[secdir] secdir review of draft-ietf-manet-olsrv2-15
Tom Yu <tlyu@MIT.EDU> Thu, 23 August 2012 00:14 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 3F95521F8564; Wed, 22 Aug 2012 17:14:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.282
X-Spam-Level:
X-Spam-Status: No,
score=-104.282 tagged_above=-999 required=5 tests=[AWL=-0.683, BAYES_00=-2.599,
RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2eNXOH4J9fZn;
Wed, 22 Aug 2012 17:14:17 -0700 (PDT)
Received: from dmz-mailsec-scanner-5.mit.edu (DMZ-MAILSEC-SCANNER-5.MIT.EDU
[18.7.68.34]) by ietfa.amsl.com (Postfix) with ESMTP id 7429C21F855E;
Wed, 22 Aug 2012 17:14:17 -0700 (PDT)
X-AuditID: 12074422-b7f1f6d00000090b-22-503575d883d0
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) by
dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id
17.8B.02315.8D575305; Wed, 22 Aug 2012 20:14:16 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by
mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id q7N0EG6l012340;
Wed, 22 Aug 2012 20:14:16 -0400
Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU
[18.18.1.96]) (authenticated bits=56) (User authenticated as
tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id
q7N0ECc9012541 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256
verify=NOT); Wed, 22 Aug 2012 20:14:14 -0400 (EDT)
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu
(8.12.9.20060308) id q7N0EC6O008914; Wed, 22 Aug 2012 20:14:12 -0400 (EDT)
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-manet-olsrv2.all@tools.ietf.org
From: Tom Yu <tlyu@MIT.EDU>
Date: Wed, 22 Aug 2012 20:14:12 -0400
Message-ID: <ldvharu4g8b.fsf@cathode-dark-space.mit.edu>
Lines: 42
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrNIsWRmVeSWpSXmKPExsUixG6nonuj1DTA4NprA4tn3X/YLGb8mchs
8WHhQxYHZo8lS34yeXy5/JktgCmKyyYlNSezLLVI3y6BK+PJ839MBU8FKm4//sPSwNjA18XI
ySEhYCJx5/pEdghbTOLCvfVsILaQwD5GiWtLuCDsDYwSp08ZdjFyAdlXmCRedxxjgXC6GCXe
f/vK2sXIwSEi4CfR+zcapEEYaOj5d9cZQcJsAtISRxeXgYRZBFQl7h9/ALaLV8BC4sj0fmYQ
m0eAU2L6jVusEHFBiZMzn7CA2MwCWhI3/r1kmsDINwtJahaS1AJGplWMsim5Vbq5iZk5xanJ
usXJiXl5qUW6pnq5mSV6qSmlmxjBYeaitIPx50GlQ4wCHIxKPLwvzE0DhFgTy4orcw8xSnIw
KYnyrikBCvEl5adUZiQWZ8QXleakFh9ilOBgVhLh7SoCyvGmJFZWpRblw6SkOViUxHmvpdz0
FxJITyxJzU5NLUgtgsnKcHAoSfDeBRkqWJSanlqRlplTgpBm4uAEGc4DNPw8SA1vcUFibnFm
OkT+FKOilDjvR5CEAEgiozQPrheWBl4xigO9Isx7CaSKB5hC4LpfAQ1mAhqsdtUYZHBJIkJK
qoHRIJLjmqT1Q5Ps33uiq2X3TvO9VJPXU7bj6f73s989fmu0W3Q+64x/6hrFWVdjeVh3fV2y
ni+5x+H6idPNV5IePn85h0vUrZH/jzBPjDvvgmIf87kO19/8zruc7iQgmelSXrLo09frWf7x
26Sm2om++7gzPsNd5EqVh4Fy/9mTPz+XPNphOmG3EktxRqKhFnNRcSIAObQXVN4CAAA=
Subject: [secdir] secdir review of draft-ietf-manet-olsrv2-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>,
<mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>,
<mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Aug 2012 00:14:18 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document's Security Considerations section (Section 23) analyzes some of the protocol's vulnerabilities, but provides no concrete actionable advice. The overall wording in that section suggests directions for future work, but the document does not describe actual protocol elements that are capable of providing the needed protections. Section 23.1 describes confidentiality considerations for the protocol, but does not explain what situations merit confidentiality protection for the network topology. It mentions the possibility of protecting confidentiality in OLSRv2 by using PGP or shared key encryption, but provides no indication of how to do so, nor does it indicate how participants should conduct key management. Section 23.2 describes integrity considerations. The text presents several examples where invalid control traffic may disrupt the network, and distinguishes the situations where data origin authentication for the control message is sufficient from situations that require additional authentication of link states, for example. Authentication of link states seems potentially complicated, because it seems that both ends of a link would have to authenticate the validity of the link between them in a way that third parties could verify. This document does not detail how such link validity authentication would work. Section 23.2 also mentions thwarting replay attacks using temporal information, but there are no obvious places for the protocol to carry such information. Section 23.2 mentions using IPsec authentication headers for authenticating entire control packets, but offers no suggestions about how to perform key distribution. Section 23.3 describes interactions with external routing domains, and makes reasonable suggestions.