[secdir] secdir review of draft-ietf-roll-routing-metrics-14

Joe Salowey <jsalowey@cisco.com> Thu, 06 January 2011 22:40 UTC

Return-Path: <jsalowey@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4CB8A3A6F29; Thu, 6 Jan 2011 14:40:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.584
X-Spam-Level:
X-Spam-Status: No, score=-110.584 tagged_above=-999 required=5 tests=[AWL=0.015, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z2hG69bNmB8P; Thu, 6 Jan 2011 14:40:09 -0800 (PST)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id 9A4173A6D23; Thu, 6 Jan 2011 14:40:09 -0800 (PST)
Authentication-Results: sj-iport-5.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAMrTJU2rR7Hu/2dsb2JhbACkH3OlKpgqhUwEhGeGIoMd
Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-5.cisco.com with ESMTP; 06 Jan 2011 22:42:16 +0000
Received: from [10.33.249.181] ([10.33.249.181]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id p06MgDGM026090; Thu, 6 Jan 2011 22:42:14 GMT
From: Joe Salowey <jsalowey@cisco.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Thu, 6 Jan 2011 14:42:55 -0800
Message-Id: <123DE172-C230-4A8E-81A8-2B60D9E6AD92@cisco.com>
To: secdir@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-roll-routing-metrics.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1082)
X-Mailer: Apple Mail (2.1082)
Subject: [secdir] secdir review of draft-ietf-roll-routing-metrics-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jan 2011 22:40:10 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

In general I think the document is clear.  I have one security related issue.  The security considerations mention attacks where the metric information is manipulated to cause problems.  I think there may also be cases where disclosure of some of the metric information may be an issue.  the main area of concern for me is the node energy metric.  This information may be useful to an attacker to determine which devices to attack with out-of-band or in-band attacks involving energy draining.   I have not had a chance to see if the RPL protects the confidentiality of these attributes.  If this is a concern in a deployment environment then the usage of these attributes may be limited.   I think it is probably worth mentioning this in the security considerations. 

Also energy metric introduce a new vector into the system for an attacker to modify routing behavior.  An attacker can purposely attempt to modify the stored energy in a node to modify the metrics advertised.   Its not clear to me at this point if this is significant since the power drain may have effect on metrics and routing beyond what is advertised and it seems the recommendation to protect against unstable links would be effective in this case as well.   

Cheers,

Joe