Re: [Mip4] Summary of security issues (was RE: WGLC:draft-ietf-mip4-generic-notification-message-04.txt)
"Kent Leung (kleung)" <kleung@cisco.com> Mon, 28 July 2008 10:53 UTC
Return-Path: <mip4-bounces@ietf.org>
X-Original-To: mip4-archive@optimus.ietf.org
Delivered-To: ietfarch-mip4-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D1913A691B; Mon, 28 Jul 2008 03:53:49 -0700 (PDT)
X-Original-To: mip4@core3.amsl.com
Delivered-To: mip4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4749F3A691B for <mip4@core3.amsl.com>; Mon, 28 Jul 2008 03:53:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uFNfH9AWQMWF for <mip4@core3.amsl.com>; Mon, 28 Jul 2008 03:53:47 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id E1F323A68C8 for <mip4@ietf.org>; Mon, 28 Jul 2008 03:53:46 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.31,265,1215388800"; d="scan'208";a="132470094"
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 28 Jul 2008 10:53:56 +0000
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id m6SAru5P005101; Mon, 28 Jul 2008 03:53:56 -0700
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id m6SAru3J028499; Mon, 28 Jul 2008 10:53:56 GMT
Received: from xmb-sjc-235.amer.cisco.com ([128.107.191.85]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 28 Jul 2008 03:53:55 -0700
X-Mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 28 Jul 2008 03:53:54 -0700
Message-ID: <2979E38DD6FC6544B789C8DAD7BAFC52068CE413@xmb-sjc-235.amer.cisco.com>
In-Reply-To: <C5A96676FCD00745B64AE42D5FCC9B6E198030B6@zrc2hxm0.corp.nortel.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Mip4] Summary of security issues (was RE: WGLC:draft-ietf-mip4-generic-notification-message-04.txt)
Thread-Index: AcjmmX1GykQQ/DWyRnuE1z1dTAhS+wAAEaUQAALRCbAAAVu6YAAwVfoQAAsM8qAAH5sfAAACjnJwAAM04tAAC5/EMAAAUN5gAAIRXJ0AAAouoAILH7wg
From: "Kent Leung (kleung)" <kleung@cisco.com>
To: Ahmad Muhanna <amuhanna@nortel.com>, Vijay Devarapalli <vijay@wichorus.com>, McCann Peter-A001034 <pete.mccann@motorola.com>
X-OriginalArrivalTime: 28 Jul 2008 10:53:55.0940 (UTC) FILETIME=[3B3DD240:01C8F0A0]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=6264; t=1217242436; x=1218106436; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=kleung@cisco.com; z=From:=20=22Kent=20Leung=20(kleung)=22=20<kleung@cisco.com> |Subject:=20RE=3A=20[Mip4]=20Summary=20of=20security=20issu es=20(was=20RE=3A=20WGLC=3Adraft-ietf-mip4-generic-notificat ion-message-04.txt) |Sender:=20; bh=kXWvpMsiQd/681lnghJ6eI4Y9KfJhDiloffuf2poCFw=; b=mx6J62zQHm7KQv15Rr9CQig9dnmuaRttAk6asDGlf4osJTugmfTcqDWJxW KJ6HsrYE0rJJKV5d7q0C/Xphnnk89dE8KpwqK3FF0i3nlGtX2+QodrHSlBWm fI/vKV8J1E;
Authentication-Results: sj-dkim-4; header.From=kleung@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Cc: Hui Deng <denghui02@gmail.com>, mip4@ietf.org, "Sri Gundavelli (sgundave)" <sgundave@cisco.com>
Subject: Re: [Mip4] Summary of security issues (was RE: WGLC:draft-ietf-mip4-generic-notification-message-04.txt)
X-BeenThere: mip4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobility for IPv4 <mip4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/mip4>
List-Post: <mailto:mip4@ietf.org>
List-Help: <mailto:mip4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mip4-bounces@ietf.org
Errors-To: mip4-bounces@ietf.org
Hi folks. I think this draft needs more review. Some comments on version 06. 1) Sect. 3.2. It's confusing to show "notificaton" from AAA to FA. Maybe the arrow can be named "trigger" since the notification message is from FA to MN and to HA? 2) Sect. 3 usage scenarios clarificaton. Can MN send notification to FA? MN to HA via FA or direct? 3) Sect. 4.1. Reference RFC 3115 for VSE and RFC 4917 for generic string. Not clear how binding revocation is applied in GNM? A generic notification message is sent by a mobility agent to inform another mobility agent, or a mobile node, of MIP-related information such as vendor specific extensions, generic string notification or binding revocation. 3b) Sect. 4.1. The IP destination address should be "Same as the last Registration Reply/Request message received". Also, shouldn't the source IP address and port be same as the last registration message? This would support NAT traversal and ensure same security association used for GNM/GNA and RRQ/RRP. ... These messages must use the same IP and UDP headers as any previous Registration Request or Reply message to the same entity. The generic notification message is defined as follows: IP Fields: Source Address Sender's address. Destination Address Receiver's address. UDP Fields: Source Port variable. Destination Port Same as the last Registration Reply/Request message. 4) Sect. 4.1. What is the Binding Revocation extension? RFC 3543 specifies Revocation Support Extension to indicate MN or FA supports revocation function. But this extension does not provide notification or revocation. 3 Information carried in Binding Revocation extension 5) Typo "foreing" -> "foreign": 5 -- Message sent by the foreing agent to the home agent 6) Using nonce method requires much more operational description (e.g. HA does not have nonce value with MN after registration). Replay protection using timestamp should be covered in a section for clarity. For example, FA -> MN GNM security is not covered by RFC 3344. Identification A 64-bit number, constructed by the sender, used for matching Generic Notification with Generic Notification Acknowledgement, and for protecting against replay attacks of notification messages. Here is the same as Sections 5.4 and 5.7 of [RFC3344]. Timestamps is mandatory and nonces is optional. 7) Sect. 4.2. Why is the GNA's source UDP port not copied from the GNM? NAT traversal issue (when NAT between FA and HA) if not copied. UDP Fields: Source Port variable. 8) Sect. 4.2. Why values 2 and 3 are not described? As noted before, I'm not clear about value 3. The value 0 is reserved and should not be used. The value 1 indicates that the actual information is carried in vendor specific extensions. Other values are reserved for future extensions. 9) Sect. 4.2. Is MD needed in GNA? GNA is in response to GNM so MD should be known. Also, not sure if HA and CoA address fields needed in GNA? 10) Sect. 4.2. The description does not cover Identification field. Identification The fixed portion of the Generic Notification Message is followed by one or more extensions which may be used with this message, and by one or more authentication extensions (as defined in Section 3.5 of [RFC3344]. 11) Sect. 4.2. There are 3 defined cases: VSE, generic string, and revocation extension. VSE is handled by each vendor. I assume that generic string handling is based on RFC 4917. Revocation is unclear. If the mobile node accepts the home agent's generic notification message, it will process it according to the specific rules for that extension. 12) Sect. 4.3.2. source address should be MN's HoA in the case of FA-CoA. Destination address should be FA. In the case of a FA-CoA, the source address is the mobile node's CoA address and the destination address is the home agent's address ("MD" value is set to 2), 13) Sect. 4.4.1. FHAE is optional for GNM from HA to MN via FA, right? If the "MD" value is set to 0, the foreign agent MUST check the FA-HA AE and Authenticator value in the Extension if the Foreign-Home Authentication extension is presented. if more than one Foreign-Home Authentication Extension is found, or if the Authenticator is invalid, the foreign agent MUST silently discard the Notification message. 14) Sect 4.4.3. How does FA know the timestamp of the HA to send GNM? Does FA have to glean the Identification field in the RRP? Need clarification here. Also, if FA maintains some timestamp value for each HA, and vice versa, that needs to be added to FA and HA considerations. 15) 4.5. Since RFC 4917 was intended for MN to receive a message from the network, it's unclear what HA or FA will do when generic string is received? 16) 4.5. Shouldn't HA acknowledge the receipt of the GNM in this case? If the home agent receives a notification message from a foreign agent and there is no corresponding mobile node registration, the home agent should drop the notification message. 17) 4.5.2. Should specify that HA sends GNM with A bit set when GNA is not received. Or this can be generically covered. 18) sects. 5 and 5.1. The example for revoking the CDMA session can be handled by revocation message (RFC 3543). This adds to the confusion when revocation message vs. GMN should be used. May be good to clarify that point. 19) 5.1. Typo "notificaiton". There are other typos that can be checked later. 20) 5.2. Not clear how this is different from revocation message with generic message string extension? 21) Agree with Pete on the timestamp sync issue. That means some use of code 133 in GNA. Should there be some Code field in GNA to confirm positive or negative operation after receiving GNM? 22) NAI extension should be covered in draft. Home Address is not typically sufficient to identify the MN. Kent -- Mip4 mailing list: Mip4@ietf.org Web interface: https://www.ietf.org/mailman/listinfo/mip4 Charter page: http://www.ietf.org/html.charters/mip4-charter.html Supplemental site: http://www.mip4.org/
- [Mip4] WGLC: draft-ietf-mip4-generic-notification… McCann Peter-A001034
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Peng Yang
- [Mip4] WGLC: draft-ietf-mip4-generic-notification… Behcet Sarikaya
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Yingzhe Wu
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… zhouanfu
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… George Tsirtsis
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Hui Deng
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Ahmad Muhanna
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Ahmad Muhanna
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Sri Gundavelli
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Ahmad Muhanna
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Sri Gundavelli
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Ahmad Muhanna
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Vijay Devarapalli
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Ahmad Muhanna
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… McCann Peter-A001034
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Ahmad Muhanna
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… Sri Gundavelli
- Re: [Mip4] WGLC: draft-ietf-mip4-generic-notifica… McCann Peter-A001034
- [Mip4] Summary of security issues (was RE: WGLC: … Vijay Devarapalli
- Re: [Mip4] Summary of security issues (was RE: WG… Ahmad Muhanna
- Re: [Mip4] Summary of security issues (was RE: WG… Vijay Devarapalli
- Re: [Mip4] Summary of security issues (was RE: WG… Ahmad Muhanna
- Re: [Mip4] Summary of security issues (was RE: WG… Kent Leung (kleung)
- Re: [Mip4] Summary of security issues (was RE: WG… Hui Deng