Re: [secdir] secdir review of draft-ietf-tsvwg-sctp-prpolicies-05

Joseph Salowey <joe@salowey.net> Mon, 01 December 2014 19:44 UTC

Return-Path: <joe@salowey.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C533A1A8ABF for <secdir@ietfa.amsl.com>; Mon, 1 Dec 2014 11:44:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UJAhfHKEVQBO for <secdir@ietfa.amsl.com>; Mon, 1 Dec 2014 11:44:34 -0800 (PST)
Received: from mail-qc0-f171.google.com (mail-qc0-f171.google.com [209.85.216.171]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D82B31A8ABE for <secdir@ietf.org>; Mon, 1 Dec 2014 11:44:33 -0800 (PST)
Received: by mail-qc0-f171.google.com with SMTP id r5so8353328qcx.30 for <secdir@ietf.org>; Mon, 01 Dec 2014 11:44:33 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=bJk7omLYLC+YrFasmeomF+QRRRn1X8Nrwgvnzcs0AU4=; b=GtOIM2lzKob70O5Uh1BfOk/aKwHJ5y7h0rGqslI3XdpoOz4w0fh298oVploeethSHX /19MkmGYEp9tRDBCTI+kV+DLEqjpFRsiZn9F+dWlM6zC8Lfm3+yY7t3LwzPUy7+SvzFv WhYCM+58A1/WOayynglCutn7gEg6zlRQq7IF/USG910gwaMO6+zt0BjZ0c1EBU/Yq9Qw lNGuNAuq2JuqNy0CrEoKgGQ/VgCD5utH+Ks073+3yKA9jBs39uuCxNpsyPkpZh2F+djn 6Wi1g2tfXh5FKM3zGRCFqoujBGftzJRlSBUORCd2sGYN3QtgBucoyLvZ8dpyUS8Hw2+u n6nw==
X-Gm-Message-State: ALoCoQmhGProJbBg1z7w3nZ6+rxwGLsY8SitRB1edz9hqtY60hPycafoWY1twDbQEe4BDQo5DMvl
MIME-Version: 1.0
X-Received: by 10.224.167.209 with SMTP id r17mr60937263qay.18.1417463072998; Mon, 01 Dec 2014 11:44:32 -0800 (PST)
Received: by 10.96.238.73 with HTTP; Mon, 1 Dec 2014 11:44:32 -0800 (PST)
X-Originating-IP: [2601:8:b300:a5:dc6:d9e5:2339:fbb3]
In-Reply-To: <C4F8E721-C808-4497-B185-112C9A702016@fh-muenster.de>
References: <CAOgPGoCrkz5pKT-qCnCNwEVsWE-9zzK9erMAU+_10NSvMTmrtQ@mail.gmail.com> <C4F8E721-C808-4497-B185-112C9A702016@fh-muenster.de>
Date: Mon, 1 Dec 2014 11:44:32 -0800
Message-ID: <CAOgPGoD+qwGNSNhr__+FGAnMqK3AA=OJrFXSagEP-D6ho-V5AA@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
To: Michael Tuexen <tuexen@fh-muenster.de>
Content-Type: multipart/alternative; boundary=089e0149cd74f2dc1805092cd616
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/GInB0PJI2bNSl_7csjPodH7BQb4
Cc: draft-ietf-tsvwg-sctp-prpolicies.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-tsvwg-sctp-prpolicies-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2014 19:44:36 -0000

On Mon, Dec 1, 2014 at 11:28 AM, Michael Tuexen <tuexen@fh-muenster.de>
wrote:

> On 01 Dec 2014, at 19:39, Joseph Salowey <joe@salowey.net> wrote:
>
> > I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security area
> directors. Document editors and WG chairs should treat these comments just
> like any other last call comments.
> >
> > I have reviewed this document and believe it is Ready with minor issues.
> Hi Joe,
>
> thank you very much for your review. See my comments below.
>
> Best regards
> Michael
> >
> > This document describes new policies for the users of the SCTP Partial
> Reliability service (SCTP-PR).  These policies cover discarding data after
> too many retransmissions and discarding lower priority data.
> >
> > The security considerations are a bit thin.  They mostly refer to RFC
> 3758 which is also a bit thin and was published before SCTP-DTLS was
> available.  There is some useful text in RFC 6083 (SCTP-DTLS) :
> >
> >   "If PR-SCTP as defined in [RFC3758
> > ] is used, FORWARD-TSN chunks MUST
> >    also be sent in an authenticated way as described in [
> > RFC4895
> > ].  This
> >    makes sure that it is not possible for an attacker to drop messages
> >    and use forged FORWARD-TSN, SACK, and/or SHUTDOWN chunks to hide this
> >    dropping."
> >
> >
> > I think it would be good to include similar text in this document since
> it is relevant.  Are there any problems
> I see your point, but this usage of AUTH in combination with DTLS is not
> related to the
> particular PR-SCTP policy. One could add a sentence stating that if DTLS
> over SCTP as specified
> in RFC 6083, the corresponding security considerations also apply. Would
> that address your issue?
>

[Joe] Yea, I think that would be OK.


> > introduced if the INIT or the INIT-ACK messages are not protected?
> No. You can't protect them, see
> https://tools.ietf.org/html/rfc4895#section-3.2
>

[Joe] Ah, OK.  So it seems the INIT negotiation is unprotected and may be
modified by an attacker.  Probably not something to address in this draft,
but I wonder if there are some potential issues here.


> >
> > Cheers,
> >
> > Joe
>
>