[secdir] Review of draft-ietf-manet-smf-13

Shawn Emery <shawn.emery@oracle.com> Sun, 04 March 2012 08:03 UTC

Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 48C9911E8073; Sun, 4 Mar 2012 00:03:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.265
X-Spam-Status: No, score=-9.265 tagged_above=-999 required=5 tests=[AWL=1.334, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id i13LW3wk0p7x; Sun, 4 Mar 2012 00:03:47 -0800 (PST)
Received: from acsinet15.oracle.com (acsinet15.oracle.com []) by ietfa.amsl.com (Postfix) with ESMTP id 9F5B911E8072; Sun, 4 Mar 2012 00:03:46 -0800 (PST)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com []) by acsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q2483hwL020575 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 4 Mar 2012 08:03:44 GMT
Received: from acsmt357.oracle.com (acsmt357.oracle.com []) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q2483gHd010865 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 4 Mar 2012 08:03:43 GMT
Received: from abhmt112.oracle.com (abhmt112.oracle.com []) by acsmt357.oracle.com ( with ESMTP id q2483gLv027175; Sun, 4 Mar 2012 02:03:42 -0600
Received: from [] (/ by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 04 Mar 2012 00:03:42 -0800
Message-ID: <4F5321A2.1070504@oracle.com>
Date: Sun, 04 Mar 2012 01:02:42 -0700
From: Shawn Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:9.0) Gecko/20120113 Thunderbird/9.0.1
MIME-Version: 1.0
To: secdir@ietf.org
References: <4F0410AE.8050600@oracle.com>
In-Reply-To: <4F0410AE.8050600@oracle.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Source-IP: ucsinet21.oracle.com []
X-CT-RefId: str=0001.0A090209.4F5321E1.0017,ss=1,re=0.000,fgs=0
Cc: draft-ietf-manet-smf.all@tools.ietf.org, iesg@ietf.org
Subject: [secdir] Review of draft-ietf-manet-smf-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Mar 2012 08:03:48 -0000

I know that the telechat has passed, but since I started this before 
then, I have posted the completed review below...

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors. Document editors and WG chairs should treat these 
comments just like any other last call comments.

This experimental draft describes a multicast forwarding design 
specifically for limited wireless mesh and mobile ad hoc networks (MANET).

The security considerations section does exist.  The section states 
several attacks and provides mitigation of the associated attack.  Most 
of the attacks listed are related to DoS.  Solutions to some of these 
issues involve caching TTL/hop-limits to thwart against an attacker 
replaying packets with reduced TTL/hop-limits.  The section goes on 
reference RFC6130's security consideration section in regards to MANET's 
neighborhood discovery protocol (NHDP).  I had originally reviewed that 
draft as well and had found no additional concerns.

General comments:


Editorial comments:

Well written, thank you.