Re: [secdir] Secdir review of draft-ietf-roll-trickle-mcast-05

Michael Richardson <> Wed, 27 November 2013 00:57 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 05C481AE0A6; Tue, 26 Nov 2013 16:57:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.892
X-Spam-Status: No, score=-1.892 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iYlWmlueQo1M; Tue, 26 Nov 2013 16:57:21 -0800 (PST)
Received: from ( [IPv6:2607:f0b0:f:3::184]) by (Postfix) with ESMTP id BF95D1AE00A; Tue, 26 Nov 2013 16:57:21 -0800 (PST)
Received: from ( [IPv6:2607:f0b0:f:2::247]) by (Postfix) with ESMTP id 0976C20316; Tue, 26 Nov 2013 21:10:13 -0500 (EST)
Received: by (Postfix, from userid 179) id AB94363B88; Tue, 26 Nov 2013 19:57:13 -0500 (EST)
Received: from (localhost []) by (Postfix) with ESMTP id 9DF5E63B87; Tue, 26 Nov 2013 19:57:13 -0500 (EST)
From: Michael Richardson <>
To: Tero Kivinen <>
In-Reply-To: <>
References: <>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Tue, 26 Nov 2013 19:57:13 -0500
Message-ID: <>
Subject: Re: [secdir] Secdir review of draft-ietf-roll-trickle-mcast-05
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 27 Nov 2013 00:57:24 -0000

Tero Kivinen <> wrote:
    > I have reviewed this document as part of the security directorate's
    > ongoing effort to review all IETF documents being processed by the

Thank you.

Tero Kivinen <> wrote:
    > This document describes the Multicast protocol for Low and Lossy
    > Networks. This protocol uses trickle algorithm. I am not familiar
    > enough to trickle to really analyze what the protocol does. Security
    > considerations section mentions that the protocol uses sequence
    > numbers to keep track of messages, and attacker who can insert
    > messages can mess up with those sequence numbers, and attacker can
    > then flush messages from the buffered messages list, and can also
    > allow setting it high enough so recipients will not get any messages
    > as they have too small sequence number.

All correct observations.

    > The protocol has no protection against this attack, but notes that
    > both of those are denial-of-service attacks and devices can protect
    > against them by using link-layer security mechanisms. It also claims
    > that those mechanisms are typically employed without specifying which
    > security methods it is pointing to. I do not know how often those
    > link-layer security methods are really used. Perhaps it would be
    > useful to list some of those security methods here.

At this pointin LLNs, use of layer-2 security *ONLY* is pretty much 100%.
It's "WEP" == Wired Equivalent Privacy.

No layer-3, no other authorization distinction between devices, etc.

(Zigbee IP sometimes uses per-link keying as well, so it also defends against
nodes inside the tent going corrupt)

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]        |   ruby on rails    [

Michael Richardson <>, Sandelman Software Works
IETF ROLL WG co-chair.