[secdir] secdir review of draft-ietf-manet-rfc6622-bis
Stephen Hanna <shanna@juniper.net> Tue, 09 July 2013 20:53 UTC
Return-Path: <shanna@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE6B421E8053; Tue, 9 Jul 2013 13:53:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.638
X-Spam-Level:
X-Spam-Status: No, score=-101.638 tagged_above=-999 required=5 tests=[AWL=-0.171, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_RAND_6=2, UNRESOLVED_TEMPLATE=3.132, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g0hGkDADHjOS; Tue, 9 Jul 2013 13:53:45 -0700 (PDT)
Received: from co9outboundpool.messaging.microsoft.com (co9ehsobe005.messaging.microsoft.com [207.46.163.28]) by ietfa.amsl.com (Postfix) with ESMTP id 8DF3821E8050; Tue, 9 Jul 2013 13:53:45 -0700 (PDT)
Received: from mail110-co9-R.bigfish.com (10.236.132.252) by CO9EHSOBE010.bigfish.com (10.236.130.73) with Microsoft SMTP Server id 14.1.225.22; Tue, 9 Jul 2013 20:53:44 +0000
Received: from mail110-co9 (localhost [127.0.0.1]) by mail110-co9-R.bigfish.com (Postfix) with ESMTP id A9B1F420098; Tue, 9 Jul 2013 20:53:44 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:66.129.224.50; KIP:(null); UIP:(null); IPV:NLI; H:P-EMHUB01-HQ.jnpr.net; RD:none; EFVD:NLI
X-SpamScore: -1
X-BigFish: PS-1(zz4015Izz1f42h1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzzz2fh2a8h683h839h944hd25hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah1d07h1d0ch1d2eh1d3fh1dc1h1de9h1dfeh1dffh1e1dh1155h)
Received-SPF: pass (mail110-co9: domain of juniper.net designates 66.129.224.50 as permitted sender) client-ip=66.129.224.50; envelope-from=shanna@juniper.net; helo=P-EMHUB01-HQ.jnpr.net ; -HQ.jnpr.net ;
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.234.117; KIP:(null); UIP:(null); (null); H:SN2PRD0510HT002.namprd05.prod.outlook.com; R:internal; EFV:INT
Received: from mail110-co9 (localhost.localdomain [127.0.0.1]) by mail110-co9 (MessageSwitch) id 1373403222274648_28857; Tue, 9 Jul 2013 20:53:42 +0000 (UTC)
Received: from CO9EHSMHS013.bigfish.com (unknown [10.236.132.229]) by mail110-co9.bigfish.com (Postfix) with ESMTP id 3F5E5200E0; Tue, 9 Jul 2013 20:53:42 +0000 (UTC)
Received: from P-EMHUB01-HQ.jnpr.net (66.129.224.50) by CO9EHSMHS013.bigfish.com (10.236.130.23) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 9 Jul 2013 20:53:39 +0000
Received: from P-CLDFE01-HQ.jnpr.net (172.24.192.59) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Tue, 9 Jul 2013 13:53:38 -0700
Received: from o365mail.juniper.net (207.17.137.149) by o365mail.juniper.net (172.24.192.59) with Microsoft SMTP Server id 14.1.355.2; Tue, 9 Jul 2013 13:53:37 -0700
Received: from ch1outboundpool.messaging.microsoft.com (216.32.181.185) by o365mail.juniper.net (207.17.137.149) with Microsoft SMTP Server (TLS) id 14.1.355.2; Tue, 9 Jul 2013 13:57:22 -0700
Received: from mail31-ch1-R.bigfish.com (10.43.68.249) by CH1EHSOBE003.bigfish.com (10.43.70.53) with Microsoft SMTP Server id 14.1.225.22; Tue, 9 Jul 2013 20:53:37 +0000
Received: from mail31-ch1 (localhost [127.0.0.1]) by mail31-ch1-R.bigfish.com (Postfix) with ESMTP id D5F6860B54; Tue, 9 Jul 2013 20:53:36 +0000 (UTC)
Received: from mail31-ch1 (localhost.localdomain [127.0.0.1]) by mail31-ch1 (MessageSwitch) id 1373403215338679_22884; Tue, 9 Jul 2013 20:53:35 +0000 (UTC)
Received: from CH1EHSMHS021.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.235]) by mail31-ch1.bigfish.com (Postfix) with ESMTP id 4E9274C004E; Tue, 9 Jul 2013 20:53:35 +0000 (UTC)
Received: from SN2PRD0510HT002.namprd05.prod.outlook.com (157.56.234.117) by CH1EHSMHS021.bigfish.com (10.43.70.21) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 9 Jul 2013 20:53:32 +0000
Received: from SN2PRD0510MB372.namprd05.prod.outlook.com ([169.254.9.180]) by SN2PRD0510HT002.namprd05.prod.outlook.com ([10.255.116.37]) with mapi id 14.16.0329.000; Tue, 9 Jul 2013 20:53:26 +0000
From: Stephen Hanna <shanna@juniper.net>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-manet-rfc6622bis.all@tools.ietf.org" <draft-ietf-manet-rfc6622bis.all@tools.ietf.org>
Thread-Topic: secdir review of draft-ietf-manet-rfc6622-bis
Thread-Index: Ac585lquiSITc2udRvyhyrd4ww7TEQ==
Date: Tue, 09 Jul 2013 20:53:25 +0000
Message-ID: <F1DFC16DCAA7D3468651A5A776D5796E1AA5D04B@SN2PRD0510MB372.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.232.2]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%12219$Dn%IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net
X-FOPE-CONNECTOR: Id%12219$Dn%TOOLS.IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net
X-OriginatorOrg: juniper.net
Subject: [secdir] secdir review of draft-ietf-manet-rfc6622-bis
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2013 20:54:00 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. And I apologize for missing the IETF Last Call deadline with this email. In my view, this document is Not Ready. This document obsoletes RFC 6622 but the text is confusing. Instead of having one section that explains what changed and the rest of the document just saying how it is now (as if this document is an RFC), the text is forever referring to the old RFC. For example, "This document reports previously assigned TLV types (from [RFC6622]) from the registries defined for Packet, Message, and Address Block TLVs in [RFC5444]." What do you mean "reports"? This document should stand on its own and only refer to RFC 6622 in a few places since RFC 6622 will be obsolete once this document is adopted. Otherwise, you're going to need to add a normative reference to an obsolete RFC! Section 1 contains these contradictory sentences: This document retains the IANA registries, defined in [RFC6622], for recording code points for ICV calculations, and requests an additional allocation from each these registries. This document retains the IANA registries, defined in [RFC6622], for recording code points for timestamps, hash-functions, and cryptographic functions, but does not request any additional allocations from these registries. To resolve IANA's confusion, I suggest that the IANA Considerations section state how things will be after this document is adopted and also include a section in square brackets with clear instructions about what IANA should change relative to what they have now in their registries. The section in square brackets can be marked for deletion by the RFC editor. Changing the name of existing TLVs is confusing! I guess I see why you changed "Packet ICV TLV" to "ICV Packet TLV" but it's still confusing. You should at least mention this change in the section that lists changes since the last version. And you should search your draft for instances of the old names ("Packet ICV TLV", "Packet TIMESTAMP TLV", and so on). There are still some of them left. I see that you changed the normative requirements in some places to make them more strict. For example, you changed a SHOULD to a MUST in section 9.2. That's OK if there's a good reason but this may cause implementations that comply with RFC 6622 to not comply with this new version. Therefore, you should mention any such changes in the "What Changed" section. People who implemented the old version will want to know what they need to change in their implementation. Although this document includes algorithm identifiers for RSA and DSA, there's no provision for conveying certificates. Perhaps the recipient is expected to already have those certificates on hand and to find them somehow (based on the Message Originator Address and the Key Identifier?). If the authors really intend for these algorithms to be useful, they should describe how certificates are handled. At first, I thought there were not Mandatory-To-Implement (MTI) algorithms in this document. Later, I learned that OLSRv2 says that all implementations of that document MUST implement draft-ietf-manet-nhdp-olsrv2-sec-03, which makes certain algorithms in RFC6622bis mandatory. RFC 6622bis should refer to draft-ietf-manet-nhdp-olsrv2-sec-03 and mention that it makes some of the algorithms in RFC 6622bis mandatory to implement. Finally, I would like to point out that implementing draft-ietf-manet-nhdp-olsrv2-sec-03 (which seems to be mandatory for OLSRv2 implementations) means that the ICV uses a "secret key shared by all routers". If any router is compromised, this shared key will be compromised as well so the attacker will be able to forge or modify OLSRv2 packets. Essentially, the compromise of any router will compromise the entire network. Such a security model is not suitable for use on the Internet. Therefore, I suggest that OLSRv2 and all the associated documents be published with Experimental status. If that is not possible, they should be published with an Applicability Statement limiting their use to networks where such a security flaw is acceptable. Thanks, Steve
- [secdir] secdir review of draft-ietf-manet-rfc662… Stephen Hanna