Re: [Mip4] Summary of security issues (was RE: WGLC:draft-ietf-mip4-generic-notification-message-04.txt)
"Kent Leung (kleung)" <kleung@cisco.com> Mon, 28 July 2008 10:53 UTC
Return-Path: <mip4-bounces@ietf.org>
X-Original-To: mip4-archive@optimus.ietf.org
Delivered-To: ietfarch-mip4-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D1913A691B; Mon, 28 Jul 2008 03:53:49 -0700 (PDT)
X-Original-To: mip4@core3.amsl.com
Delivered-To: mip4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4749F3A691B for <mip4@core3.amsl.com>; Mon, 28 Jul 2008 03:53:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uFNfH9AWQMWF for <mip4@core3.amsl.com>; Mon, 28 Jul 2008 03:53:47 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id E1F323A68C8 for <mip4@ietf.org>; Mon, 28 Jul 2008 03:53:46 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.31,265,1215388800"; d="scan'208";a="132470094"
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 28 Jul 2008 10:53:56 +0000
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id m6SAru5P005101; Mon, 28 Jul 2008 03:53:56 -0700
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id m6SAru3J028499; Mon, 28 Jul 2008 10:53:56 GMT
Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 28 Jul 2008 03:53:55 -0700
X-Mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 28 Jul 2008 03:53:54 -0700
Message-ID: <2979E38DD6FC6544B789C8DAD7BAFC52068CE413@xmb-sjc-235.amer.cisco.com>
In-Reply-To: <C5A96676FCD00745B64AE42D5FCC9B6E198030B6@zrc2hxm0.corp.nortel.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Mip4] Summary of security issues (was RE: WGLC:draft-ietf-mip4-generic-notification-message-04.txt)
Thread-Index: AcjmmX1GykQQ/DWyRnuE1z1dTAhS+wAAEaUQAALRCbAAAVu6YAAwVfoQAAsM8qAAH5sfAAACjnJwAAM04tAAC5/EMAAAUN5gAAIRXJ0AAAouoAILH7wg
From: "Kent Leung (kleung)" <kleung@cisco.com>
To: Ahmad Muhanna <amuhanna@nortel.com>, Vijay Devarapalli <vijay@wichorus.com>, McCann Peter-A001034 <pete.mccann@motorola.com>
X-OriginalArrivalTime: 28 Jul 2008 10:53:55.0940 (UTC) FILETIME=[3B3DD240:01C8F0A0]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=6264; t=1217242436; x=1218106436; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=kleung@cisco.com; z=From:=20=22Kent=20Leung=20(kleung)=22=20<kleung@cisco.com> |Subject:=20RE=3A=20[Mip4]=20Summary=20of=20security=20issu es=20(was=20RE=3A=20WGLC=3Adraft-ietf-mip4-generic-notificat ion-message-04.txt) |Sender:=20; bh=kXWvpMsiQd/681lnghJ6eI4Y9KfJhDiloffuf2poCFw=; b=mx6J62zQHm7KQv15Rr9CQig9dnmuaRttAk6asDGlf4osJTugmfTcqDWJxW KJ6HsrYE0rJJKV5d7q0C/Xphnnk89dE8KpwqK3FF0i3nlGtX2+QodrHSlBWm fI/vKV8J1E;
Authentication-Results: sj-dkim-4; header.From=kleung@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Cc: Hui Deng <denghui02@gmail.com>, mip4@ietf.org, "Sri Gundavelli (sgundave)" <sgundave@cisco.com>
Subject: Re: [Mip4] Summary of security issues (was RE: WGLC:draft-ietf-mip4-generic-notification-message-04.txt)
X-BeenThere: mip4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobility for IPv4 <mip4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/mip4>
List-Post: <mailto:mip4@ietf.org>
List-Help: <mailto:mip4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mip4-bounces@ietf.org
Errors-To: mip4-bounces@ietf.org
Hi folks. I think this draft needs more review. Some comments on
version 06.
1) Sect. 3.2.
It's confusing to show "notificaton" from AAA to FA. Maybe the arrow
can be named "trigger" since the notification message is from FA to MN
and to HA?
2) Sect. 3 usage scenarios clarificaton. Can MN send notification to
FA? MN to HA via FA or direct?
3) Sect. 4.1. Reference RFC 3115 for VSE and RFC 4917 for generic
string. Not clear how binding revocation is applied in GNM?
A generic notification message is sent by a mobility agent to inform
another mobility agent, or a mobile node, of MIP-related information
such as vendor specific extensions, generic string notification or
binding revocation.
3b) Sect. 4.1. The IP destination address should be "Same as the last
Registration Reply/Request message received". Also, shouldn't the
source IP address and port be same as the last registration message?
This would support NAT traversal and ensure same security association
used for GNM/GNA and RRQ/RRP.
... These messages must use the same IP and UDP
headers as any previous Registration Request or Reply message to the
same entity. The generic notification message is defined as follows:
IP Fields:
Source Address Sender's address.
Destination Address Receiver's address.
UDP Fields:
Source Port variable.
Destination Port Same as the last Registration Reply/Request
message.
4) Sect. 4.1. What is the Binding Revocation extension? RFC 3543
specifies Revocation Support Extension to indicate MN or FA supports
revocation function. But this extension does not provide notification
or revocation.
3 Information carried in Binding Revocation extension
5) Typo "foreing" -> "foreign":
5 -- Message sent by the foreing agent to the home agent
6) Using nonce method requires much more operational description (e.g.
HA does not have nonce value with MN after registration). Replay
protection using timestamp should be covered in a section for clarity.
For example, FA -> MN GNM security is not covered by RFC 3344.
Identification
A 64-bit number, constructed by the sender, used for matching
Generic Notification with Generic Notification Acknowledgement,
and for protecting against replay attacks of notification
messages. Here is the same as Sections 5.4 and 5.7 of [RFC3344].
Timestamps is mandatory and nonces is optional.
7) Sect. 4.2. Why is the GNA's source UDP port not copied from the GNM?
NAT traversal issue (when NAT between FA and HA) if not copied.
UDP Fields:
Source Port variable.
8) Sect. 4.2. Why values 2 and 3 are not described? As noted before,
I'm not clear about value 3.
The value 0 is reserved and should not be used. The value 1
indicates that the actual information is carried in vendor
specific extensions. Other values are reserved for future
extensions.
9) Sect. 4.2. Is MD needed in GNA? GNA is in response to GNM so MD
should be known. Also, not sure if HA and CoA address fields needed in
GNA?
10) Sect. 4.2. The description does not cover Identification field.
Identification
The fixed portion of the Generic Notification Message is followed
by one or more extensions which may be used with this message, and
by one or more authentication extensions (as defined in Section
3.5 of [RFC3344].
11) Sect. 4.2. There are 3 defined cases: VSE, generic string, and
revocation extension. VSE is handled by each vendor. I assume that
generic string handling is based on RFC 4917. Revocation is unclear.
If the mobile node accepts the home agent's generic
notification message, it will process it according to the specific
rules for that extension.
12) Sect. 4.3.2. source address should be MN's HoA in the case of
FA-CoA. Destination address should be FA.
In the case of a FA-CoA, the source address is the mobile node's CoA
address and the destination address is the home agent's address ("MD"
value is set to 2),
13) Sect. 4.4.1. FHAE is optional for GNM from HA to MN via FA, right?
If the "MD" value is set to 0, the foreign agent MUST check the FA-HA
AE and Authenticator value in the Extension if the Foreign-Home
Authentication extension is presented. if more than one Foreign-Home
Authentication Extension is found, or if the Authenticator is
invalid, the foreign agent MUST silently discard the Notification
message.
14) Sect 4.4.3. How does FA know the timestamp of the HA to send GNM?
Does FA have to glean the Identification field in the RRP? Need
clarification here. Also, if FA maintains some timestamp value for each
HA, and vice versa, that needs to be added to FA and HA considerations.
15) 4.5. Since RFC 4917 was intended for MN to receive a message from
the network, it's unclear what HA or FA will do when generic string is
received?
16) 4.5. Shouldn't HA acknowledge the receipt of the GNM in this case?
If the home agent receives a notification message
from a foreign agent and there is no corresponding mobile node
registration, the home agent should drop the notification message.
17) 4.5.2. Should specify that HA sends GNM with A bit set when GNA is
not received. Or this can be generically covered.
18) sects. 5 and 5.1. The example for revoking the CDMA session can be
handled by revocation message (RFC 3543). This adds to the confusion
when revocation message vs. GMN should be used. May be good to clarify
that point.
19) 5.1. Typo "notificaiton". There are other typos that can be checked
later.
20) 5.2. Not clear how this is different from revocation message with
generic message string extension?
21) Agree with Pete on the timestamp sync issue. That means some use of
code 133 in GNA. Should there be some Code field in GNA to confirm
positive or negative operation after receiving GNM?
22) NAI extension should be covered in draft. Home Address is not
typically sufficient to identify the MN.
Kent
--
Mip4 mailing list: Mip4@ietf.org
Web interface: https://www.ietf.org/mailman/listinfo/mip4
Charter page: http://www.ietf.org/html.charters/mip4-charter.html
Supplemental site: http://www.mip4.org/
- [Mip4] WGLC: draft-ietf-mip4-generic-notification… McCann Peter-A001034
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Peng Yang
- [Mip4] WGLC: draft-ietf-mip4-generic-notification… Behcet Sarikaya
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Yingzhe Wu
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… zhouanfu
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… George Tsirtsis
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Hui Deng
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Ahmad Muhanna
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Ahmad Muhanna
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Sri Gundavelli
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Ahmad Muhanna
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Sri Gundavelli
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Ahmad Muhanna
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Vijay Devarapalli
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Ahmad Muhanna
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… McCann Peter-A001034
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Ahmad Muhanna
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Sri Gundavelli
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… McCann Peter-A001034
- [Mip4] Summary of security issues (was RE: WGLC: … Vijay Devarapalli
- Re: [Mip4] Summary of security issues (was RE: WG… Ahmad Muhanna
- Re: [Mip4] Summary of security issues (was RE: WG… Vijay Devarapalli
- Re: [Mip4] Summary of security issues (was RE: WG… Ahmad Muhanna
- Re: [Mip4] Summary of security issues (was RE: WG… Kent Leung (kleung)
- Re: [Mip4] Summary of security issues (was RE: WG… Hui Deng