Re: [secdir] Secdir review of draft-ietf-dmm-requirements-14
"H Anthony Chan" <h.anthony.chan@gmail.com> Thu, 27 February 2014 00:32 UTC
Return-Path: <h.anthony.chan@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0D4A1A07CA; Wed, 26 Feb 2014 16:32:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.711
X-Spam-Level:
X-Spam-Status: No, score=0.711 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bU6TWL-MwokR; Wed, 26 Feb 2014 16:32:24 -0800 (PST)
Received: from mail-ie0-x22a.google.com (mail-ie0-x22a.google.com [IPv6:2607:f8b0:4001:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 1046C1A079E; Wed, 26 Feb 2014 16:32:23 -0800 (PST)
Received: by mail-ie0-f170.google.com with SMTP id y20so1443406ier.15 for <multiple recipients>; Wed, 26 Feb 2014 16:32:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:reply-to:from:to:cc:references:in-reply-to:subject:date :mime-version:content-type:importance; bh=XjnCobmZgrl9ebEq8uhqUKu+2yotzgNdx0pT2R1xHbE=; b=vAT743sQ1Sg3Jmb421wqvePGAiT/MHdRi3/micia/ZPqj5OwrK5/xO5CZ+2ATi8k3Q aJvDiuvE89O3HVWD8NUvkxbwabG5LEmKZ5tT+AHyrL93B+KFeb051YwogX6BtWhhRCmw OIjOqD9J0lt8sv/bIUJ0mnSmi4DBwBial2NN0aJWut5BANHxmJ6n87kPjE8USNUg8Sbp GNRhaPqUaWP+fXZHLVz61U2b0WOFx9LPglgD5SIrMjuFC1evi4Du4hrV3Ax79Y1Z0Uvx OFa5tVF7VLQUGkEcBHqYz/NzLyFlBkZ/3zhIyBXaZBTcPJKAYzzWhz8nnTqEBcXchifJ flyw==
X-Received: by 10.50.4.74 with SMTP id i10mr2655464igi.43.1393461142623; Wed, 26 Feb 2014 16:32:22 -0800 (PST)
Received: from C73782TX02 ([50.58.7.243]) by mx.google.com with ESMTPSA id hs6sm53824523igb.2.2014.02.26.16.32.20 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 26 Feb 2014 16:32:21 -0800 (PST)
Message-ID: <3FB80D3E15F745BE82C550268ABCA822@china.huawei.com>
From: H Anthony Chan <h.anthony.chan@gmail.com>
To: Catherine Meadows <catherine.meadows@nrl.navy.mil>, secdir@ietf.org, iesg@ietf.org, draft-ietf-dmm-requirements.all@tools.ietf.org
References: <79966625-7B22-4641-8B4E-3839AE3B67A6@nrl.navy.mil>
In-Reply-To: <79966625-7B22-4641-8B4E-3839AE3B67A6@nrl.navy.mil>
Date: Wed, 26 Feb 2014 18:32:19 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0037_01CF3321.151811B0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8117.416
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8117.416
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/3Ph9tjLkZ9SfGSbPyxrebEPfNtk
X-Mailman-Approved-At: Wed, 26 Feb 2014 16:33:40 -0800
Cc: dmm@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-dmm-requirements-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: H Anthony Chan <h.a.chan@ieee.org>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2014 00:32:30 -0000
Catherine, Thanks for the comments and suggestions. I am going through them one by one as follows: The revised abstract is as follows: Abstract: This document defines the requirements for Distributed Mobility Management (DMM) at the network layer. The hierarchical structure in traditional wireless networks has led primarily to centrally deployed mobility anchors. As some wireless networks are evolving away from the hierarchical structure, it can be useful have a distributed model for mobility management in which traffic does not need to traverse centrally deployed mobility anchors far from the optimal route. The motivation and the problems addressed by each requirement are also described. I agree "distributed processing" is open-ended. The following suggested revision tries to spell out what to enable. REQ1: Distributed mobility management IP mobility, network access and routing solutions provided by DMM MUST enable traffic to avoid traversing single mobility anchor far from the optimal route. Thanks for the suggestion to clarify what the specific node mean. I also agree that "can be used to protect" is not the proper word. The intention of this requirement is that the dmm solution MUST be designed properly (in terms of security) such that the use of the security protocols that are already used to protect the existing network and the existing mobility protocols is able to provide sufficient protection to the dmm entities. Please check the following revision: REQ6: Security considerations A DMM solution MUST NOT introduce new security risks, or amplify existing security risks, that cannot be mitigated by existing security mechanisms or protocols. Motivation: Various attacks such as impersonation, denial of service, man-in-the-middle attacks, and so on, may be launched in a DMM deployment. For instance, an illegitimate node may attempt to access a network providing DMM. Another example is that a malicious node can forge a number of signaling messages thus redirecting traffic from its legitimate path. Consequently, the specific node or nodes to which the traffic is redirected may be under a denial of service attack, whereas other nodes do not receive their traffic. Accordingly, security mechanisms/protocols providing access control, integrity, authentication, authorization, confidentiality, etc. should be used to protect the DMM entities as they are already used to protect against existing networks and existing mobility protocols defined in IETF. Yet if a candidate DMM solution is such that even the proper use of these existing security mechanisms/protocols are unable to provide sufficient security protection, that candidate DMM solution is causing uncontrollable security problems. This requirement prevents a DMM solution from introducing uncontrollable problems of potentially insecure mobility management protocols which make deployment infeasible because platforms conforming to the protocols are at risk for data loss and numerous other dangers, including financial harm to the users. H Anthony Chan From: Catherine Meadows Sent: Tuesday, February 25, 2014 3:27 PM To: secdir@ietf.org ; iesg@ietf.org ; draft-ietf-dmm-requirements.all@tools.ietf.org Cc: Catherine Meadows Subject: Secdir review of draft-ietf-dmm-requirements-14 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft gives high-level requirements for distributed mobility management at the network layer. It also gives definitions of key concepts and motivation for replacing or augmenting current standards for centralized mobility management (in which information about location of a mobile node is kept at a centralized mobility anchor) with distributed mobility management, in which this information is distributed. This latter includes a list of the problems that can be addressed with DMM. Although the motivation for distributed mobility management is not the main point of this document, it is very helpful in helping the reader understand the requirements and their importance, so I am glad to see it there. Since this, including the problem statement, is quite important and useful, I’d suggest mentioning it in the abstract. The requirements are for the most part well-written and at the appropriate level of detail. However, I have a few suggestions: 1) REQ 1 is for distributed processing, but “distributed processing is a rather open-ended term. It would be a good idea to include some indication of what is meant by distributed processing here. 2) There are a couple of points in REQ6: Security considerations that need to be clarified: 2a) Another example is that a malicious node can forge a number of signaling messages thus redirecting traffic from its legitimate path. Consequently, the specific node is under a denial of service attack, whereas other nodes do not receive their traffic. It’s not made clear what the specific node is. It would be better to have something like Another example is that a malicious node can forge a number of signaling messages thus redirecting traffic from its legitimate path. Consequently, the specific node or nodes to which the traffic is redirected may be under a denial of service attack, whereas other nodes do not receive their traffic. 2b) Accordingly, security mechanisms/protocols providing access control, integrity, authentication, authorization, confidentiality, etc. can be used to protect the DMM entities as they are already used to protect against existing networks and existing mobility protocols defined in IETF. “can be used to protect” seems awfully weak. Is there any reason why you don’t want to say SHOULD or MUST? Or, if you don’t want to make this and IETF SHOULD or MUST, you might want to say something like “we recommend”. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil
- [secdir] Secdir review of draft-ietf-dmm-requirem… Catherine Meadows
- Re: [secdir] Secdir review of draft-ietf-dmm-requ… H Anthony Chan