[paws] Fwd: Secdir Review of draft-ietf-paws-protocol
Pete Resnick <presnick@qti.qualcomm.com> Wed, 20 August 2014 01:55 UTC
Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: paws@ietfa.amsl.com
Delivered-To: paws@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC2741A6F73 for <paws@ietfa.amsl.com>; Tue, 19 Aug 2014 18:55:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.668
X-Spam-Level:
X-Spam-Status: No, score=-7.668 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u69rsdY9-PFZ for <paws@ietfa.amsl.com>; Tue, 19 Aug 2014 18:55:18 -0700 (PDT)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79ED31A6F71 for <paws@ietf.org>; Tue, 19 Aug 2014 18:55:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1408499718; x=1440035718; h=message-id:date:from:mime-version:to:subject; bh=dfF3KCn71xMELvyIid5c3PovRkcMeETxkdrLmc8fX/c=; b=ylJEhJTcOjGHPGeWygsI0n2a68DBAaEXUCS+0RjX1H1yDoY6yBsBTVPj P5pqVXjTTEBgxbhWGiKVit7AbWkbsD+iOWQ9PlLlF+8xwMHhCnvamoPds b6TD36x13JOggWTmo1CWzkvX2cl/DfxzxsDPc8FqGKDJV4eUnzmN9Rxol E=;
X-IronPort-AV: E=McAfee;i="5600,1067,7535"; a="150689733"
Received: from ironmsg04-l.qualcomm.com ([172.30.48.19]) by wolverine02.qualcomm.com with ESMTP; 19 Aug 2014 18:55:18 -0700
X-IronPort-AV: E=Sophos;i="5.01,898,1400050800"; d="eml'208?scan'208,208,217";a="694857119"
Received: from nasanexhc07.na.qualcomm.com ([172.30.39.190]) by Ironmsg04-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 19 Aug 2014 18:55:18 -0700
Received: from nasanexhc05.na.qualcomm.com (172.30.48.2) by nasanexhc07.na.qualcomm.com (172.30.39.190) with Microsoft SMTP Server (TLS) id 14.3.181.6; Tue, 19 Aug 2014 18:55:17 -0700
Received: from resnick2.qualcomm.com (172.30.48.1) by qcmail1.qualcomm.com (172.30.48.2) with Microsoft SMTP Server (TLS) id 14.3.181.6; Tue, 19 Aug 2014 18:55:17 -0700
Message-ID: <53F40004.5050602@qti.qualcomm.com>
Date: Tue, 19 Aug 2014 20:55:16 -0500
From: Pete Resnick <presnick@qti.qualcomm.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.1.9) Gecko/20100630 Eudora/3.0.4
MIME-Version: 1.0
To: "paws@ietf.org" <paws@ietf.org>
Content-Type: multipart/mixed; boundary="------------070408050404020306010309"
X-Originating-IP: [172.30.48.1]
Archived-At: http://mailarchive.ietf.org/arch/msg/paws/j4kPCAyz_OayLtb_Y8MlPE6_rDU
Subject: [paws] Fwd: Secdir Review of draft-ietf-paws-protocol
X-BeenThere: paws@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Protocol to Access White Space database \(PAWS\)" <paws.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/paws>, <mailto:paws-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/paws/>
List-Post: <mailto:paws@ietf.org>
List-Help: <mailto:paws-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/paws>, <mailto:paws-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2014 01:55:20 -0000
--- Begin Message ---I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This ID describes a protocol, PAWS, that allows wireless devices to access currently unused portions of the radio spectrum. The protocol works between a geospatial database and a device with geolocation capabilities. The device reports its location and other relevant information to the database, which in turns gives it information about which portions of the spectrum is available to it. This removes the responsibility for managing the complex information about spectrum available from the device and to the database, which is better equipped to handle it. The ID has a very thorough and well-written Security Considerations section, which covers the security threats against such a protocol. They identify two main threats By using the PAWS protocol, the Master Device and the Database expose themselves to the following risks: o Accuracy: The Master Device receives incorrect spectrum availability information. o Privacy: An unauthorized entity intercepts identifying data for the Master Device or its Slave Devices, such as serial number and location. Note that core PAWS does not address client authentication, on the grounds that unauthorized clients could find out the existence of white space on their own without the help of PAWS, and in that case there would be nothing preventing them from using it. The ID does point out though that client authentication may be required by specific regulatory domains, and so it is possible for the Database to require client authentication, e.g. by TLS. The authors appropriately point out the limitations of using TLS for authentication, particularly when the keys are trusted to small ubiquitous devices. I believe this draft is ready. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil--- End Message ---
- [paws] Fwd: Secdir Review of draft-ietf-paws-prot… Pete Resnick