[secdir] SECDIR Review of draft-ietf-dime-local-keytran-11.txt

Phillip Hallam-Baker <hallam@gmail.com> Wed, 13 July 2011 20:05 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 7DC2021F8533; Wed, 13 Jul 2011 13:05:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.454
X-Spam-Status: No, score=-3.454 tagged_above=-999 required=5 tests=[AWL=0.144, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id GrBnQZsuxaIB; Wed, 13 Jul 2011 13:05:36 -0700 (PDT)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com []) by ietfa.amsl.com (Postfix) with ESMTP id ECD9C21F852B; Wed, 13 Jul 2011 13:05:35 -0700 (PDT)
Received: by gwb20 with SMTP id 20so3029609gwb.31 for <multiple recipients>; Wed, 13 Jul 2011 13:05:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=VRm4S1sPOVgMdZ5CSs6/YR3h51e7K7h2lHWN210Ef4M=; b=lPKyfsHFR2g/iuVh35pnLw/yv5KZG2mbkRVn06HGHhWBsUBXKKnXukcydhcWPoxX81 dT20kS83kWAhfyOharMeteLlqGEpdt1OOaJXkzErTqDXc/mOaQQJnMKI9KW1CyJ5zY3l zu9sDx4EB9Kbeeh78n2YLF7jm1fG9e4a6XHwI=
MIME-Version: 1.0
Received: by with SMTP id x12mr1502508ann.168.1310587535418; Wed, 13 Jul 2011 13:05:35 -0700 (PDT)
Received: by with HTTP; Wed, 13 Jul 2011 13:05:33 -0700 (PDT)
Date: Wed, 13 Jul 2011 16:05:33 -0400
Message-ID: <CAMm+Lwh0CkuA_HRkgRB=GAQ4B-rG79kv+Nf=jnVJYUYfmhn8+g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Glen Zorn <gwz@net-zen.net>, sunseawq@huawei.com, violeta.cakulev@alcatel-lucent.com, iesg@ietf.org, secdir@ietf.org
Content-Type: multipart/alternative; boundary=0016e68fd02b7ee3be04a7f8f082
Subject: [secdir] SECDIR Review of draft-ietf-dime-local-keytran-11.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2011 20:05:40 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. Document editors and WG chairs should treat these comments just
like any other last call comments.


There is no substantive security considerations, only a redirect to the
previous drafts.

This is somewhat problematic given that this is a document defining new
formats for key transport.


3.1.4.  Key-Lifetime AVP

The Key-Lifetime AVP (AVP Code <AC4>) is of type Unsigned32 and represents
the period of time (in seconds) for which the contents of the
Keying-Material AVP (Section 3.1.3) is valid.

If the key lifetime is really expected to be 2^32, i.e. 136 years then we
should probably expect quite a bit more mechanism here.

The delta encoding avoids millennium bug type problems (we.. maybe, it
probably just means that code will start to fail in 2032 or so when people
start specifying key lifetimes that cause signed 32 bit time to wrap.) but
it means that the start of the period is not fixed in time.

I think that at a minimum we need to have a security consideration pointing
out that there is an issue here. What happens if these messages are proxied
or cached in some fashion (OK it may not be in the protocol now, but can we
guarantee it never will be?)

Its probably not worth fixing since the protocols themselves are full of the
same issue but it should be called out as an SC.

Website: http://hallambaker.com/