Re: [secdir] review of draft-ietf-hip-via-01.txt

Ari Keränen <ari.keranen@ericsson.com> Wed, 09 June 2010 15:59 UTC

Return-Path: <ari.keranen@ericsson.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 54DB928C10A; Wed, 9 Jun 2010 08:59:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.699
X-Spam-Level:
X-Spam-Status: No, score=-3.699 tagged_above=-999 required=5 tests=[BAYES_50=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y2nll6++4z4r; Wed, 9 Jun 2010 08:59:01 -0700 (PDT)
Received: from mailgw10.se.ericsson.net (mailgw10.se.ericsson.net [193.180.251.61]) by core3.amsl.com (Postfix) with ESMTP id 493C73A698D; Wed, 9 Jun 2010 08:59:01 -0700 (PDT)
X-AuditID: c1b4fb3d-b7b13ae0000071b2-19-4c0fba45fe5a
Received: from esealmw127.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw10.se.ericsson.net (Symantec Mail Security) with SMTP id 63.91.29106.54ABF0C4; Wed, 9 Jun 2010 17:59:01 +0200 (CEST)
Received: from esealmw127.eemea.ericsson.se ([153.88.254.175]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Wed, 9 Jun 2010 17:59:01 +0200
Received: from mail.lmf.ericsson.se ([131.160.11.50]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Wed, 9 Jun 2010 17:59:00 +0200
Received: from [127.0.0.1] (nomadiclab.lmf.ericsson.se [131.160.33.3]) by mail.lmf.ericsson.se (Postfix) with ESMTP id A244124C0; Wed, 9 Jun 2010 18:59:00 +0300 (EEST)
Message-ID: <4C0FBA44.2060506@ericsson.com>
Date: Wed, 09 Jun 2010 18:59:00 +0300
From: =?ISO-8859-1?Q?Ari_Ker=E4nen?= <ari.keranen@ericsson.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: Catherine Meadows <catherine.meadows@nrl.navy.mil>
References: <0F572519-857A-44A2-B676-85F58D3FF585@nrl.navy.mil>
In-Reply-To: <0F572519-857A-44A2-B676-85F58D3FF585@nrl.navy.mil>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 09 Jun 2010 15:59:00.0977 (UTC) FILETIME=[AD348E10:01CB07EC]
X-Brightmail-Tracker: AAAAAA==
X-Mailman-Approved-At: Thu, 10 Jun 2010 06:49:50 -0700
Cc: "iesg@ietf.org" <iesg@ietf.org>, "dward@juniper.net" <dward@juniper.net>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] review of draft-ietf-hip-via-01.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jun 2010 15:59:03 -0000

Hi Catherine,

Thanks for the review and comments!

Most of the usual attacks are taken care of by the standard HIP 
mechanisms (e.g., signatures, puzzles, and the ENCRYPTED parameter), but 
you're right that the Destination and Via lists could be tampered with 
in an attempt to do a (fairly low impact) DoS attack.

I added text about this kind of attacks and recommendations on how to 
mitigate them to the security considerations section. A new version of 
the draft is available here:
http://users.piuha.net/akeranen/drafts/draft-ietf-hip-via-02-pre1.txt
(only the section 6 has changed)

Comments are welcome.


Cheers,
Ari

On 06/03/2010 11:37 PM, Catherine Meadows wrote:
> I have reviewed this document as part of the security directorate's 
> ongoing effort to review all IETF documents being processed by the IESG. 
>  These comments were written primarily for the benefit of the security 
> area directors.  Document editors and WG chairs should treat these 
> comments just like any other last call comments.
> 
> 
> This document concerns extensions to the Host Identity Protocol (HIP) to 
> provide multi-hop routing.
> The first is that a host sending a HIP packet can define a set of hosts 
> the packet should traverse.
> The other allows a HIP packet to carry and record the list of hosts that 
> forwarded it.
> 
> The only security concern mentioned is the possibility of malicious 
> hosts creating forwarding loops.
> However, it appears to me that their are also the usual problems of 
> malicious hosts tampering
> with and spoofing packets.  
> 
> It's not clear to me though why issues such as malicious hosts spoofing 
> or tampering with routing
> lists is not addressed, especially since HIP is a security protocol. 
>  Are there features of HIP or other
> HIP documents where this is addressed?  If so, they should be pointed to 
> here.  If not, this should be pointed out,
> and if possible, other recommendations made.
> 
> 
> Catherine Meadows
> Naval Research Laboratory
> Code 5543
> 4555 Overlook Ave., S.W.
> Washington DC, 20375
> phone: 202-767-3490
> fax: 202-404-7942
> email: catherine.meadows@nrl.navy.mil 
> <mailto:catherine.meadows@nrl.navy.mil>
>