[Roll] [roll] #161 (security-threats): AD review

"roll issue tracker" <trac+roll@trac.tools.ietf.org> Wed, 13 August 2014 23:16 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: roll issue tracker <trac+roll@trac.tools.ietf.org>
Precedence: bulk
Auto-Submitted: auto-generated
To: draft-ietf-roll-security-threats@tools.ietf.org, mcr@sandelman.ca
Date: Wed, 13 Aug 2014 23:16:17 -0000
Message-ID: <058.7be8c643f06932abb6e79142aa12d356@trac.tools.ietf.org>
Resent-To: angel.lozano@upf.edu, mcr+ietf@sandelman.ca, mischa.dohler@cttc.es, roger.alexander@cooperindustries.com, tzeta.tsao@cooperindustries.com, vanesa.daza@upf.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/roll/b38BURxrXU3TTlLxw-f8GEPv8QM
Cc: roll@ietf.org
Subject: [Roll] [roll] #161 (security-threats): AD review
Reply-To: roll@ietf.org

#161: AD review

 {{{

 Return-Path: <draft-alias-bounces@tools.ietf.org>
 Received: from tuna.sandelman.ca [2607:f0b0:f:3:216:3eff:fe7c:d1f3]
         by obiwan.sandelman.ca with IMAP (fetchmail-6.3.21)
         for <mcr@sandelman.ca> (single-drop); Fri, 08 Aug 2014 16:30:03
 -0400 (EDT)
 Received: from tuna.sandelman.ca ([unix socket])
          by tuna (Cyrus v2.4.16-Debian-2.4.16-4+deb7u1) with LMTPA;
          Fri, 08 Aug 2014 13:03:30 -0400
 X-Sieve: CMU Sieve 2.4
 Received: from colo4.roaringpenguin.com (colo4.roaringpenguin.com
 [174.142.115.36])
         by tuna.sandelman.ca (Postfix) with ESMTPS id AC73120028
         for <mcr+ietf@sandelman.ca>; Fri,  8 Aug 2014 13:03:30 -0400 (EDT)
 Received: from zinfandel.tools.ietf.org (zinfandel.tools.ietf.org
 [64.170.98.42])
         by colo4.roaringpenguin.com (8.14.3/8.14.3/Debian-9.4) with ESMTP
 id s78H0odl032055
         (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT)
         for <mcr+ietf@sandelman.ca>; Fri, 8 Aug 2014 13:00:52 -0400
 Resent-Date: Fri, 8 Aug 2014 13:00:52 -0400
 Resent-From: draft-alias-bounces@tools.ietf.org
 Resent-Message-Id: <201408081700.s78H0odl032055@colo4.roaringpenguin.com>
 Received: from asmtp2.iomartmail.com ([62.128.201.249]:59423)
         by zinfandel.tools.ietf.org with esmtps
 (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256)
         (Exim 4.82_1-5b7a7c0-XX)
         (envelope-from <adrian@olddog.co.uk>)
         id 1XFnX2-0007W6-Bm
         for draft-ietf-roll-security-threats@tools.ietf.org; Fri, 08 Aug
 2014 10:00:46 -0700
 Received: from asmtp2.iomartmail.com (localhost.localdomain [127.0.0.1])
         by asmtp2.iomartmail.com (8.13.8/8.13.8) with ESMTP id
 s78H0Xht019353;
         Fri, 8 Aug 2014 18:00:33 +0100
 Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com
 [81.140.15.32])
         (authenticated bits=0)
         by asmtp2.iomartmail.com (8.13.8/8.13.8) with ESMTP id
 s78H0WHH019345
         (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
         Fri, 8 Aug 2014 18:00:32 +0100
 Reply-To: <adrian@olddog.co.uk>
 From: "Adrian Farrel" <adrian@olddog.co.uk>
 To: <draft-ietf-roll-security-threats@tools.ietf.org>
 Cc: <roll@ietf.org>
 Date: Fri, 8 Aug 2014 18:00:31 +0100
 Message-ID: <039901cfb32a$4396fa40$cac4eec0$@olddog.co.uk>
 MIME-Version: 1.0
 Content-Type: text/plain;
         charset="us-ascii"
 Content-Transfer-Encoding: 7bit
 X-Mailer: Microsoft Outlook 14.0
 Thread-Index: Ac+zKjbjWAt8/OXPR76hTX4S1nHWDg==
 Content-Language: en-gb
 X-TM-AS-MML: disable
 X-TM-AS-Product-Ver: IMSS-7.1.0.1576-7.5.0.1018-20868.000
 X-TM-AS-Result: No--10.129-10.0-31-10
 X-imss-scan-details: No--10.129-10.0-31-10
 X-TMASE-MatchedRID:
 uM/FAQ+OoQfLLefpbEkxkJmug812qIbzbv16+gil4jc3Z3efQH+wj0j8
 AtVpDcmg30nY8d71auJnI/RGosR8EpVSBURTFYjQoMo9pWsaF6VlrsuS5tC+P/W2znIlYDjDRiX
 6fzbAQPUvK5dSZworPLHR1wcQzR2o06P6nK44odAItCy6ZX/lLx852jgffnmI+yNYYwngrxbvv/
 IA2HPk+OByqm2JX7QD3Fu/vVUHOxojc2rIhESDRt35+5/2Rxqmbb9qvlMXO4Kyd65qZFFPk2mCt
 i+JzZB1MzGNNFA7dQEbZLZQawUR5v3oDYuWRaGYEhGH3CRdKUUHZg6HZbmAcfgnJH5vm2+g1BoO
 0FXL0sgf8ff5tbWyxfcKXYM536/nF0rpaZ47th8SuhBXNJb1dEyQ5fRSh265BMjYv8ffQVVnKwn
 YEuaPmLjObRk3pjhHg8SU+T+Au5YzjsQsSbMmptcd9O3aJYmbRtu4vtjjtzQJW4Re2U2py2Rkbo
 3bzUFsYu0aFyYZk872vyDIp/5VLuVHGbcDbAq6OX/V8P8ail3Yr6U3ZlQkdsRB0bsfrpPIfiAqr
         jYtFiQXY+x/7KhI2QdJb2/QOA/yhaNhoUTlUMsjarW1v8ENY37cGd19dSFd
 X-SA-Exim-Connect-IP: 62.128.201.249
 X-SA-Exim-Rcpt-To: draft-ietf-roll-security-threats@tools.ietf.org
 X-SA-Exim-Mail-From: adrian@olddog.co.uk
 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
         zinfandel.tools.ietf.org
 X-Spam-Level:
 X-Spam-Status: No, score=-1.9 required=3.0
 tests=BAYES_00,RCVD_IN_DNSWL_NONE,
         RCVD_IN_MSPIKE_H2 autolearn=no autolearn_force=no version=3.4.0
 Subject: AD review of draft-ietf-roll-security-threats
 X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
 X-SA-Exim-Scanned: Yes (on zinfandel.tools.ietf.org)
 Resent-To: angel.lozano@upf.edu, mcr+ietf@sandelman.ca,
 mischa.dohler@cttc.es,
         roger.alexander@cooperindustries.com,
 tzeta.tsao@cooperindustries.com,
         vanesa.daza@upf.edu
 List-ID: <draft-ietf-roll-security-threats@tools.ietf.org>
 X-Bayes-Prob: 0.0001 (Score 0, tokens from: mcr, @@RPTN)
 X-Spam-Score: -0.10 () [Hold at 5.10] SPF(none:0),DKIM(none:0),RBL(rp-
 good:-0.1)
 X-CanIt-Geo: ip=64.170.98.42; country=US; latitude=38.0000;
 longitude=-97.0000; http://maps.google.com/maps?q=38.0000,-97.0000&z=6
 X-CanItPRO-Stream: sandelman-ca:mcr (inherits from sandelman-ca:default
 ,rp-customers:default,base:default)
 X-Canit-Stats-ID: 02MAh0PnT - 101c2b520d28 - 20140808
 X-Antispam-Training-Forget:
 https://antispam.roaringpenguin.com/canit/b.php?i=02MAh0PnT&m=101c2b520d28&t=20140808&c=f
 X-Antispam-Training-Nonspam:
 https://antispam.roaringpenguin.com/canit/b.php?i=02MAh0PnT&m=101c2b520d28&t=20140808&c=n
 X-Antispam-Training-Spam:
 https://antispam.roaringpenguin.com/canit/b.php?i=02MAh0PnT&m=101c2b520d28&t=20140808&c=s
 X-CanIt-Archive-Cluster: irqpXI7aJGyo4Ewta7qVH399FOg
 X-Scanned-By: CanIt (www . roaringpenguin . com) on 174.142.115.36

 Hi authors,

 I have conducted my usual AD review of your document having received a
 publication request. The purpose of the review is to make sure that the
 document is in the best possible shape to go through IETF last call and
 IESG evaluation.

 Thank you for taking the time and investing the effort on this
 important document.

 I find the content readable and easy to understand (thank you). I'm not
 a security expert, but what you have written is clear and credible. Good
 job!

 There is just a small set of editorial issues that I would like you to
 clean up before I run the IETF last call.

 I'll put the document into "Revised I-D Needed" state and wait for you
 to post a revision.

 Thanks for the work,
 Adrian

 ===-

 The references are a mess as indicated by idnits and the Shepherd
 write-up.

 http://www.ietf.org/tools/idnits?url=http://www.ietf.org/archive/id/draft-
 ietf-r
 oll-security-threats-08.txt

 The point here is that you can't just include something in the
 references section because you think it is a fine document or you are
 friends with the author :-)  If a document is worth reading in the
 context of this I-D, then there should be a mention of it somewhere
 (appropriate) in the text. If there is nowhere that you find it
 appropriate to mention the reference, then remove it from the references
 section.

 [I-D.ietf-roll-terminology] is now RFC 7102.

 ---

 A few abbreviations are used without expansion.

 I found MPLS, ESSID/PAN, CCM, PANA, EAP-TLS, DODAG.

 ---

 Your one use of RFC 2119 language outside Section 8 is unnecessary.

    RPL uses multicast as part of it's protocol,
    and therefore mechanisms which RPL uses to secure this traffic MAY be
    applicable to MPL control traffic as well: the important part is that
    the threats are similiar.

 s/it's/its/
 s/MAY/might also/
 s/similiar/similar/

 Furthermore, while your use of 2119 in Section 8 is fine with me, it is
 not in harmony with the boilerplate you have included after the
 Abstract.

 I suggest you move it to Section 3, and have it read...

    Although this is not a protocol specification, the key words "MUST",
    "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT",
    "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this
    document are to be interpreted as described in RFC 2119 [RFC2119] in
    order to clarify and emphasize the guidance and directions to
    implementers and deployers of LLN nodes that utilize RPL.

 ---

 4.3 is a helpful way to present things. I think that "Limited energy,
 memory, and processing node resources" also needs to highlight the
 increased susceptibility of LLN nodes to denial of service attacks since
 it is not only easier o swamp such nodes, but they can be exhausted to
 the extent that they are never able to function again! Such an attack
 may be mounted through the routing plane (and impact both routing and
 data forwarding) or through the data plane (to impact both forwarding
 and routing). Thus, there is also an interdependency between the two
 planes that may be tighter in LLNs than in other networks.

 }}}

-- 
-------------------------+-------------------------------------------------
 Reporter:               |      Owner:  draft-ietf-roll-security-
  mcr@sandelman.ca       |  threats@tools.ietf.org
     Type:  enhancement  |     Status:  new
 Priority:  major        |  Milestone:  milestone1
Component:  security-    |    Version:
  threats                |   Keywords:
 Severity:  Submitted    |
  WG Document            |
-------------------------+-------------------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/roll/trac/ticket/161>
roll <http://tools.ietf.org/wg/roll/>

[Roll] [roll] #161 (security-threats): AD review roll issue tracker
Re: [Roll] [roll] #161 (security-threats): AD rev… roll issue tracker
Re: [Roll] [roll] #161 (security-threats): AD rev… roll issue tracker
Re: [Roll] [roll] #161 (security-threats): AD rev… roll issue tracker
Re: [Roll] [roll] #161 (security-threats): AD rev… roll issue tracker
Re: [Roll] [roll] #161 (security-threats): AD rev… roll issue tracker