Re: [manet] DLEP-18 Security Considerations

Henning Rogge <hrogge@gmail.com> Sun, 07 February 2016 17:46 UTC

Return-Path: <hrogge@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEE571A016C for <manet@ietfa.amsl.com>; Sun, 7 Feb 2016 09:46:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MOU180z_HIaf for <manet@ietfa.amsl.com>; Sun, 7 Feb 2016 09:46:35 -0800 (PST)
Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1E351A016B for <manet@ietf.org>; Sun, 7 Feb 2016 09:46:34 -0800 (PST)
Received: by mail-lb0-x232.google.com with SMTP id bc4so72528645lbc.2 for <manet@ietf.org>; Sun, 07 Feb 2016 09:46:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=dQM5XglccYcRSwZ3x4yZKCM93c8DJKTN8quKzRVYwMo=; b=DGm5qBt2YphHSKpz/pL9MOEcTO5zxV/h207c2qD7cXAFNP2BnHvCowbllMFWZuZA2s uxBSag4WTXonFDyIf6qX2wq31lhkw0EhIzRvNw7Uc/jumeMC+yhKD2GwQ0xz9i8T5uQY 6AoKnOsb1N/RcPfxcWdbRruU9L2QOWdvrhGV1Npz0TloBNEd8hirB7iJerOjvDZBs2JZ lwc6hidk/QVg51DUIyHxaaIYWy746g+sQau4n+rN4czupeNCqVpTvwXJlpUZel63IbOr xluTtJG7/87qNggwCVhchbocjh9PTsb+FIinZYJ3a3pYz9JkL/6rxp3Ud3FMGm/NK6Se VGaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=dQM5XglccYcRSwZ3x4yZKCM93c8DJKTN8quKzRVYwMo=; b=PS+keQrdML064B7wAJ4ONEXFBU0uMhWq9GdIcBZm7FSuzKaX2wtLxrlJxGaQ66JmZ4 SAgy/MVWbwnUaTcukfSKtpnCRabtUNJfwDIjlrfCIBaQW6lFIkRHneFupkK9vol2CEWE 1/pZFYs75ID3T10unF7Osp0LaK4fq94dvpE77kPydNCbNKngqUUKh+Xow/msUuqflTXa hCzzIg0l6oJorXY3qoJi5XxuWSOTTntOMN7uQ/0tXxdKSWj1xCRjm2io5TAHg7nyUCcG xf5SdF+oW+INVklQoQy6M7RRXmq/nNyROa/3oMoLJ4SzPL3qhE33tFSIcLt9oDYGq8Fx +rAQ==
X-Gm-Message-State: AG10YORjB30E1oFWtHPlQB7AHGwfKFypvmtHd8splcRJ1cz6C+vqMgy+gEoiTKBuHyjRTMkth6qhxDB6NN0OGA==
X-Received: by 10.112.136.103 with SMTP id pz7mr9789230lbb.3.1454867192806; Sun, 07 Feb 2016 09:46:32 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.161.77 with HTTP; Sun, 7 Feb 2016 09:46:03 -0800 (PST)
In-Reply-To: <CALtoyokKUHxjONQvigB6eMcRC4n6Xf34soTY9RvOzPmGCVZAvQ@mail.gmail.com>
References: <CALtoyo=6zEWqj8kC=JHb1=6sKD+ktCOWmnU+rzbNGhrkAwMfzQ@mail.gmail.com> <D2DBAA65.10DB40%aretana@cisco.com> <CAGnRvur=CMe7YwudtYJmbO_fOPh2n3Vch5z1AkzawFe1gULgjQ@mail.gmail.com> <CA+-pDCfPghT=v=CPdNa8vNXPCiJmC1FMK3NwS-vf890irOkLJg@mail.gmail.com> <152bc392e10.2818.9b4188e636579690ba6c69f2c8a0f1fd@labn.net> <CALtoyokKUHxjONQvigB6eMcRC4n6Xf34soTY9RvOzPmGCVZAvQ@mail.gmail.com>
From: Henning Rogge <hrogge@gmail.com>
Date: Sun, 7 Feb 2016 18:46:03 +0100
Message-ID: <CAGnRvuriu16ZgeA2yEqLtyYU=kYAbbZfMHz4SU-RoO6kxWHmJw@mail.gmail.com>
To: Stan Ratliff <ratliffstan@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/manet/ZMBxE_aq3-iyj7v8Q3oCTUYfq_E>
Cc: MANET IETF <manet@ietf.org>
Subject: Re: [manet] DLEP-18 Security Considerations
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2016 17:46:36 -0000

On Sun, Feb 7, 2016 at 5:33 PM, Stan Ratliff <ratliffstan@gmail.com>; wrote:
> All,
>
> I think the critical point here is Alvaro's comment:
>
>> The main problem I see with the text below is that it is based on
>> assumptions — even though you do say that "DLEP is restricted to…a single
>> (possibly logical) hop at layer 2", it is based on the deployment
>> assumptions.  What happens if it isn't deployed that way?
>
> It's NOT an "assumption". We've mis-lableld it as an assumption. It's
> actually a requirement.

Yes.

> Henning's response to the above text is correct:
>
> "It will not work because the user traffic will not reach the
> destination. DLEP is the model of a "external radio" which acts as a
> bridge (as in "layer-2 bridge") between the connection to the router
> and the radio network."
>
> Anyone attempting multi-hop deployment will immediately bump into the issue
> of a router issuing packets with a Destination MAC address that's not on the
> local segment. Traffic won't pass. As Henning states, it simply won't work.
>
> I believe we need to move the following text from "Assumptions" to
> "Requirements":
>
>    DLEP assumes that the MAC address for delivering data traffic is the
>    MAC address used by DLEP to identify the destination.  No
>    manipulation or substitution is performed; the MAC address supplied
>    in all destination messages is used as the OSI Layer 2 Destination
>    MAC address.  DLEP also assumes that MAC addresses are unique within
>    the context of a router-modem session.
>
>    The reliance on MAC addresses by DLEP forces the assumption that
>    participating DLEP peers are on a single segment (either physical or
>    logically, via tunneling protocols) at Layer 2.

Correct.

> We also need to take the TLS flag out of the IPv4 and IPv6 Connection Point
> data items (a clear "miss" on our part). I believe this addresses the
> concern, in that 1-hop deployment is no longer an "assumption".

If we really want to do TLS we can always add a "TLS Connection Point"
TLV in a later extension draft.

We could also keep the flags field if we think its useful for later,
but I think the TLV format is flexible enough to deal with it when we
need a flags field.

Henning