[secdir] secdir review of draft-ietf-tsvwg-sctp-ndata-12
"Scott G. Kelly" <scott@hyperthought.com> Thu, 24 August 2017 17:39 UTC
Return-Path: <scott@hyperthought.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB5AA13247A for <secdir@ietfa.amsl.com>; Thu, 24 Aug 2017 10:39:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.7
X-Spam-Level:
X-Spam-Status: No, score=-4.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3vqksfvey8PM for <secdir@ietfa.amsl.com>; Thu, 24 Aug 2017 10:39:19 -0700 (PDT)
Received: from smtp90.iad3a.emailsrvr.com (smtp90.iad3a.emailsrvr.com [173.203.187.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94CD41329BE for <secdir@ietf.org>; Thu, 24 Aug 2017 10:39:18 -0700 (PDT)
Received: from smtp36.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp36.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 9E88E571D; Thu, 24 Aug 2017 13:39:17 -0400 (EDT)
Received: from app31.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by smtp36.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 84E885B67; Thu, 24 Aug 2017 13:39:17 -0400 (EDT)
X-Sender-Id: scott@hyperthought.com
Received: from app31.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by 0.0.0.0:25 (trex/5.7.12); Thu, 24 Aug 2017 13:39:17 -0400
Received: from hyperthought.com (localhost.localdomain [127.0.0.1]) by app31.wa-webapps.iad3a (Postfix) with ESMTP id 729ECC0067; Thu, 24 Aug 2017 13:39:17 -0400 (EDT)
Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com) with HTTP; Thu, 24 Aug 2017 10:39:17 -0700 (PDT)
X-Auth-ID: scott@hyperthought.com
Date: Thu, 24 Aug 2017 10:39:17 -0700
From: "Scott G. Kelly" <scott@hyperthought.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-tsvwg-sctp-ndata.all@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-Type: plain
Message-ID: <1503596357.467129961@apps.rackspace.com>
X-Mailer: webmail/12.9.5-RC
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/HzcrkIeG0oWa3WKsKbKI2Eu4fkc>
Subject: [secdir] secdir review of draft-ietf-tsvwg-sctp-ndata-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Aug 2017 17:39:22 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is ready with (maybe) issues. I'm not sure if there is an issue or not. Maybe this can be quickly resolved. Paraphrasing from the abstract, the document adds a new chunk to SCTP for carrying payload data, allowing a sender to interleave different user messages that would otherwise result in head of line blocking at the sender. An example usage: a client (or server) is sending a large message over SCTP, so it fragments the message and sends the fragments one after the other; each fragment is assigned a Transmission Sequence Number (TSN). If that client has a higher priority message to send during the transmission of the fragments, that message must go to the end of the line. This document defines a "stream", and allows interleaving streams, so that the higher priority message can be transmitted immediately (on its own stream), and the receiver will understand that this is not part of the lower priority message's TSN chain (stream). The security considerations section says This document does not add any additional security considerations in addition to the ones given in [RFC4960] and [RFC6458]. It should be noted that the application has to consent that it is willing to do the more complex reassembly support required for user message interleaving. When doing so, an application has to provide up to two reassembly buffers (one for ordered messages, one for unordered messages) for each incoming stream. It has to protect itself against these buffers taking too many resources. If user message interleaving is not used, only a single reassembly buffer needs to be provided for each association. But the application has to protect itself for excessive resource usages there too. The security considerations of 4960 are very thorough, but they never mention anything about fragment reassembly issues. I don't know much about SCTP, so maybe this is not a concern, but I wondered: could a hostile endpoint attack the reassembly scheme (which must be reimplemented for each application) by sending malicious fragments? --Scott
- [secdir] secdir review of draft-ietf-tsvwg-sctp-n… Scott G. Kelly
- Re: [secdir] secdir review of draft-ietf-tsvwg-sc… Michael Tuexen
- Re: [secdir] secdir review of draft-ietf-tsvwg-sc… Scott G. Kelly