Re: [manet] Stephen Farrell's Discuss on draft-ietf-manet-olsrv2-sec-threats-03: (with DISCUSS)

"Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com> Thu, 05 January 2017 14:21 UTC

Return-Path: <chris.dearlove@baesystems.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AF641293F3; Thu, 5 Jan 2017 06:21:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.02
X-Spam-Level:
X-Spam-Status: No, score=-10.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.1] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id at-iWTpOJ-RC; Thu, 5 Jan 2017 06:21:23 -0800 (PST)
Received: from ukmta2.baesystems.com (ukmta2.baesystems.com [20.133.0.56]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58CDF12954D; Thu, 5 Jan 2017 06:21:22 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.33,321,1477958400"; d="scan'208";a="48506216"
Received: from unknown (HELO baemasmds016.greenlnk.net) ([10.15.207.101]) by ukmta2.baesystems.com with ESMTP; 05 Jan 2017 14:21:21 +0000
X-IronPort-AV: E=Sophos;i="5.33,321,1477958400"; d="scan'208";a="150177877"
Received: from glkxh0003v.greenlnk.net ([10.109.2.34]) by baemasmds016.greenlnk.net with ESMTP; 05 Jan 2017 14:21:20 +0000
Received: from GLKXM0003V.GREENLNK.net ([169.254.4.144]) by GLKXH0003V.GREENLNK.net ([10.109.2.34]) with mapi id 14.03.0248.002; Thu, 5 Jan 2017 14:21:19 +0000
From: "Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: [manet] Stephen Farrell's Discuss on draft-ietf-manet-olsrv2-sec-threats-03: (with DISCUSS)
Thread-Index: AQHSZ1eMKtUvcDWWUE+rDawmlNcFa6Ep5hKQ
Date: Thu, 5 Jan 2017 14:21:18 +0000
Message-ID: <B31EEDDDB8ED7E4A93FDF12A4EECD30DA51A9627@GLKXM0003v.GREENLNK.net>
References: <148362287164.20543.5367631671159172919.idtracker@ietfa.amsl.com>
In-Reply-To: <148362287164.20543.5367631671159172919.idtracker@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.109.62.6]
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/manet/ZMhNMoQ-ibwV4ln2nSLf1I2al5c>
Cc: "draft-ietf-manet-olsrv2-sec-threats@ietf.org" <draft-ietf-manet-olsrv2-sec-threats@ietf.org>, "manet@ietf.org" <manet@ietf.org>, "manet-chairs@ietf.org" <manet-chairs@ietf.org>
Subject: Re: [manet] Stephen Farrell's Discuss on draft-ietf-manet-olsrv2-sec-threats-03: (with DISCUSS)
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2017 14:21:24 -0000

Not an author, but I hope this is useful. It follows up Stephen's second point.

RFC 7182 describes a mechanism for adding ICVs to anything based on RFC 5444 format (which includes OLSRv2). It includes code points for some ICVs that may be signatures and some that aren't - I think more of the latter.

RFC 7183 is, roughly speaking, an RFC 7182 option for OLSRv2 (and NHDP) implementation. It's called out from RFC 7181 (OLSRv2) as a "must implement, don't need to use" mechanism. It specifies the HMAC/SHA-256 option indicated. It is shared secret key, and thus isn't a signature (as Stephen notes).

Reading Section 6.2 with that in mind, apart from the use of signature, I think mostly it's OK, the RFC 7183 option will work as described if nothing is compromised, but I'm not sure about the final parenthesised piece at the end of the first long paragraph. If you want to be able to revoke you want to be using a different RFC 7182 (or extension) option, as noted an asymmetric one, not the RFC 7183 option, and I don't think that's clear. Possibly "in addition" is meant to mean something more like "alternatively" (though it is not a simple text change like that) but should reference RFC 7182.

(I think the ICVs that might be signatures in RFC 7182 are probably underspecified, which goes back to RFC 6622 of which it is an update. There is an ICV that is a signature in RFC 7859, an extension to RFC 7182, but that is experimental, although specified in some detail.)

-- 
Christopher Dearlove
Senior Principal Engineer
BAE Systems Applied Intelligence Laboratories
__________________________________________________________________________

T:  +44 (0)1245 242194  |  E: chris.dearlove@baesystems.com

BAE Systems Applied Intelligence, Chelmsford Technology Park, Great Baddow, Chelmsford, Essex CM2 8HN.
www.baesystems.com/ai
BAE Systems Applied Intelligence Limited
Registered in England & Wales No: 01337451
Registered Office: Surrey Research Park, Guildford, Surrey, GU2 7YP

-----Original Message-----
From: manet [mailto:manet-bounces@ietf.org] On Behalf Of Stephen Farrell
Sent: 05 January 2017 13:28
To: The IESG
Cc: manet-chairs@ietf.org; manet@ietf.org; draft-ietf-manet-olsrv2-sec-threats@ietf.org
Subject: [manet] Stephen Farrell's Discuss on draft-ietf-manet-olsrv2-sec-threats-03: (with DISCUSS)

----------------------! WARNING ! ---------------------- This message originates from outside our organisation, either from an external partner or from the internet.
Consider carefully whether you should click on any links, open any attachments or reply.
Follow the 'Report Suspicious Emails' link on IT matters for instructions on reporting suspicious email messages.
--------------------------------------------------------

*** WARNING ***
EXTERNAL EMAIL -- This message originates from outside our organization.


Stephen Farrell has entered the following ballot position for
draft-ietf-manet-olsrv2-sec-threats-03: Discuss

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-manet-olsrv2-sec-threats/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------


I have two things I'd like to discuss to see if changes are needed or not:

(1) Neither this nor RFC7186 seem to consider battery depletion attacks. Why is that ok?

(2) 6.2: HMAC is *not* a digital signature mechanism.
While loose terminology may be ok elsewhere, in this case, you shouldn't do that as it can lead to wrong conclusions. Digital signatures do provide origin authentication of sorts, but MACs do not, especially if keys are shared. It is not clear to me that some of the claims in 6.2.x of attacks being mitigated are in fact correct, given shared secrets. (Note: It could be that the claims are correct, I didn't have time to check back on all the vulnerability definitions, sorry. But I'd like to check, given the defective
terminology.)




_______________________________________________
manet mailing list
manet@ietf.org
https://www.ietf.org/mailman/listinfo/manet


********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************