Re: [secdir] Secdir review of draft-ietf-dmm-requirements-14
"H Anthony Chan" <h.anthony.chan@gmail.com> Thu, 27 February 2014 00:32 UTC
Return-Path: <h.anthony.chan@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0D4A1A07CA; Wed, 26 Feb 2014 16:32:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.711
X-Spam-Level:
X-Spam-Status: No, score=0.711 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bU6TWL-MwokR; Wed, 26 Feb 2014 16:32:24 -0800 (PST)
Received: from mail-ie0-x22a.google.com (mail-ie0-x22a.google.com [IPv6:2607:f8b0:4001:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 1046C1A079E; Wed, 26 Feb 2014 16:32:23 -0800 (PST)
Received: by mail-ie0-f170.google.com with SMTP id y20so1443406ier.15 for <multiple recipients>; Wed, 26 Feb 2014 16:32:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:reply-to:from:to:cc:references:in-reply-to:subject:date :mime-version:content-type:importance; bh=XjnCobmZgrl9ebEq8uhqUKu+2yotzgNdx0pT2R1xHbE=; b=vAT743sQ1Sg3Jmb421wqvePGAiT/MHdRi3/micia/ZPqj5OwrK5/xO5CZ+2ATi8k3Q aJvDiuvE89O3HVWD8NUvkxbwabG5LEmKZ5tT+AHyrL93B+KFeb051YwogX6BtWhhRCmw OIjOqD9J0lt8sv/bIUJ0mnSmi4DBwBial2NN0aJWut5BANHxmJ6n87kPjE8USNUg8Sbp GNRhaPqUaWP+fXZHLVz61U2b0WOFx9LPglgD5SIrMjuFC1evi4Du4hrV3Ax79Y1Z0Uvx OFa5tVF7VLQUGkEcBHqYz/NzLyFlBkZ/3zhIyBXaZBTcPJKAYzzWhz8nnTqEBcXchifJ flyw==
X-Received: by 10.50.4.74 with SMTP id i10mr2655464igi.43.1393461142623; Wed, 26 Feb 2014 16:32:22 -0800 (PST)
Received: from C73782TX02 ([50.58.7.243]) by mx.google.com with ESMTPSA id hs6sm53824523igb.2.2014.02.26.16.32.20 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 26 Feb 2014 16:32:21 -0800 (PST)
Message-ID: <3FB80D3E15F745BE82C550268ABCA822@china.huawei.com>
From: H Anthony Chan <h.anthony.chan@gmail.com>
To: Catherine Meadows <catherine.meadows@nrl.navy.mil>, secdir@ietf.org, iesg@ietf.org, draft-ietf-dmm-requirements.all@tools.ietf.org
References: <79966625-7B22-4641-8B4E-3839AE3B67A6@nrl.navy.mil>
In-Reply-To: <79966625-7B22-4641-8B4E-3839AE3B67A6@nrl.navy.mil>
Date: Wed, 26 Feb 2014 18:32:19 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0037_01CF3321.151811B0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8117.416
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8117.416
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/3Ph9tjLkZ9SfGSbPyxrebEPfNtk
X-Mailman-Approved-At: Wed, 26 Feb 2014 16:33:40 -0800
Cc: dmm@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-dmm-requirements-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: H Anthony Chan <h.a.chan@ieee.org>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2014 00:32:30 -0000
Catherine,
Thanks for the comments and suggestions.
I am going through them one by one as follows:
The revised abstract is as follows:
Abstract:
This document defines the requirements for Distributed Mobility
Management (DMM) at the network layer. The hierarchical structure in
traditional wireless networks has led primarily to centrally deployed
mobility anchors. As some wireless networks are evolving away from
the hierarchical structure, it can be useful have a distributed model
for mobility management in which traffic does not need to traverse
centrally deployed mobility anchors far from the optimal route. The
motivation and the problems addressed by each requirement are also
described.
I agree "distributed processing" is open-ended. The following suggested revision tries to spell out what to enable.
REQ1: Distributed mobility management
IP mobility, network access and routing solutions provided by
DMM MUST enable traffic to avoid traversing single mobility
anchor far from the optimal route.
Thanks for the suggestion to clarify what the specific node mean.
I also agree that "can be used to protect" is not the proper word. The intention of this requirement is that the dmm solution MUST be designed properly (in terms of security) such that the use of the security protocols that are already used to protect the existing network and the existing mobility protocols is able to provide sufficient protection to the dmm entities. Please check the following revision:
REQ6: Security considerations
A DMM solution MUST NOT introduce new security risks, or
amplify existing security risks, that cannot be mitigated by
existing security mechanisms or protocols.
Motivation: Various attacks such as impersonation, denial of
service, man-in-the-middle attacks, and so on, may be launched
in a DMM deployment. For instance, an illegitimate node may
attempt to access a network providing DMM. Another example is
that a malicious node can forge a number of signaling messages
thus redirecting traffic from its legitimate path.
Consequently, the specific node or nodes to which the traffic
is redirected may be under a denial of service attack, whereas
other nodes do not receive their traffic. Accordingly,
security mechanisms/protocols providing access control,
integrity, authentication, authorization, confidentiality,
etc. should be used to protect the DMM entities as they are
already used to protect against existing networks and existing
mobility protocols defined in IETF. Yet if a candidate DMM
solution is such that even the proper use of these existing
security mechanisms/protocols are unable to provide sufficient
security protection, that candidate DMM solution is causing
uncontrollable security problems.
This requirement prevents a DMM solution from introducing
uncontrollable problems of potentially insecure mobility management
protocols which make deployment infeasible because platforms
conforming to the protocols are at risk for data loss and numerous
other dangers, including financial harm to the users.
H Anthony Chan
From: Catherine Meadows
Sent: Tuesday, February 25, 2014 3:27 PM
To: secdir@ietf.org ; iesg@ietf.org ; draft-ietf-dmm-requirements.all@tools.ietf.org
Cc: Catherine Meadows
Subject: Secdir review of draft-ietf-dmm-requirements-14
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This draft gives high-level requirements for distributed mobility management at the network layer.
It also gives definitions of key concepts and motivation for replacing or augmenting current standards for centralized mobility management (in which information
about location of a mobile node is kept at a centralized mobility anchor) with distributed mobility management, in which
this information is distributed. This latter includes a list of the problems that can be addressed with DMM.
Although the motivation for distributed mobility management is not the main point of this document, it is very helpful
in helping the reader understand the requirements and their importance, so I am glad to see it there. Since this, including the
problem statement, is quite important and useful, I’d suggest mentioning it in the abstract.
The requirements are for the most part well-written and at the appropriate level of detail. However, I have
a few suggestions:
1) REQ 1 is for distributed processing, but “distributed processing is a rather open-ended term. It would be a good
idea to include some indication of what is meant by distributed processing here.
2) There are a couple of points in REQ6: Security considerations that need to be clarified:
2a) Another example is
that a malicious node can forge a number of signaling messages
thus redirecting traffic from its legitimate path.
Consequently, the specific node is under a denial of service
attack, whereas other nodes do not receive their traffic.
It’s not made clear what the specific node is. It would be better to have something like
Another example is
that a malicious node can forge a number of signaling messages
thus redirecting traffic from its legitimate path.
Consequently, the specific node or nodes to which the traffic is redirected may be under a denial of service
attack, whereas other nodes do not receive their traffic.
2b) Accordingly, security mechanisms/protocols providing access
control, integrity, authentication, authorization,
confidentiality, etc. can be used to protect the DMM entities
as they are already used to protect against existing networks
and existing mobility protocols defined in IETF.
“can be used to protect” seems awfully weak. Is there any reason why you don’t want to say SHOULD or MUST?
Or, if you don’t want to make this and IETF SHOULD or MUST, you might want to say something like “we recommend”.
Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil
- [secdir] Secdir review of draft-ietf-dmm-requirem… Catherine Meadows
- Re: [secdir] Secdir review of draft-ietf-dmm-requ… H Anthony Chan