Re: [manet] AB#1 Comments for WGLC draft-ietf-manet-nhdp-sec-threats-02
Jiazi Yi <ietf@jiaziyi.com> Tue, 09 April 2013 09:52 UTC
Return-Path: <yi.jiazi@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C4D421F9354 for <manet@ietfa.amsl.com>; Tue, 9 Apr 2013 02:52:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.58
X-Spam-Level: ****
X-Spam-Status: No, score=4.58 tagged_above=-999 required=5 tests=[AWL=-2.610, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, HELO_EQ_FR=0.35, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zploXgeVPuf9 for <manet@ietfa.amsl.com>; Tue, 9 Apr 2013 02:52:57 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) by ietfa.amsl.com (Postfix) with ESMTP id 6181321F934C for <manet@ietf.org>; Tue, 9 Apr 2013 02:52:56 -0700 (PDT)
Received: by mail-wi0-f181.google.com with SMTP id hj8so3456860wib.8 for <manet@ietf.org>; Tue, 09 Apr 2013 02:52:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:sender:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to:x-mailer; bh=CkS9wcf6+oCSfbJh+KKMvBDogZhwOdpKkNX/eYlgCG8=; b=XJ/HLcrq6txOAbYGDHXuTyE6lJ9dTPzA8zGV9vcdYaatMak+GlmLImNE0tnXH7Y5Dy wfvZH6Lxhy+SGW5I7K960NTqNpWCWL8QfEuOoGdx5R2LqhOo09COvcRAj6u6tyezdw7z vg41Egc58eD0a1vAibQ//dmApyU3ojykzpqC7Yuncu0m/QDleSACWSh3kY/cgDGJNKyV 9MxBy5skrAlEUvtSIK89XaBxJuZmbIzmeL7ixOBHm91OXlDXH6BwFKFBHy1+3Ksz/oMr U2FIzMwL8q45rrrXdEXOTfh7xCvWAbRxLq/r9bkpPLUPFb9gEWoCFqWKnzg+nepz4P6t PFww==
X-Received: by 10.194.235.196 with SMTP id uo4mr37084842wjc.30.1365501175340; Tue, 09 Apr 2013 02:52:55 -0700 (PDT)
Received: from 193.55.177-98.saclay.inria.fr ([193.55.177.98]) by mx.google.com with ESMTPS id s2sm27670236wib.4.2013.04.09.02.52.53 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 09 Apr 2013 02:52:54 -0700 (PDT)
Sender: Jiazi YI <yi.jiazi@gmail.com>
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Jiazi Yi <ietf@jiaziyi.com>
In-Reply-To: <CAK=bVC8V_U5G9+2OhUZbMO+q_nsqs07UAsTVNyaAyGjHusWV6Q@mail.gmail.com>
Date: Tue, 09 Apr 2013 11:52:53 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B5DA0B35-DC91-49DA-B9FA-24C230A14288@jiaziyi.com>
References: <CADnDZ8_JzCupDar=0CORuAOenw3VYBG4eTVh1Z=cEtdBOsJ7jQ@mail.gmail.com> <CAK=bVC8V_U5G9+2OhUZbMO+q_nsqs07UAsTVNyaAyGjHusWV6Q@mail.gmail.com>
To: Ulrich Herberg <ulrich@herberg.name>
X-Mailer: Apple Mail (2.1503)
Cc: manet <manet@ietf.org>
Subject: Re: [manet] AB#1 Comments for WGLC draft-ietf-manet-nhdp-sec-threats-02
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2013 09:52:58 -0000
I agree with Ulrich's reply. We can change >> [I-D] As wireless radio waves can be captured as well as transmitted >> by any wireless >> device within radio range to > As radio signals can be received as well as transmitted > by any compatible wireless device within radio range It would be clearer. best Jiazi On Apr 8, 2013, at 9:00 PM, Ulrich Herberg <ulrich@herberg.name> wrote: > AB, > > see my answer below (note my reply represents my individual opinion; I > don't claim to speak for the whole author group): > > On Mon, Apr 8, 2013 at 11:35 AM, Abdussalam Baryun > <abdussalambaryun@gmail.com> wrote: > [...] >> This message is to comment on the MANET WG work in progress I-D: >> draft-ietf-manet-nhdp-sec-threats-02 [I-D], which means this message >> may contain parts/texts of the I-D under review >> ==================================== >> >> [I-D] Abstract: >> [I-D] This document analyses common security threats of the Neighborhood >> Discovery Protocol (NHDP), and describes their potential impacts on >> MANET routing protocols using NHDP. >> >> AB>question> What is the meaning of *common* security threats? >> Mentioned in the abstract, > > I think the word is fairly clear. See > http://dictionary.reference.com/browse/common > (definition 4/5) > > >> >> AB>question> How can I define threats when I don’t know on which layer >> NHDP[RFC6130] is located in router, is it in L4 or L3. Please define >> that you concern with IP layer if it is the only you concern with. > > That is given by RFC6130, which is running on the IP layer. I think > this is not a task of NHDP-sec-threats to define. > > >> >> [I-D] Section 1.Introduction: >> >> [I-D] The information acquired by NHDP is used by other protocols, such as >> OLSRv2 [OLSRv2] and SMF [RFC6621]. >> >> AB> please add> AODVv2 as reactive protocol using NHDP, not only proactive, > > AODVv2 has no normative reference to RFC6130. In many cases of AODVv2 > deployments, I don't think that RFC6130 would be used (whereas it must > be used for OLSRv2 and SMF). I am against adding a reference. Anyway, > the sentence just lists some example protocols ("such as..."). > > >> >> [I-D] As wireless radio waves can be captured as well as transmitted >> by any wireless >> device within radio range >> >> AB>confused> not true, different antennas have different >> waves/frequencies, please delete. > > I think that this is fairly clear; it's about contrasting > communication over cable vs wireless, where the access to the channel > is much easier, i.e., security threats can be exploited more easily > since there is no physical access protection (read: cable). > > >> >> [I-D] The document analyses possible attacks and mis-configurations on >> NHDP and outlines the consequences of such attacks/mis-configurations >> to the state >> maintained by NHDP in each router (and, thus, made available to >> protocols using this state). >> >> AB> I don’t think it makes full analyses for NHDP threats? Please see >> threat analysis by Tsao et al (2013) [1]. >> >> AB> the doc should consider information exchanged attacks and network >> attacks as well. > > > I think that this is exactly what NHDP-sec-threats does; section 4 > describes the possible exploits when using no protection of NHDP. > Section 5 outlines the consequences for protocols using NHDP. > > >> >> Section 2. Terminology: >> >> AB> you don’t define *Threat*, and *Attack*, please do same definition >> as threat analysis draft in ROLL WG (or refer to it). > > The words "threat" and "attack" are pretty well known; I don't see any > reason why they are ambiguous. I don't see any reason to cite the ROLL > draft; why is that related in any way to NHDP? It describes security > threats to a completely different protocol. > > >> >> [I-D] Compromised NHDP Router: An attacker, present in the network and >> which generates syntactically correct NHDP control messages. >> Control messages emitted by a Compromised NHDP router may contain >> additional information, or omit information, as compared to a >> control message generated by a non-compromized NHDP router located >> in the same topological position in the network. >> >> AB> you mention network position, or topological position, but why the >> document ignores the network domain(s) (just topology), could the NHDP >> threats affect the network domain policy/states? If not say so, > > > I don't understand your point. What do you mean? > > Best regards > Ulrich > > >> >> The Message-References: >> [1] http://tools.ietf.org/html/draft-ietf-roll-security-threats-01 >> >> ======================================= >> This is not the last comment, still under process, >> >> Regards >> AB >> >> --------------------------------------------------------------------------------------- >> This message is not sent to private email boxes, but sent to IETF >> MANET mail box. >> This message and any attachments are confidential to the intended >> recipient and may also be privileged. If you are not the intended >> recipient please delete it from your system and notify the sender. >> This message is in compliance with the IETF regulations. >> --------------------------------------------------------------------------------------- >> >> On 3/25/13, Stan Ratliff (sratliff) <sratliff@cisco.com> wrote: >>> WG, >>> >>> I've re-started the WGLC on this document. There's a 2-week WGLC period, >>> ending on April 8, 2013. >>> >>> Regards, >>> Stan >>> _______________________________________________ >>> manet mailing list >>> manet@ietf.org >>> https://www.ietf.org/mailman/listinfo/manet >> _______________________________________________ >> manet mailing list >> manet@ietf.org >> https://www.ietf.org/mailman/listinfo/manet > _______________________________________________ > manet mailing list > manet@ietf.org > https://www.ietf.org/mailman/listinfo/manet
- [manet] AB#1 Comments for WGLC draft-ietf-manet-n… Abdussalam Baryun
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Ulrich Herberg
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Abdussalam Baryun
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Abdussalam Baryun
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Stewart Bryant
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Ulrich Herberg
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Dearlove, Christopher (UK)
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Jiazi Yi
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Abdussalam Baryun
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Abdussalam Baryun
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Dearlove, Christopher (UK)
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Stewart Bryant
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Ulrich Herberg
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Ulrich Herberg
- Re: [manet] AB#1 Comments for WGLC draft-ietf-man… Ulrich Herberg