[secdir] Secdir review of draft-ietf-manet-olsrv2-sec-threats-03

Joseph Salowey <joe@salowey.net> Sat, 17 December 2016 19:36 UTC

Return-Path: <joe@salowey.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25E4F1296D5 for <secdir@ietfa.amsl.com>; Sat, 17 Dec 2016 11:36:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzWmSL2Y6jTJ for <secdir@ietfa.amsl.com>; Sat, 17 Dec 2016 11:36:13 -0800 (PST)
Received: from mail-it0-x22e.google.com (mail-it0-x22e.google.com [IPv6:2607:f8b0:4001:c0b::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C22F11296B8 for <secdir@ietf.org>; Sat, 17 Dec 2016 11:36:13 -0800 (PST)
Received: by mail-it0-x22e.google.com with SMTP id b132so19656924iti.1 for <secdir@ietf.org>; Sat, 17 Dec 2016 11:36:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=c17Q88DDzmchhy6z2azLAK2d2i6AUb9qv/snhofw0DM=; b=wmolpQIa1ezN3g2dMU7gOIC/+R4VPhLniMCxQU4G9hGxej6ZOdEZq1CWEL2MzOgBLV Mqo2oboYddYF7QwjMcD1c2x/9Y06eziBCFTeY5U7UrnS+dPSKcGfH1Odn5WsZ2pP7QJj mr6RvM/jkpOwWIbszVRDa2s6LgYQYJCuJPaJHhSqhO4vPWba5p+YeXlBlond2N74O409 PP29GfAnSP6GF3Pn7O23Cz5NzdTwrNDbJZF1gFgHOorFmdVXDkXMmH2QB/aEjeItBknL 1Otx6FfkKSnbTbQMTSp+rlxueHvMn6mBcN6EXv5nEvKSxZE7m77hL1UU9RhOZq5JIemB 2zuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=c17Q88DDzmchhy6z2azLAK2d2i6AUb9qv/snhofw0DM=; b=JOyaHWG0odFCt1XLrSGAeL8jboyLJGEc1wl8LvVDgVMfdtXRts1CbRU6X1xx7jw3F9 tqziMXyxRiasM48Op0XknJxWlSMUxPHeQDYv0q47NDs/OxPoKTwNXvv6WjymC3aXtDDX Jk/mtZSq7XZAJZtcGHcmnr+PHFEW+UntUaNsjctVdpDkTE0uqeXgxDFzw2q4bQh7hmUt dwFiwzsFFfhA3CNYlSbvCpThp0Oqgx2VY1/pLyAjrqttnsW+3jUBezsKxnfJ8yf6Ps+t 7HQevFV86cdRjTs6Wdbz3LiPAzpdqylZciZvIGikfHmJZjDIhUo+pB3Aljrq/7WPs6LE LpbA==
X-Gm-Message-State: AKaTC00E4/eEdIHgVE1VYTtvL7RxbAoUewVptNmBYhO+ZxhcwQIqjHIQtxnnKrDahf56yX9Vm2Arw7x/F31PDA==
X-Received: by 10.36.116.202 with SMTP id o193mr9780653itc.96.1482003373049; Sat, 17 Dec 2016 11:36:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.79.14.131 with HTTP; Sat, 17 Dec 2016 11:35:52 -0800 (PST)
From: Joseph Salowey <joe@salowey.net>
Date: Sat, 17 Dec 2016 11:35:52 -0800
Message-ID: <CAOgPGoDv+s4DtJwL+A2iN-+E5AHqAK8oEUX9TwL5DydbZBtq1g@mail.gmail.com>
To: secdir <secdir@ietf.org>, draft-ietf-manet-olsrv2-sec-threats.all@ietf.org, The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary=001a114ab9129b59ca0543dfcc8d
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/k0FKc0sU7MSNL1coCcdiNZ33f4M>
Subject: [secdir] Secdir review of draft-ietf-manet-olsrv2-sec-threats-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Dec 2016 19:36:15 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.

This document is ready with issues.

In general, I think the document does a reasonable job of describing some
of the threats associated with OLSRv2.  There are some places where the
document could be clearer and there are some additional variations threats
the authors may wish to consider.

One issue that I did not see discussed in the draft would be for the
attacker to effectively delay packets.  For example, the attacker captures
packets while jamming to prevent some stations from receiving packets.  The
attacker can collect a sequence of traffic and replay at a later time, with
different timing and in a different location.  Not all replay mechanisms
will defend against this attack int he same way.  Sequence number
validation (which appears to be allowed  in 7183) may not be as effective
as timestamps, depending upon the time skew allowed.  The document does
discuss timestamps , but I think it should probably make the following
clearer:

There are several places in sections 4 and 5 where the document says
something like "This kind of attack can be mitigated using integrity check
mechanisms".  I think in most of these instances replay protection is also
important.  One solution would be to remove these instances and just relay
on section 6.2 which has a better description of the available protections.
  Since it seems that the integrity check could be deployed with just
sequence number instead of timestamps it might be good to mention that it
is important to include and verify timestamps for replay protection.

Thanks,

Joe