[Roll] [roll] #154: draft-ietf-roll-security-threats - Add further clarification/information - Section 7

"roll issue tracker" <trac+roll@trac.tools.ietf.org> Sun, 23 February 2014 20:17 UTC

Return-Path: <trac+roll@trac.tools.ietf.org>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id CD7691A06FA for <roll@ietfa.amsl.com>; Sun, 23 Feb 2014 12:17:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.253
X-Spam-Status: No, score=0.253 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id RCOI_OJUM1Mw for <roll@ietfa.amsl.com>; Sun, 23 Feb 2014 12:17:34 -0800 (PST)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id A4CF81A06F9 for <roll@ietf.org>; Sun, 23 Feb 2014 12:17:34 -0800 (PST)
Received: from localhost ([]:48971 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+roll@trac.tools.ietf.org>) id 1WHfUN-000379-8Z; Sun, 23 Feb 2014 21:17:27 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "roll issue tracker" <trac+roll@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-roll-trickle-mcast@tools.ietf.org, mariainesrobles@gmail.com
X-Trac-Project: roll
Date: Sun, 23 Feb 2014 20:17:27 -0000
X-URL: http://tools.ietf.org/wg/roll/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/roll/trac/ticket/154
Message-ID: <067.2d07e9ce6d260fdbb979a3c0574587a5@trac.tools.ietf.org>
X-Trac-Ticket-ID: 154
X-SA-Exim-Rcpt-To: draft-ietf-roll-trickle-mcast@tools.ietf.org, mariainesrobles@gmail.com, robert.cragie@gridmerge.com, roll@ietf.org
X-SA-Exim-Mail-From: trac+roll@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: jonhui@cisco.com, richard.kelsey@silabs.com
Archived-At: http://mailarchive.ietf.org/arch/msg/roll/emKp_FUjOi4X2J1SkfIANlkdF48
Cc: roll@ietf.org
Subject: [Roll] [roll] #154: draft-ietf-roll-security-threats - Add further clarification/information - Section 7
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: roll@ietf.org
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Feb 2014 20:17:37 -0000

#154: draft-ietf-roll-security-threats - Add further clarification/information -
Section 7

 Reported by Robert Cragie - 02/17/2014

 Section 7 Confidentiality Features

    The assessments and analysis in Section 5 examined all areas of
    threats and attacks that could impact routing, and the
    countermeasures presented in Section 6 were reached without confining
    the consideration to means only available to routing.  This section
    puts the results into perspective and provides a framework for
    addressing the derived set of security objectives that must be met by
    the routing protocol(s) specified by the RPL Working Group.

 <rcc>I thought the idea was there was no framework being presented in this
 security threats draft? There is no RPL working group</rcc>

 7.2.  Integrity Features

    While logging is critical, it is often impossible.

 <rcc>Why is it "often impossible"? Where is the justification for such a

 Section 7.3.  Availability Features

    o  MAY restrict neighborhood cardinality;


    o  MAY use geographic information for flow control.

 <rcc>What "MAY" do all the above things? Routing? It doesn't read

 Section 7.4.  Key Management

    While RPL has secure modes, but some modes are impractical without  use
 of public key cryptography believed to be too expensive by many. RPL
 layer-3 security will often depend upon existing LLN layer-2 security
 mechanisms, which provides for node authentication, but
    little in the way of node authorization.

 <rcc>Not necessarily - again, I do not understand why L2 security implies
 "something less". If anything, L2 security is better as the integrity code
 covers more of the PDU (i.e. the MAC addresses) making e.g. wormhole
 attacks harder as it is harder to spoof addresses.</rcc>

 Reporter:                           |      Owner:  draft-ietf-roll-
  mariainesrobles@gmail.com          |  trickle-mcast@tools.ietf.org
     Type:  defect                   |     Status:  new
 Priority:  major                    |  Milestone:
Component:  security-threats         |    Version:
 Severity:  In WG Last Call          |   Keywords:

Ticket URL: <http://trac.tools.ietf.org/wg/roll/trac/ticket/154>
roll <http://tools.ietf.org/wg/roll/>