[secdir] Secdir early review of draft-ietf-roll-enrollment-priority-10

Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org> Mon, 29 January 2024 14:36 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A52CC18DB82; Mon, 29 Jan 2024 06:36:08 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-roll-enrollment-priority.all@ietf.org, roll@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.4.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <170653896861.2657.1666635940205248863@ietfa.amsl.com>
Reply-To: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Date: Mon, 29 Jan 2024 06:36:08 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/KcWJIYxxvDz9GDjeXhx2Q21xYsE>
Subject: [secdir] Secdir early review of draft-ietf-roll-enrollment-priority-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jan 2024 14:36:08 -0000

Reviewer: Rifaat Shekh-Yusef
Review result: Has Issues

The following is a quote from the Security Consideration section of the draft:
"The use of layer-2 or layer-3 security for RPL control messages prevents the
two aforementioned attacks, by preventing malicious nodes from becoming part of
the control plane."

The following quote is from RFC7416, section 7.1.2:
"A number of deployments, such as [ZigBeeIP] specify no Layer 3 (L3) / RPL
encryption or authentication and rely upon similar security at Layer 2 (L2). 
These networks are immune to outside wiretapping attacks but are vulnerable to
passive (and active) routing attacks through compromises of nodes (see Section
8.2)."

The draft seems to suggest layer-2 security might be sufficient protection,
while RFC7416 seems to suggest that solely relying on layer-2 might not be
enough.

RFC7416, section 8.2 states:
"RPL provides for asymmetric authentication at L3 of the RPL Control Message
carrying the DIO, and this may be warranted in some deployments."

I feel that this should be discussed here to make it clear that in some
deployments, layer-2 by itself might not be sufficient and the use of
asymmetric authentication at L3 might be required.