Re: [secdir] Secdir review of draft-ietf-roll-trickle-mcast-05

Donald Eastlake <d3e3e3@gmail.com> Wed, 27 November 2013 03:52 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D57731AE109; Tue, 26 Nov 2013 19:52:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p-d1lVnNsxwe; Tue, 26 Nov 2013 19:52:07 -0800 (PST)
Received: from mail-oa0-x22b.google.com (mail-oa0-x22b.google.com [IPv6:2607:f8b0:4003:c02::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 135A11AE105; Tue, 26 Nov 2013 19:52:06 -0800 (PST)
Received: by mail-oa0-f43.google.com with SMTP id i7so7044778oag.2 for <multiple recipients>; Tue, 26 Nov 2013 19:52:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=GeZJb9td0Kxj66eFh8zQAlV3TQ6BOS/qWWqvw8Lv4ZI=; b=h1+Wj6TBUaXxK2ZTJbxUUZfiF0geJd7LyPuUtv741fQLeU1KP9oAzk+abBqf6Dw8WU OgAoSN7E61QpZzZjNdF8fQmbV/fw2cPfgFtpfYlZzk/+hw+iLnpPzR+uaWGsUS9Un65K gq52366lfUMqJ55jlA0aoUABYb7zUZJdLHB2euaHYT6eAqxB7X2/wtyaGIBqd+B2CQmF tl7L7ffofquCbZS5AX+jxZGaiaH50w/IpDw57MitHVU1WYMpFzs3Bel8qnN6fZ1KoxDi FPE3oILb87mI+VeE9JN/+7EDjNT57Huxf0bRyyJSbdNKQkujuosqQANfW38XVmHMHLOt TsrA==
X-Received: by 10.60.42.168 with SMTP id p8mr716391oel.73.1385524326652; Tue, 26 Nov 2013 19:52:06 -0800 (PST)
MIME-Version: 1.0
Received: by 10.76.33.102 with HTTP; Tue, 26 Nov 2013 19:51:46 -0800 (PST)
In-Reply-To: <23760.1385513833@sandelman.ca>
References: <21133.64571.158642.421795@fireball.kivinen.iki.fi> <23760.1385513833@sandelman.ca>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Tue, 26 Nov 2013 22:51:46 -0500
Message-ID: <CAF4+nEEQ+LGEXa5Lc2L5TB_bW6Fo67N-usLRyd7Sv-r4wGsrsg@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: draft-ietf-roll-trickle-mcast.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-roll-trickle-mcast-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2013 03:52:09 -0000

Hi,

On Tue, Nov 26, 2013 at 7:57 PM, Michael Richardson
<mcr+ietf@sandelman.ca> wrote:
>
> Tero Kivinen <kivinen@iki.fi> wrote:
>     > ...
>...
>     > The protocol has no protection against this attack, but notes that
>     > both of those are denial-of-service attacks and devices can protect
>     > against them by using link-layer security mechanisms. It also claims
>     > that those mechanisms are typically employed without specifying which
>     > security methods it is pointing to. I do not know how often those
>     > link-layer security methods are really used. Perhaps it would be
>     > useful to list some of those security methods here.
>
> At this pointin LLNs, use of layer-2 security *ONLY* is pretty much 100%.
> It's "WEP" == Wired Equivalent Privacy.

Are you talking about 802.11 WEP?

To quote from IEEE Std 802.11-2012: "The use of WEP for
confidentiality, authentication, or access control is deprecated. The
WEP algorithm is unsuitable for the purposes of this standard." As
they say, WEP is a digital security standard that was designed by
excellent radio engineers...

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com

> No layer-3, no other authorization distinction between devices, etc.
>
> (Zigbee IP sometimes uses per-link keying as well, so it also defends against
> nodes inside the tent going corrupt)
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        | network architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>
>
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> IETF ROLL WG co-chair.    http://datatracker.ietf.org/wg/roll/charter/
>
>
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>