Re: [manet] Kathleen Moriarty's No Objection on draft-ietf-manet-olsrv2-sec-threats-03: (with COMMENT)
Jiazi Yi <ietf@jiaziyi.com> Wed, 11 January 2017 23:41 UTC
Return-Path: <ietf@jiaziyi.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C62D01295C6; Wed, 11 Jan 2017 15:41:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5apjXHxHFwOF; Wed, 11 Jan 2017 15:41:40 -0800 (PST)
Received: from sender163-mail.zoho.com (sender163-mail.zoho.com [74.201.84.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CD2B129476; Wed, 11 Jan 2017 15:41:40 -0800 (PST)
Received: from [192.168.1.101] (95.248.86.88.rdns.comcable.net [88.86.248.95]) by mx.zohomail.com with SMTPS id 1484178097697934.9890670472956; Wed, 11 Jan 2017 15:41:37 -0800 (PST)
From: Jiazi Yi <ietf@jiaziyi.com>
Message-Id: <2D2CBE5B-F432-4358-8819-21564259F3F2@jiaziyi.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1A3753E0-4A65-46C9-932B-9FFAB3E4C6BF"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Thu, 12 Jan 2017 00:41:34 +0100
In-Reply-To: <148358600785.13006.4415679112806345898.idtracker@ietfa.amsl.com>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
References: <148358600785.13006.4415679112806345898.idtracker@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/manet/dJkNZI_YMmZXJMRVoi8NKEgQdUk>
Cc: draft-ietf-manet-olsrv2-sec-threats@ietf.org, manet@ietf.org, The IESG <iesg@ietf.org>, Mobile Ad-hoc Networks Working Group <manet-chairs@ietf.org>
Subject: Re: [manet] Kathleen Moriarty's No Objection on draft-ietf-manet-olsrv2-sec-threats-03: (with COMMENT)
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2017 23:41:42 -0000
Dear Kathleen, Firstly, thanks very much for the review and comments. We discussed the replay attack RFC7186 (https://tools.ietf.org/html/rfc7186#section-4.5 <https://tools.ietf.org/html/rfc7186#section-4.5>, a normative reference of this document). And we updated the document as the SecDir suggested. Hopefully it addresses your concern. regards Jiazi > On 5 Jan 2017, at 04:13, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> wrote: > > Kathleen Moriarty has entered the following ballot position for > draft-ietf-manet-olsrv2-sec-threats-03: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-manet-olsrv2-sec-threats/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > The SecDir reviewer makes a good point on the draft not covering delays > and that replay mechanisms will defend against the attack described in > different ways. The review is linked off the draft. Please ket me know > if there is a reason to not add this threat or if you have text to > propose to address it. > > Full review: > https://www.ietf.org/mail-archive/web/secdir/current/msg07028.html > > Relevant section for convenience: > "One issue that I did not see discussed in the draft would be for the > attacker to effectively delay packets. For example, the attacker > captures packets while jamming to prevent some stations from receiving > packets. The attacker can collect a sequence of traffic and replay at a > later time, with different timing and in a different location. Not all > replay mechanisms will defend against this attack int he same way. > Sequence number validation (which appears to be allowed in 7183) may not > be as effective as timestamps, depending upon the time skew allowed. The > document does discuss timestamps , but I think it should probably make > the following clearer: > > There are several places in sections 4 and 5 where the document says > something like "This kind of attack can be mitigated using integrity > check mechanisms". I think in most of these instances replay protection > is also important. One solution would be to remove these instances and > just relay on section 6.2 which has a better description of the available > protections. Since it seems that the integrity check could be deployed > with just sequence number instead of timestamps it might be good to > mention that it is important to include and verify timestamps for replay > protection." > > > _______________________________________________ > manet mailing list > manet@ietf.org > https://www.ietf.org/mailman/listinfo/manet
- [manet] Kathleen Moriarty's No Objection on draft… Kathleen Moriarty
- Re: [manet] Kathleen Moriarty's No Objection on d… Jiazi Yi