear to be > included in the RFC anywhere). I was not able to find a reference for this > term in a few minutes of poking around, though it is easy enough to find > references for “minimum connected dominating set.” > > In RFC6621, RFC5614 is cited when the E-CDS is introduced: The "Essential Connected Dominating Set" (E-CDS) algorithm [RFC5614] forms a single CDS mesh for the SMF operating region. Although “Essential Connected Dominating Set” is not explicitly used in RFC5614, as a derivative, I think it's still appropriate (and even necessary) to cite the original source? > > The Security Considerations section (section 7) of this draft should > provide a summary of security issues included or addressed in this document > (directly or indirectly by reference) as well as any related security > issues yet to be addressed. Minimally, if the authors feel that this > information is provided in section 3 (SMF Threats Overview), the Security > Considerations section should say this. One approach would be to use the > Security Considerations section to summarize the main content of the > document. > > By taking consideration of the comments from AD, we summarised the content of the document and merged the "future work" section in this Security Considerations section. > > > Nits: > > I had a number of issues with “esoteric questions of English usage.” > However, according to our instructions, “the RFC Editor will spot these, > and it is not a wise use of time to discuss these things.” > > > RFC editor is the best teacher to tell us how to write English correctly -- especially for non-native English speakers like me :) Thanks again for your comments!! regards Jiazi > J > > > > _______________________________________________ > manet mailing list > manet@ietf.org > https://www.ietf.org/mailman/listinfo/manet > >