Re: [manet] RTG-Dir Review of draft-ietf-manet-smf-sec-threats-05
Eric Gray <eric.gray@ericsson.com> Thu, 08 September 2016 13:21 UTC
Return-Path: <eric.gray@ericsson.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 208F712B364; Thu, 8 Sep 2016 06:21:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YyfxJtl7tP_4; Thu, 8 Sep 2016 06:21:20 -0700 (PDT)
Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A385412B52D; Thu, 8 Sep 2016 05:57:45 -0700 (PDT)
X-AuditID: c6180641-2580a98000000a0b-4e-57d10be5b297
Received: from EUSAAHC003.ericsson.se (Unknown_Domain [147.117.188.81]) by (Symantec Mail Security) with SMTP id 5B.07.02571.5EB01D75; Thu, 8 Sep 2016 08:57:42 +0200 (CEST)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC003.ericsson.se ([147.117.188.81]) with mapi id 14.03.0301.000; Thu, 8 Sep 2016 08:57:42 -0400
From: Eric Gray <eric.gray@ericsson.com>
To: Jiazi YI <ietf@jiaziyi.com>, "draft-ietf-manet-smf-sec-threats@tools.ietf.org" <draft-ietf-manet-smf-sec-threats@tools.ietf.org>
Thread-Topic: [manet] RTG-Dir Review of draft-ietf-manet-smf-sec-threats-05
Thread-Index: AdHxrwmJaguaDdoGQriqrxN4uU7wsgOXdA0AAnDijzA=
Date: Thu, 08 Sep 2016 12:57:42 +0000
Message-ID: <48E1A67CB9CA044EADFEAB87D814BFF64A8ADBF9@eusaamb107.ericsson.se>
References: <48E1A67CB9CA044EADFEAB87D814BFF64A871DE8@eusaamb107.ericsson.se> <CAN1bDFyam4pXa9ix-k85zmMh-FueiETK9k=x=y-aL4M6+jvgtg@mail.gmail.com>
In-Reply-To: <CAN1bDFyam4pXa9ix-k85zmMh-FueiETK9k=x=y-aL4M6+jvgtg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.10]
Content-Type: multipart/alternative; boundary="_000_48E1A67CB9CA044EADFEAB87D814BFF64A8ADBF9eusaamb107erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprLIsWRmVeSWpSXmKPExsUyuXRPoO4z7ovhBktuClm8OnaKxWLDMmaL f1uesFucnPOD2WLBmqfsDqweS5b8ZPLYNnUJo8eXy5/ZApijuGxSUnMyy1KL9O0SuDKalvez FDw7wlSx6foflgbGFXuYuhg5OCQETCRWb2fsYuTiEBLYwCjxc+49dghnGaPEvm3TgDKcHGwC GhLH7qwFqxIR6GCU+H5rBxNIglmgVOL7mz3sILawgJfE4d+nmUFsEQFvif75v1ggbCuJu1c6 weIsAioSTyc9YAOxeQV8JZaubmSC2DaFUWLtj6VgDZwCgRLXj/8EsxkFxCS+n1oDtUxc4taT +WC2hICAxJI955khbFGJl4//sULYShKTlp5jhajPlzhx/hnUMkGJkzOfsExgFJmFZNQsJGWz kJTNAoYMs4CmxPpd+hAlihJTuh+yQ9gaEq1z5rIjiy9gZF/FyFFaXJCTm25kuIkRGGnHJNgc dzDu7fU8xCjAwajEw6vw9Hy4EGtiWXFl7iFGCQ5mJRFe9/iL4UK8KYmVValF+fFFpTmpxYcY pTlYlMR59V8qhgsJpCeWpGanphakFsFkmTg4pRoY9WSuxdx5XOZ2ctrHb3IFDco+K34XFjMd u33t+cSwf8krgryWnspktVFZ7K60WfIxj3Tr42PFcya+26Ol0d1mLn/p5Ospv7//W3JgjVHl zEN8hczlPw4svVN68cfCFbX9+SUy5hqBVWJZSov7z4YwZK7tlbQv9jVmcIxPElKel6LAr3n2 S46EEktxRqKhFnNRcSIATecyILACAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/manet/fDPYr6DxI9C0z0kW4aImIOdafB8>
Cc: "rtg-ads@ietf.org" <rtg-ads@ietf.org>, "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "manet@ietf.org" <manet@ietf.org>
Subject: Re: [manet] RTG-Dir Review of draft-ietf-manet-smf-sec-threats-05
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2016 13:21:25 -0000
Jiazi,
I have re-reviewed the latest draft and believe that all of my earlier comments have been addressed.
Thanks!
--
Eric
From: yi.jiazi@gmail.com [mailto:yi.jiazi@gmail.com] On Behalf Of Jiazi YI
Sent: Friday, August 26, 2016 6:44 PM
To: Eric Gray <eric.gray@ericsson.com>
Cc: draft-ietf-manet-smf-sec-threats@tools.ietf.org; rtg-ads@ietf.org; rtg-dir@ietf.org; manet@ietf.org
Subject: Re: [manet] RTG-Dir Review of draft-ietf-manet-smf-sec-threats-05
Importance: High
Dear Eric, all:
Thanks very much for your review and comments. We just submitted a new revision based on the comments received.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-manet-smf-sec-threats/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-manet-smf-sec-threats-06
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-manet-smf-sec-threats-06
Please find the reply inline:
On Tue, Aug 9, 2016 at 9:26 PM, Eric Gray <eric.gray@ericsson.com<mailto:eric.gray@ericsson.com>> wrote:
<snip>
Major Issues:
No major issues found.
Minor Issues:
RFC 6621 discusses a few security issues which do not look to have been referenced in this draft, even indirectly. There are good reasons why this is unusual.
More explicit references to the security consideration section of RFC6621 are added both in the introduction and related sections.
Similarly, while the draft does make at least an oblique reference to the security issues that apply to RFC 6130, it is not clear without extensive reading what this draft addresses that is not (at least sufficiently) addressed there (or in RFC 7186).
Toward the end of the first paragraph in section 3 (SMF Threats Overview), the draft makes an assertion that is not consistent with other text in the same paragraph; it claims that “SMF relies on NHDP” while other text, including text in the same paragraph, seems strongly to indicate that NHDP is one alternative approach that might be used.
Note that I was unable to parse part of this same sentence: what does “(not matter if other … for 1-hop neighbor discovery)” mean?
SMF requires 1-hop and 2-hop neighbourhood information to reduce the relay set. SMF allows alternative low-layer information to provide necessary neighbourhood information -- but that's only for 1-hop neighbourhood. But for 2-hop neighbour information, only NHDP is used in SMF.
We clarified the difference in the section.
Section 4.1.1 (Replay Attack) appears to address an issue that a) is not necessarily a control plane attack (as implied in the first paragraph),
and b) is clearly a variation of a threat described in the Security Considerations section of RFC 6621 as a DoS attack. Because the specific threat in both cases (the case described in this section and that described in RFC 6621) involves using some means of delivering bogus packets earlier than subsequent legitimate packets, this does not (at least intuitively) seem like a replay attack.
We changed the name of the section to Attack to Hop Limit to avoid ambiguity.
Section 4.2.1 – Pre-activation Attacks (Pre-Play) – similarly appears to address one specific example of a second general class of threat described in the Security Considerations section of RFC 6621 (issues with use of predictable sequencing techniques).
The same applies to section 4.2.2 – De-activation attacks.
It would be useful if the leading text in section 4.2 talked generally about the related attack vector described in the Security Considerations section of RFC 6621 and why this draft needs to expand on this class of threat (associated with I-DPD) described there.
Section 4.3 also similarly provides an expansion on a class of threats (associated with H-DPD) already described in RFC 6621.
In general, I feel that the expansions provided in section 4 of this draft provide useful information – as examples, at least. However, this section should explicitly refer to applicable text in RFC 6621, which includes suggestions on ways to mitigate these threats. If the authors and/or the working group feel that the suggestions made in RFC 6621 are insufficient, it would be useful to say why this is the case in this document.
We added references to related sections in RFC6621 and explained why those are expanded in this document at the begin of section 4.
The sentence comprising section 5.1 (Relay Set Selection Common Threats) does not appear to be correct as written; RFC 7186 does not include anything about RSS algorithms. To the extent that RSS MAY depend on NHDP, RFC 7186 does describe threats to NHDP that would impact RSS for these cases. Arguably the same threats may apply independent of how SMF routers become aware of the neighborhood topology, but this is not (and possibly cannot be) known without exhaustive analysis of all methods by which this information might be determined.
The RSS is based on the neighbourhood information obtained from the control plane. For SMF, as far as I can see, only NHDP is used in practice to obtain neighbourhood information. So the common threats listed in section 5.1 such as DoS, eavesdropping, etc. can be applied to SMF directly -- that's also one of the purpose of having RFC7186 as an independent document: related content can be reused by protocols such as SMF and OLSRv2.
In Section 5.2 (Threats to E-CDS Algorithm), RFC 5614 is given as a reference for “Essential Connected Dominating Set” (or the E-CDS algorithm), when RFC 5614 actually does not mention either one (it defines CDS and talks about a small number of algorithms – none of which are directly related to E-CDS; the word “essential” does not appear to be included in the RFC anywhere). I was not able to find a reference for this term in a few minutes of poking around, though it is easy enough to find references for “minimum connected dominating set.”
In RFC6621, RFC5614 is cited when the E-CDS is introduced:
The "Essential Connected Dominating Set" (E-CDS) algorithm [RFC5614]
forms a single CDS mesh for the SMF operating region.
Although “Essential Connected Dominating Set” is not explicitly used in RFC5614, as a derivative, I think it's still appropriate (and even necessary) to cite the original source?
The Security Considerations section (section 7) of this draft should provide a summary of security issues included or addressed in this document (directly or indirectly by reference) as well as any related security issues yet to be addressed. Minimally, if the authors feel that this information is provided in section 3 (SMF Threats Overview), the Security Considerations section should say this. One approach would be to use the Security Considerations section to summarize the main content of the document.
By taking consideration of the comments from AD, we summarised the content of the document and merged the "future work" section in this Security Considerations section.
Nits:
I had a number of issues with “esoteric questions of English usage.” However, according to our instructions, “the RFC Editor will spot these, and it is not a wise use of time to discuss these things.”
RFC editor is the best teacher to tell us how to write English correctly -- especially for non-native English speakers like me :)
Thanks again for your comments!!
regards
Jiazi
☺
_______________________________________________
manet mailing list
manet@ietf.org<mailto:manet@ietf.org>
https://www.ietf.org/mailman/listinfo/manet