[secdir] Secdir review of draft-ietf-dmm-requirements-14
Catherine Meadows <catherine.meadows@nrl.navy.mil> Tue, 25 February 2014 21:27 UTC
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE8141A06E8; Tue, 25 Feb 2014 13:27:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.254
X-Spam-Level:
X-Spam-Status: No, score=0.254 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LqPEJfsr8qpa; Tue, 25 Feb 2014 13:27:46 -0800 (PST)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [132.250.118.211]) by ietfa.amsl.com (Postfix) with ESMTP id DF9531A029C; Tue, 25 Feb 2014 13:27:45 -0800 (PST)
Received: from ashurbanipal.fw5540.net (fw5540.nrl.navy.mil [132.250.196.100]) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id s1PLRh8i017940 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 25 Feb 2014 16:27:43 -0500
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_01D8C3B3-E0B8-4770-9D1E-571E0EA77A28"
Date: Tue, 25 Feb 2014 16:27:43 -0500
Message-Id: <79966625-7B22-4641-8B4E-3839AE3B67A6@nrl.navy.mil>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-dmm-requirements.all@tools.ietf.org
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
X-Mailer: Apple Mail (2.1874)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/I5_7H_wO_8khJmZnF_XyctHNBLQ
Subject: [secdir] Secdir review of draft-ietf-dmm-requirements-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2014 21:27:52 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft gives high-level requirements for distributed mobility management at the network layer. It also gives definitions of key concepts and motivation for replacing or augmenting current standards for centralized mobility management (in which information about location of a mobile node is kept at a centralized mobility anchor) with distributed mobility management, in which this information is distributed. This latter includes a list of the problems that can be addressed with DMM. Although the motivation for distributed mobility management is not the main point of this document, it is very helpful in helping the reader understand the requirements and their importance, so I am glad to see it there. Since this, including the problem statement, is quite important and useful, I’d suggest mentioning it in the abstract. The requirements are for the most part well-written and at the appropriate level of detail. However, I have a few suggestions: 1) REQ 1 is for distributed processing, but “distributed processing is a rather open-ended term. It would be a good idea to include some indication of what is meant by distributed processing here. 2) There are a couple of points in REQ6: Security considerations that need to be clarified: 2a) Another example is that a malicious node can forge a number of signaling messages thus redirecting traffic from its legitimate path. Consequently, the specific node is under a denial of service attack, whereas other nodes do not receive their traffic. It’s not made clear what the specific node is. It would be better to have something like Another example is that a malicious node can forge a number of signaling messages thus redirecting traffic from its legitimate path. Consequently, the specific node or nodes to which the traffic is redirected may be under a denial of service attack, whereas other nodes do not receive their traffic. 2b) Accordingly, security mechanisms/protocols providing access control, integrity, authentication, authorization, confidentiality, etc. can be used to protect the DMM entities as they are already used to protect against existing networks and existing mobility protocols defined in IETF. “can be used to protect” seems awfully weak. Is there any reason why you don’t want to say SHOULD or MUST? Or, if you don’t want to make this and IETF SHOULD or MUST, you might want to say something like “we recommend”. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil
- [secdir] Secdir review of draft-ietf-dmm-requirem… Catherine Meadows
- Re: [secdir] Secdir review of draft-ietf-dmm-requ… H Anthony Chan