[secdir] Secdir review of draft-ietf-manet-nhdp-optimization.all@ietf.org

Charlie Kaufman <charliekaufman@outlook.com> Fri, 24 October 2014 06:24 UTC

Return-Path: <charliekaufman@outlook.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 7EF8F1A1BED; Thu, 23 Oct 2014 23:24:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.801
X-Spam-Status: No, score=0.801 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id SrayHW6oBD_z; Thu, 23 Oct 2014 23:24:25 -0700 (PDT)
Received: from COL004-OMC1S3.hotmail.com (col004-omc1s3.hotmail.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48B611A1B74; Thu, 23 Oct 2014 23:24:25 -0700 (PDT)
Received: from COL401-EAS217 ([]) by COL004-OMC1S3.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751); Thu, 23 Oct 2014 23:24:24 -0700
X-TMN: [Z+u+hv4zlzOefCKkSxDRzwQ0IG9U3Acw]
X-Originating-Email: [charliekaufman@outlook.com]
Message-ID: <COL401-EAS217A77A10FF11F45D69473DDF930@phx.gbl>
From: Charlie Kaufman <charliekaufman@outlook.com>
To: secdir@ietf.org
Date: Thu, 23 Oct 2014 23:24:29 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_01DF_01CFEF18.7E7FC4F0"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: Ac/vUcWM4X3tPJK/Q2arXNwUJcJXBQ==
Content-Language: en-us
X-OriginalArrivalTime: 24 Oct 2014 06:24:24.0927 (UTC) FILETIME=[27FD4EF0:01CFEF53]
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/Hsi1blYGN10XAtHahY-rveisZH8
Cc: draft-ietf-manet-nhdp-optimization.all@tools.ietf.org, iesg@ietf.org
Subject: [secdir] Secdir review of draft-ietf-manet-nhdp-optimization.all@ietf.org
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 06:24:30 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.


This document specifies a conceptually minor change to the MANET
Neighborhood Discovery Protocol (NHDP) (RFC6130). It is a backwards
compatible optimization allowing neighbors accessible over links of marginal
quality to be processed more efficiently in the case where communication
bounces up and down due to the marginal link quality. It extends an
optimization already specified in RFC6130 for one-hop neighbors to also
apply to two-hop neighbors.


The security considerations section says that this change introduces no
additional security considerations beyond those in RFC6130, and I agree. If
anything, this change reduces the potential of one kind of an attack where a
node simulates a bouncing link to consume excessive resources on the target.
But I don't believe this minor security advantage is worth mentioning. it is
a consequence of the main point of the change which is to improve
performance (mostly responsiveness).