Re: [manet] Stephen Farrell's Discuss on draft-ietf-manet-olsrv2-sec-threats-03: (with DISCUSS)

Jiazi Yi <ietf@jiaziyi.com> Wed, 11 January 2017 23:25 UTC

Return-Path: <ietf@jiaziyi.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECF801295C6; Wed, 11 Jan 2017 15:25:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IOZODlIafu8e; Wed, 11 Jan 2017 15:25:57 -0800 (PST)
Received: from sender163-mail.zoho.com (sender163-mail.zoho.com [74.201.84.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60922129542; Wed, 11 Jan 2017 15:25:57 -0800 (PST)
Received: from [192.168.1.101] (95.248.86.88.rdns.comcable.net [88.86.248.95]) by mx.zohomail.com with SMTPS id 1484177152943505.7801684064684; Wed, 11 Jan 2017 15:25:52 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Jiazi Yi <ietf@jiaziyi.com>
In-Reply-To: <148362287164.20543.5367631671159172919.idtracker@ietfa.amsl.com>
Date: Thu, 12 Jan 2017 00:25:49 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <99F73546-CE48-47EF-8A38-73EE2EC62E25@jiaziyi.com>
References: <148362287164.20543.5367631671159172919.idtracker@ietfa.amsl.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/manet/KSj02rYZ9Jfur-2n395cVi28o9A>
Cc: draft-ietf-manet-olsrv2-sec-threats@ietf.org, manet <manet@ietf.org>, "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>, The IESG <iesg@ietf.org>, Mobile Ad-hoc Networks Working Group <manet-chairs@ietf.org>
Subject: Re: [manet] Stephen Farrell's Discuss on draft-ietf-manet-olsrv2-sec-threats-03: (with DISCUSS)
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2017 23:25:59 -0000

Hi, 

Thanks very much for the comments and the reply from Chris. 

> On 5 Jan 2017, at 14:27, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> Stephen Farrell has entered the following ballot position for
> draft-ietf-manet-olsrv2-sec-threats-03: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-manet-olsrv2-sec-threats/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> 
> I have two things I'd like to discuss to see if
> changes are needed or not:
> 
> (1) Neither this nor RFC7186 seem to consider battery
> depletion attacks. Why is that ok?

The battery depletion is a kind of attacks by consuming extra resources. In RFC7186, we mentioned:

   In some MANETs, the routers are powered by battery.  Another
   consequence of a DoS attack in such networks is that the power will
   be drained quickly by unnecessary processing, transmitting, and
   receiving of messages.

And it’s true that we didn’t call it out in the current draft. We made it more explicit in the new revision:

   In a different
   class of attacks, a compromised OLSRv2 router injects control
   traffic, designed so as to cause an in-router resource exhaustion,
   e.g., by causing the algorithms calculating routing tables or MPR
   sets to be invoked continuously, preventing the internal state of a
   router from converging, depleting the energy of battery-driven
   routers, etc.


> 
> (2) 6.2: HMAC is *not* a digital signature mechanism.
> While loose terminology may be ok elsewhere, in this
> case, you shouldn't do that as it can lead to wrong
> conclusions. Digital signatures do provide origin
> authentication of sorts, but MACs do not, especially
> if keys are shared. It is not clear to me that some of
> the claims in 6.2.x of attacks being mitigated are in
> fact correct, given shared secrets. (Note: It could be
> that the claims are correct, I didn't have time to
> check back on all the vulnerability definitions,
> sorry. But I'd like to check, given the defective
> terminology.)

We updated the term used and the phrase that Chris mentioned. 

thanks very much!

regards

Jiazi 

> 
> 
> 
> 
> _______________________________________________
> manet mailing list
> manet@ietf.org
> https://www.ietf.org/mailman/listinfo/manet