IETF Logo Mail Archive

Re: [paws] Kathleen Moriarty's Discuss on draft-ietf-paws-protocol-14: (with DISCUSS)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 20 August 2014 22:09 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: paws@ietfa.amsl.com
Delivered-To: paws@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51BB91A6F01; Wed, 20 Aug 2014 15:09:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kAy4kE5TR6jJ; Wed, 20 Aug 2014 15:09:16 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 458E81A88F8; Wed, 20 Aug 2014 15:09:15 -0700 (PDT)
Received: by mail-lb0-f181.google.com with SMTP id 10so7455563lbg.12 for <multiple recipients>; Wed, 20 Aug 2014 15:09:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=a1FjUbc34r9H4wc4Vui6LoH4TBp91ym9EnDadu+A28c=; b=0yLhaCDfDDL2zGNgvyhldGlaUZMCT6AYx7bfqcTSCpMngFWdZJQ0FNxzI3IIrFB5PU htXyAT3hOyLCPt05Zq658dUPDxuqNzF6nN0R1SUTeyfh1/WeTSsaRJRgJ+x/FPUcQpbQ aRbAWXZ0u9sqDA/TNmv19RcwGUUFJRq5F3Q4pEx03aV1RocUAfTwS+YutKIppEVhZvsE ybYGen0SlQ7MOVaHBsr+zKNyNostWppqly1hjL3ojDCTW5PRUAOFx8RLlr5o+AN+wAUK p1Oism2+dhbvnOmhXv1Tvq+MZ/iv2nVWTw/b3WX30a2hsc2ea/vWTkz4E+HD+kisNv1o R5fw==
MIME-Version: 1.0
X-Received: by 10.112.219.234 with SMTP id pr10mr41453530lbc.59.1408572552511; Wed, 20 Aug 2014 15:09:12 -0700 (PDT)
Received: by 10.112.64.170 with HTTP; Wed, 20 Aug 2014 15:09:12 -0700 (PDT)
In-Reply-To: <53F50D2D.2010203@qti.qualcomm.com>
References: <20140820203127.25270.64032.idtracker@ietfa.amsl.com> <53F50D2D.2010203@qti.qualcomm.com>
Date: Wed, 20 Aug 2014 18:09:12 -0400
Message-ID: <CAHbuEH4RsF4kkUd8qO+bsCbzs6xRB=TL6hg2GyGWKf8OvJjViw@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Pete Resnick <presnick@qti.qualcomm.com>
Content-Type: multipart/alternative; boundary="001a11c25eb2a206a1050116da76"
Archived-At: http://mailarchive.ietf.org/arch/msg/paws/L0WB4XLKtmXFNlU4glPLNmrnL8g
X-Mailman-Approved-At: Thu, 21 Aug 2014 09:34:43 -0700
Cc: paws@ietf.org, paws-chairs@tools.ietf.org, The IESG <iesg@ietf.org>, draft-ietf-paws-protocol@tools.ietf.org
Subject: Re: [paws] Kathleen Moriarty's Discuss on draft-ietf-paws-protocol-14: (with DISCUSS)
X-BeenThere: paws@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Protocol to Access White Space database \(PAWS\)" <paws.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/paws>, <mailto:paws-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/paws/>
List-Post: <mailto:paws@ietf.org>
List-Help: <mailto:paws-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/paws>, <mailto:paws-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2014 22:09:22 -0000

On Wed, Aug 20, 2014 at 5:03 PM, Pete Resnick <presnick@qti.qualcomm.com>
wrote:

> On 8/20/14 3:31 PM, Kathleen Moriarty wrote:
>
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>> [...]
>>
>> Can clients query any database entries or is the interface restricted to
>> the list of supported interactions?   I assume the answer is that it is
>> limited to the set of database interactions defined, but could not find
>> any statement saying that in this draft or the prior requirements in
>> RFC6953.
>>
>>
>
> I'm not sure exactly what you mean here. Are you asking whether the client
> or server ask for/send back more than the minimum data? Sure, that's what
> the "*other" business is about. Or are you asking whether additional
> queries/responses can be defined? I suppose they could. But I'm not sure
> what you're asking, or what the concern is. Can you elaborate?


There wasn't an explicit statement that you need to define new
query/responses through extensions, so that coupled with the possibility of
unauthenticated sessions had me worrying that more data could be exposed
then intended.  A statement in the security considerations section (maybe)
after the MAY for authentication that helps state the limitation of the
interface to this and approved extensions would help.  The risk would be
additional query/responses that let you get at more data than was intended
(some of the privacy related information or fingerprinting possibilities
would be the concern.

Earlier in the draft it sounds as if authentication is required until you
get to that statement towards the end of the security considerations
section.

>
>
>  Authentication is only a MAY in the Security Considerations Section,
>> which raises another possible concern for me.
>>
>> Since clients can get back pretty much all of the defined datatypes
>> (DeviceDescriptor is one example)
>>
>
> The client only gets back the DeviceDescriptor that it sent to the server
> in the request so that the client can match the response to the query.
>
> Sorry, I missed that very important point in the query/response
description somehow.


>
>  and authentication is not required,
>> there should be a discussion on the risks of revealing this information
>> for both the privacy reasons Stephen and Alissa outlined as well as
>> possible security concerns.  I think this should be on a field basis in
>> terms of sensitive elements where relevant.
>>
>>
>
> The rest of the responses are the publicly available spectrum information.
> I'm not seeing sensitive data there.
>
> Yep, for the current queries, I missed that you were only getting the
response that included the DeviceDescriptor information you sent.  Sorry
about that!

>
>  I could see how you might want/need the types of information gathered
>> within an administrative domain or accessed by a restricted set of users,
>> but revealing data like what is contained in deviceDescriptor (includes
>> model) as well as sensitive fields in other classes
>> (AntennaCharacteristics) seems like a risk as it could be used in
>> targeted attacks if there are known vulnerabilities to those devices.
>> The attacks could target specific regions at specific times to effect
>> events or to be used as part of some larger attack (could include
>> physical).  This may sound crazy, but layered attacks are very real.
>>
>>
>
> This seems like it would be a problem for sniffing unencrypted data *from*
> another client, but I'm not getting how this sort of attack works by a
> client owned by the attacker querying the database.
>
This is just the kind of thing you might be able to do with the full set of
info.  I think just responding on the first item would be good enough as I
missed an important point.

>
> Before I get back to the rest of your query, help me understand this far.


Thank you!

>
>
> pr
>
> --
> Pete Resnick<http://www.qualcomm.com/~presnick/>
> Qualcomm Technologies, Inc. - +1 (858)651-4478
>
>


-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email