[manet] Stephen Farrell's Discuss on draft-ietf-manet-olsrv2-sec-threats-03: (with DISCUSS)

"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Thu, 05 January 2017 13:27 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: manet@ietf.org
Delivered-To: manet@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E7001288B8; Thu, 5 Jan 2017 05:27:51 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.40.3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148362287164.20543.5367631671159172919.idtracker@ietfa.amsl.com>
Date: Thu, 05 Jan 2017 05:27:51 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/manet/HiOML1pLEIzReQhLca_SkMPVXtE>
Cc: manet-chairs@ietf.org, manet@ietf.org, draft-ietf-manet-olsrv2-sec-threats@ietf.org
Subject: [manet] Stephen Farrell's Discuss on draft-ietf-manet-olsrv2-sec-threats-03: (with DISCUSS)
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2017 13:27:51 -0000

Stephen Farrell has entered the following ballot position for
draft-ietf-manet-olsrv2-sec-threats-03: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


I have two things I'd like to discuss to see if
changes are needed or not:

(1) Neither this nor RFC7186 seem to consider battery
depletion attacks. Why is that ok?

(2) 6.2: HMAC is *not* a digital signature mechanism.
While loose terminology may be ok elsewhere, in this
case, you shouldn't do that as it can lead to wrong
conclusions. Digital signatures do provide origin
authentication of sorts, but MACs do not, especially
if keys are shared. It is not clear to me that some of
the claims in 6.2.x of attacks being mitigated are in
fact correct, given shared secrets. (Note: It could be
that the claims are correct, I didn't have time to
check back on all the vulnerability definitions,
sorry. But I'd like to check, given the defective