[secdir] SecDir review of draft-ietf-manet-credit-window-07

"Christian Huitema" <huitema@huitema.net> Wed, 30 November 2016 01:03 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAD5F12941A for <secdir@ietfa.amsl.com>; Tue, 29 Nov 2016 17:03:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zZOwdlbEi339 for <secdir@ietfa.amsl.com>; Tue, 29 Nov 2016 17:03:35 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13F21129D0C for <secdir@ietf.org>; Tue, 29 Nov 2016 17:03:22 -0800 (PST)
Received: from xsmtp06.mail2web.com ([168.144.250.232]) by mx43.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1cBtIt-0003bT-TJ for secdir@ietf.org; Wed, 30 Nov 2016 02:03:20 +0100
Received: from [10.5.2.35] (helo=xmail10.myhosting.com) by xsmtp06.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1cBtIr-0006DC-C7 for secdir@ietf.org; Tue, 29 Nov 2016 20:03:17 -0500
Received: (qmail 662 invoked from network); 30 Nov 2016 01:03:17 -0000
Received: from unknown (HELO icebox) (Authenticated-user:_huitema@huitema.net@[72.235.151.78]) (envelope-sender <huitema@huitema.net>) by xmail10.myhosting.com (qmail-ldap-1.03) with ESMTPA for <draft-ietf-manet-credit-window.all@ietf.org>; 30 Nov 2016 01:03:16 -0000
From: Christian Huitema <huitema@huitema.net>
To: draft-ietf-manet-credit-window.all@ietf.org, 'secdir' <secdir@ietf.org>, iesg@ietf.org
Date: Tue, 29 Nov 2016 15:03:12 -1000
Message-ID: <035101d24aa5$87287300$95795900$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdJKpBiZ2i1wodttR3CdZxRYQEPXKw==
Content-Language: en-us
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlUcW8ntawmIBRrYFzUH2lbvx1wTMkEUUoeb KIhkyzl2dHEJL963yvZzofOAehTafloeD9ey9972JZ1Xcr1RWHu8UvfgoE7Tx8PYIcekOty5V5Yy GF7ppvWPs4IUxZvGtOKnYxvXMUpDbClWGLuWnsW5UV8ShebT8U8Xw9HTDfreWQUhw0NOE6GJ4h1S yx3SVxxES/UXWeXchaxUcVp6EfPff015vFX3Mr/p2bub/7pcobsBNjjE5Aa2bYPF/Ljub7D1nvJs XtU2nZ7nPOLF/Wn1ZymEi4ZQojpeZ03k33R0rrlRgbSdQ7Ctt1HC2HYSOeg0dKFOE3BfZETw255u BppYPVOv5BtNTjcagkYTbQLRBfR+A3nLS2qp+5C5LWaPZatmM8dmYMoX9zl4nXWYGnFn3yzO1sNI xVAhudRU4os+nEeuHaHQ+7nQfs3MfDo0rdXACQIHPYrCd4PY+G/nx7QL+MTObVKxHy/dols381l9 ryOIyTwXkV5v9rYnjJeS/R+CQ4YEstQl1QGd8iYxHIFeVgW9/bktU41htiJ8fk7NkHtzJzDXtW19 p+oSJq/sPNR92sVsNv4/n68zqLHQfaIpy1XdlBp3PLPSE+dwQJstApGq6yQd+esc4yzV58Z0KZK+ mEgE0Sm9Tddig0b84xPm9jihx+Za/cV70jOJzN2r4A==
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
X-Originating-IP: 168.144.250.232
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.34)
X-Classification: unsure/combined
X-Recommended-Action: accept
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/_7sm8VOyaXgmh0vAZwvc4Wlk_ug>
Subject: [secdir] SecDir review of draft-ietf-manet-credit-window-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2016 01:03:37 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

I think the document is ready, but its security considerations depend on
those of draft-ietf-manet-dlep-25, which are discussed in another thread.

Draft-ietf-manet-credit-window-07 defines "Credit Windowing extension for
DLEP". The Dynamic Link Exchange Protocol (DLEP) is defined in
draft-ietf-manet-dlep-25. DLEP is meant to operate over a single link. It
consists of an ad hoc discovery protocol over multicast UDP in which a
router discovers a modem, followed by a TCP connection over which router and
modem exchange control messages. DLEP operates in the control plane,
independent of the data plane used for actual data transmission. 

The current draft, draft-ietf-manet-credit-window-07, defines a set of
messages exchanged over DLEP to manage a credit window, so as to control the
flow of packets in the data plane between the router and destinations
accessible through the wireless modem. The goal is to track the variable
capacity of the wireless link to different destinations without requiring
complex queue management at the modem itself -- I assume that the queues
will be managed by the router instead. 

The security section states that "The extension does not introduce any
additional threats above those documented in [DLEP]." That's true. There is
an ongoing debate about the security of DLEP itself, but there is noting
that this extension could do about it.

-- Christian Huitema