Re: [secdir] Secdir Review of draft-ietf-manet-olsrv2-dat-metric-08

Henning Rogge <> Tue, 17 November 2015 09:14 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 071C21B2D3E; Tue, 17 Nov 2015 01:14:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.363
X-Spam-Status: No, score=0.363 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_DE=0.35, J_CHICKENPOX_31=0.6, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 985hWWhqkoI0; Tue, 17 Nov 2015 01:14:47 -0800 (PST)
Received: from ( [IPv6:2001:638:401:102:1aa9:5ff:fe5f:7f22]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AB97E1B2D3C; Tue, 17 Nov 2015 01:14:46 -0800 (PST)
Received: from ([] by with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <>) id 1ZycLc-0001ld-K2; Tue, 17 Nov 2015 10:14:44 +0100
Received: from ([] by with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <>) id 1ZycLc-0005K3-Ge; Tue, 17 Nov 2015 10:14:44 +0100
Received: from [] ( by ( with Microsoft SMTP Server (TLS) id; Tue, 17 Nov 2015 10:14:44 +0100
To: Dacheng <>, The IESG <>, "" <>
References: <BLU436-SMTP2489108BA79EA7032F2495A881F0@phx.gbl>
From: Henning Rogge <>
Message-ID: <>
Date: Tue, 17 Nov 2015 10:14:40 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <BLU436-SMTP2489108BA79EA7032F2495A881F0@phx.gbl>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms000609020004000202000106"
X-Originating-IP: []
X-Virus-Scanned: yes (ClamAV 0.98.1/21062/Mon Nov 16 13:00:09 2015) by
X-Scan-Signature: 0ecef80a5bec7804fa4b6ab1e9eef018
Archived-At: <>
X-Mailman-Approved-At: Tue, 17 Nov 2015 02:20:49 -0800
Subject: Re: [secdir] Secdir Review of draft-ietf-manet-olsrv2-dat-metric-08
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 17 Nov 2015 09:14:49 -0000

On 11/15/2015 08:40 AM, Dacheng wrote:
> Dear all,
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security
> area directors. Document editors and WG chairs should treat these
> comments just like any other last call comments.
> This draft is about a new routing  metro for OLSRv2.
> Technical questions/comments:
> 1) In this draft, “RFC5444 packet” can be found in many places. I didn’t
> find the definition of this term. Do you indicate this solution may need
> to process a packet which is not specified in OLSRv2?

The header of the Terminology Section contains the following paragraph:

    The terminology introduced in [RFC5444], [RFC7181] and [RFC6130],
    including the terms "packet", "message" and "TLV" are to be
    interpreted as described therein.

Do you think this paragraph needs to be improved or extended?

> 2) There is a good security consideration section in RFC 7181. Since
> this draft is closely related to OLSRv2 (although this work does not
> specify any new message or TLV), it will be good to build the security
> considerations of this work based upon what has been discussed in
> RFC7181. For example, maybe the authors could say ’there will be some
> new security issues introduced by this work but not mentioned in RFC
> 7181, there will be some security issues if we only use the mandatory
> security mechanism specified in RFC7181, or our work does not introduce
> any additional security issues..

I think my security considerations section explicitly says (in the last 
sentence) that the Mandatory Security Mechanism for OLSRv2 (RFC7183) 
does NOT protect against modified packet sequence numbers.

> 3) This question is about the last sentence in the security
> consideration—“The signature scheme described in [RFC7183] does not
> protect the additional sequence number of the DAT metric because it does
> only sign the RFC5444 messages, not the RFC5444 packet header.” First of
> all, there is no signature mechanism specified in RFC7183, only HMAC is
> used to protect the message integrity. In addition, the RFC7183 reuse
> the process specified in RFC7182 to generate hashes, and so it should be
> able to cover the message headers.   Open for discussion.

RFC7183 introduces a RFC5444 message level integrity protection 
extension for RFC7181 (OLSRv2), based on the ICV Message TLV defined in 
RFC7182 (see section 9.1 of RFC7182).

The ICV Message TLV does NOT protect the PACKET header fields of RFC5444 
packets, including the RFC5444 packet sequence number.

> Editorial:
> Section 2:
> MAX(a,b) -> MAX(a, b)
> Section 3:
> The administrator should take care that link layer multicast
> transmission do not not have ->  The administrator should take care that
> link layer multicast transmission do not have
> Section 4:
> The routing decision of most operation systems don't take packet size
> into account. -> The routing decisions of most operation systems don't
> take packet size into account.
> Section 7:
> with a very slow or very fast linklayer -> with a very slow or very fast
> link layer

Will be fixed in the next revision.

Henning Rogge

Diplom-Informatiker Henning Rogge , Fraunhofer-Institut für
Kommunikation, Informationsverarbeitung und Ergonomie FKIE
Kommunikationssysteme (KOM)
Fraunhofer Straße 20, 53343 Wachtberg, Germany
Telefon +49 228 9435-961,   Fax +49 228 9435 685