[manet] AD review of draft-ietf-manet-packetbb-sec
"Adrian Farrel" <adrian@olddog.co.uk> Sat, 07 January 2012 20:12 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BC2E21F84DE for <manet@ietfa.amsl.com>; Sat, 7 Jan 2012 12:12:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id riaoN0sUk3Np for <manet@ietfa.amsl.com>; Sat, 7 Jan 2012 12:12:50 -0800 (PST)
Received: from asmtp5.iomartmail.com (asmtp5.iomartmail.com [62.128.201.176]) by ietfa.amsl.com (Postfix) with ESMTP id 5426821F84DD for <manet@ietf.org>; Sat, 7 Jan 2012 12:12:50 -0800 (PST)
Received: from asmtp5.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp5.iomartmail.com (8.13.8/8.13.8) with ESMTP id q07KCm6s006947; Sat, 7 Jan 2012 20:12:49 GMT
Received: from 950129200 (adsl-89-217-79-52.adslplus.ch [89.217.79.52]) (authenticated bits=0) by asmtp5.iomartmail.com (8.13.8/8.13.8) with ESMTP id q07KCjdO006935 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sat, 7 Jan 2012 20:12:48 GMT
From: Adrian Farrel <adrian@olddog.co.uk>
To: draft-ietf-manet-packetbb-sec.all@tools.ietf.org
Date: Sat, 07 Jan 2012 20:12:37 -0000
Message-ID: <00ef01cccd78$babc3d50$3034b7f0$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AczNeKDyf5ob6IhDRUWPVDWWRlUFEg==
Content-Language: en-gb
Cc: manet@ietf.org
Subject: [manet] AD review of draft-ietf-manet-packetbb-sec
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jan 2012 20:12:51 -0000
Thanks for this draft. I have performed my AD review as usual and I don't have any major issues. Before we start, one minor question to help me set my expectations... Did you have any expert security input on this work? I only ask in order to try to work out what level of review we are likely to get later in the process. Otherwise I have a few nits and minor requests to polish the document. I hope they are straight forward and you can quickly spin a new revision of the document which I can advance to IETF last call. Thanks, Adrian --- The text file I downloaded has a couple of interesting characters at the top.  --- Could you s/[RFC5444]/defined in RFC 5444/ (A piece of pettiness, but citations cannot be made from the stand-alone Abstract) --- Section 10.1 does not include the caveat about other signatures that may already be present as found in 8.1 and 9.1. Is this intentional? --- Section 11 Don't "propose" anything! This is an I-D you plan to have converted into an RFC. You can "define" things if you feel the need for a word. --- Section 12.1.1 The rationale for separating the hash function and the cryptographic function into two octets instead of having all combinations in a single octet - possibly as TLV type extension - is twofold: First, if further hash functions or cryptographic functions are added in the future, the number space might not remain continuous. More importantly, the number space of possible combinations would be rapidly exhausted. As new or improved cryptographic mechanism are continuously being developed and introduced, this format should be able to accommodate such for the foreseeable future. I accept the reasoning for the contiguity. I don't accept the reasoning for number space exhaustion. Surely, you have the same number of bits (16) and the same amount of information (#hashfuncs * #cryptofuncs). Actually, in your method exhaustion is slightly more likely because you only have 8 bits for each category and so one of them could become exhausted independent of the other. I suggest removing the second motivation. Clarity of separation of function identifiers would serve as a second reason if you must have one. --- 12.1.1 The rationale for not including a field that lists parameters of the cryptographic signature in the TLV is, that before being able to validate a cryptographic signature, routers have to exchange or s/TLV is, that/TLV is that,/ --- Section 13 Please remove the RFC2119 language from this part of the IANA considerations section. It is typical to request IANA to perform actions. --- Sections 13. through 13.6 The experimental ranges here are way too large unless you can give me a really good reason. Understandable as MANET moves from experimental to standards track, but once you are standards track it is normal to restrict the experimental ranges to a very small (e.g. one) range of numbers. Have a look at RFC 3692. Consider whether it would be enough to have just one or two code points reserved for experimentation.
- [manet] AD review of draft-ietf-manet-packetbb-sec Adrian Farrel
- Re: [manet] AD review of draft-ietf-manet-packetb… Adrian Farrel
- Re: [manet] AD review of draft-ietf-manet-packetb… Dearlove, Christopher (UK)
- Re: [manet] AD review of draft-ietf-manet-packetb… Adrian Farrel
- Re: [manet] AD review of draft-ietf-manet-packetb… Ulrich Herberg