[secdir] Secdir last call partial review of draft-ietf-lpwan-coap-static-context-hc-12

Paul Wouters via Datatracker <noreply@ietf.org> Fri, 21 February 2020 18:52 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A4CA120024; Fri, 21 Feb 2020 10:52:13 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Paul Wouters via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: lp-wan@ietf.org, last-call@ietf.org, draft-ietf-lpwan-coap-static-context-hc.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.118.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Paul Wouters <paul@nohats.ca>
Message-ID: <158231113340.29033.17150460168186400041@ietfa.amsl.com>
Date: Fri, 21 Feb 2020 10:52:13 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Qc_Og_fHlcNjD0YOtznQ1-IfW7E>
Subject: [secdir] Secdir last call partial review of draft-ietf-lpwan-coap-static-context-hc-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2020 18:52:14 -0000

Review is partially done. Another assignment may be needed to complete it.

Reviewer: Paul Wouters
Review result: Serious Issues

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

I agree with the comments raised by the genart review by Theresa Enghardt. The
Security Section is just a reference to another document that specifies in its
own Security Consideration:

  As explained in Section 5, SCHC is expected to be implemented on top
   of LPWAN technologies, which are expected to implement security
   measures.

This document explains that packets are wrapped in CoAP and then this document
can be used to compress fields, similar to the references document. But now
this is happening in the most outer layer, which the referenced document
basically states that in its Security Considerations, it assumes the outer
layer has some kind of LPWAN based security meassures in place.

It seems these two drafts need some coordination to determine where, how and
which Security Considerations are relevant.

Additionally, I'm a bit worried about multiple layers doing compression. Can
this lead to security issues? If not, why not?

Where is it sais that compression states need to be checked for bogus
instructions? How are these prevented? Think of the ever-decompressing zip file
hacks of the past. How are these DoS attacks prevented ?

Other than this issue, I found Section 1 Introducion a bit confusing. It seems
to drop a reference to another document and then explain that other document,
without really talking about this document? Or if it does, it was not very
clear to me.

I did not review this document for nits - my apologies but I ran out of time.