[secdir] secdir review of draft-ietf-geopriv-res-gw-lis-discovery-05
Catherine A Meadows <catherine.meadows@nrl.navy.mil> Sun, 28 July 2013 16:39 UTC
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A9D421F9C6E; Sun, 28 Jul 2013 09:39:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pr7cptU3OynK; Sun, 28 Jul 2013 09:38:55 -0700 (PDT)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by ietfa.amsl.com (Postfix) with ESMTP id 20A0421F9C6C; Sun, 28 Jul 2013 09:38:53 -0700 (PDT)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.14.4/8.13.6) with ESMTP id r6SGcqJ0016769; Sun, 28 Jul 2013 12:38:53 -0400
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id r6SGcpvI017500; Sun, 28 Jul 2013 12:38:51 -0400 (EDT)
Received: (from [IPv6:::1] [10.0.0.13]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2013072812385003773 ; Sun, 28 Jul 2013 12:38:51 -0400
From: Catherine A Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 28 Jul 2013 12:38:50 -0400
Message-Id: <9D29BF1C-6867-4379-8843-975D9BD5F906@nrl.navy.mil>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-geopriv-res-gw-lis-discovery.all@tools.ietf.org
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
X-Mailer: Apple Mail (2.1508)
Subject: [secdir] secdir review of draft-ietf-geopriv-res-gw-lis-discovery-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Jul 2013 16:39:06 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft describes a method in which a device can discover a Location Information Server when a residential gateway is present that does not support such discovery. Normally such discovery is done by the device via an option is DHCP (described in RFC5389 ), but this will not be possible if the gateway does not support this option in DHCP. In both the DHCP-supported protocol and the protocol covered in this draft the device provides a domain name to a DNS server, which uses it to discover the appropriate LIS. In the DHCP-supported protocol the device uses the access network domain name DHCP options as the preferred source of domain names. This draft provides ways in which the device can determine likely candidates for domain names if the DHCP option is not supported. The main security considerations for both the protocol described in this draft and RFC 5986 arise from the fact that communication with the DNS server is not authenticated. This is noted and discussed in the security considerations section. I have a couple of questions. The authors mention that RFC 5986 is the preferred method whenever it is supported. I believe that this is because it is more accurate. First question: am I correct in believing this? Secondly, is there any way an attacker could a) cause a device to identify the wrong domain name and b) if a device identifies an incorrect domain name (whether or not the attacker can cause this to happen) is there anyway an attacker can exploit that? Question 2a) may be difficult to answer because the draft does not mandate any particular solution. Indeed it cannot, because the solution used will depend on what is supported locally. But if the answers to questions 1 and 2b) are "yes" it might be worthwhile to point this out in the security considerations section as an additional reason to use the solution given in RFC5389 whenever it is available. Cathy Meadows
- [secdir] secdir review of draft-ietf-geopriv-res-… Catherine A Meadows