[Roll] [roll] #124: draft-ietf-roll-security-threats-01.txt --- Include further explanation
"roll issue tracker" <trac+roll@trac.tools.ietf.org> Wed, 08 May 2013 20:47 UTC
Return-Path: <trac+roll@trac.tools.ietf.org>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1322E21F8E56 for <roll@ietfa.amsl.com>; Wed, 8 May 2013 13:47:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GvomjIJW6EVv for <roll@ietfa.amsl.com>; Wed, 8 May 2013 13:47:50 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id B7F9E21F901A for <roll@ietf.org>; Wed, 8 May 2013 13:47:49 -0700 (PDT)
Received: from localhost ([127.0.0.1]:39949 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+roll@trac.tools.ietf.org>) id 1UaBH7-0006a8-Ky; Wed, 08 May 2013 22:47:45 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: roll issue tracker <trac+roll@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: tzeta.tsao@cooperindustries.com, mariainesrobles@gmail.com
X-Trac-Project: roll
Date: Wed, 08 May 2013 20:47:45 -0000
X-URL: http://tools.ietf.org/wg/roll/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/roll/trac/ticket/124
Message-ID: <067.fdab363d655b1902d82f78e9aebff2a7@trac.tools.ietf.org>
X-Trac-Ticket-ID: 124
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: tzeta.tsao@cooperindustries.com, mariainesrobles@gmail.com, roll@ietf.org
X-SA-Exim-Mail-From: trac+roll@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Cc: roll@ietf.org
Subject: [Roll] [roll] #124: draft-ietf-roll-security-threats-01.txt --- Include further explanation
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.12
Reply-To: roll@ietf.org
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2013 20:47:51 -0000
#124: draft-ietf-roll-security-threats-01.txt --- Include further explanation Comments done by Stephen Kent (SK),source:[http://www.ietf.org/mail- archive/web/secdir/current/msg03712.html] and [http://www.ietf.org/mail- archive/web/secdir/current/msg03848.html][[BR]] Comments done by Sean Turner (ST),source: [https://datatracker.ietf.org/doc/draft-ietf-roll-security- threats/ballot/] === Section 3.2[[BR]] * s3.2: I thought this was about the control plane? Why does the availability paragraph talk about forwarding "services"?-- by ST[[BR]] * s3.2: The last paragraph has to be more tightly coupled to ROLL. I'm afraid of a food fight between the various routing security groups that are doing work in this space because they're not all implementing enforcement mechanisms for the services described in s3.2. -- by ST === Section 3.3[[BR]] * s3.3: What does this mean and why: In addition, the choices of security mechanisms are more stringent. -- BY ST[[BR]] * s3.3: Highly directional traffic: Are you trying to say that the LBRs are higher valued targets and warrant something different than the regular nodes?-- BY ST === Section 3.4[[BR]] * s3.4: Not this one is likely to be cleared after an email exchange or two because there's not much for the authors to do… This made my head pop because I thought the only security defined in the RFC 6550 has confidentiality baked in. So are we dumping the security solution in rpl? With regard to confidentiality, protecting the routing/topology information from eavesdropping or unauthorized exposure may be desirable in certain cases but is in itself less pertinent in general to the routing function.-- by ST === Section 5.2.4[[BR]] * 5.2.4 - this discussion seems to overemphasize timestamps as a alternative to counters, without considering the vulnerabilities associated with transitively-relayed timestamp info.-- by SK === Section 5.3.1[[BR]] * 5.3.1 – Unlike previous sections, the focus here seems to be protocol- specific. I’d feel more comfortable that this was not simply an ad hoc discussion if it were posed in a more general form. On the other hand, if ROLL has already selected a specific routing paradigm, the preceding section should be specific to that model. -- by SK === Section 5.3.4[[BR]] * 5.3.4 – “…, if geographic positions of nodes are available, then the network can assure that data is actually routed towards the intended destination and not elsewhere.” This is not always true, since a node might have an onward connection that provides faster or higher bandwidth service towards the destination. -- by SK === Section 5.3.5[[BR]] * 5.3.5 – “In wormhole attacks at least two malicious nodes shortcut or divert the usual routing path by means of a low-latency out-of-band channel.” This seems to be a narrow characterization of such attacks. One might also say that two nodes that claim to have a short path between themselves are effecting such an attack. If two nodes really do have a short, low latency path between themselves then, from a routing perspective, what’s the problem? -- by SK === Section 6.1[[BR]] * 6.1 - Also, the cite to Geopriv is not helpful, as the context for most Geopriv work does not match the ROLL environment.-- by SK === Section 6.2[[BR]] * There is a very worrisome sentence in this section: In the most basic form, verification of routing peer authenticity and liveliness can be used to build a "chain of trust" along the path the routing information flows, such that network-wide information is validated through the concatenation of trust established at each individual routing peer exchange.” This sentence seems to endorse the notion of transitive trust for routing security, a bad idea.-- by SK[[BR]] * s6.2: Can't do security but can keep logs ;)-- by ST === Section 6.4[[BR]] * The endorsement of TPMs here seems inappropriately-specific. “ … a LLN is also encouraged to have automatic …” I don’t think you want to try to encourage a network, vs. a network operator. More to the point, we usually establish standards for security features for protocols, which seems to be the focus of this document. This is a directive directed to a network operator, and thus is out of place here. -- BY SK === Section 6.5.1[[BR]] *This draft boils down to this paragraph if I'm not mistaken: A ROLL protocol MUST be made flexible by a design that offers the configuration facility so that the user (network administrator) can choose the security settings that match the application's needs. Furthermore, in the case of LLNs, that flexibility SHOULD extend to allowing the routing protocol security requirements to be met by measures applied at different protocol layers, provided the identified requirements are collectively met. I'm absolutely fine with the first sentence. I'm even okay with the second sentence it gets done at the application layer all the time, but at the application layer they can all point to something that's all specified up and has MTI etc (think TLS). If we end up doing that here then something similar needs to end up happening. If use cases are so broad that they can't possibly pick an underlying security mechanism then you need to try again but with a smaller net. -- by ST === Section 8[[BR]] * 8 – Although the text says that “ … design guidelines with a scope limited to ROLL.” there are a few instances where the discussion is not limited to routing. I wish the document used standard terms for security services, and employed these for the requirements, e.g., from ISO 7498-2. The security service terminology used in this document is often ad hoc. -- by SK -- -------------------------------------+------------------------------------- Reporter: | Owner: mariainesrobles@gmail.com | tzeta.tsao@cooperindustries.com Type: defect | Status: new Priority: major | Milestone: Component: security-threats | Version: Severity: Active WG Document | Keywords: -------------------------------------+------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/roll/trac/ticket/124> roll <http://tools.ietf.org/wg/roll/>
- [Roll] [roll] #124: draft-ietf-roll-security-thre… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… Michael Richardson
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… Tsao, Tzeta
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- Re: [Roll] [roll] #124: draft-ietf-roll-security-… roll issue tracker
- [Roll] Announcing MPL evaluation results draft-ro… Alexandru Petrescu