[secdir] secdir review of draft-ietf-msec-gdoi-update
Sam Hartman <hartmans-ietf@mit.edu> Mon, 01 August 2011 16:51 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A365D21F8ED0; Mon, 1 Aug 2011 09:51:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.126
X-Spam-Level:
X-Spam-Status: No, score=-104.126 tagged_above=-999 required=5 tests=[AWL=-1.861, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VH7KF+vc6MiK; Mon, 1 Aug 2011 09:51:09 -0700 (PDT)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by ietfa.amsl.com (Postfix) with ESMTP id 35A5521F8ECC; Mon, 1 Aug 2011 09:51:09 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 5CE6A202B2; Mon, 1 Aug 2011 12:54:00 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 2A3E3422B; Mon, 1 Aug 2011 12:51:11 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf@ietf.org, secdir@ietf.org
Date: Mon, 01 Aug 2011 12:51:11 -0400
Message-ID: <tsl8vrd2hz4.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: draft-ietf-msec-gdoi-update@tools.ietf.org
Subject: [secdir] secdir review of draft-ietf-msec-gdoi-update
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2011 16:51:09 -0000
This update to the GDOI specification significantly improves clarity and readability. However, there is one issue that I think should be addressed prior to publication: At the top of page 11, the spec claims that a seq payload protects against group members responding to groupkey-pull messages sent prior to joining the group. I'm reasonably sure that should be groupkey-push messages; I believe the nonce payloads provide replay protection for the pull exchange. Actually, it's more complicated than that. Section 3.3 also seems to believe the sequence number is about pull exchanges. However it says that a GM should always expect the push message sequence number to be reset to 1. Why is that reasonable? If a group is ongoing, don't we want to tell new members what the sequence number currently is rather than having them assume it is 1? The push message is multicast, so we cannot maintain a separate sequence number for each member. I think either there is some sort of error with the description of the replay mechanisms or it requires significantly more explanation.