[secdir] Secdir review of draft-ietf-roll-trickle-mcast-05
Tero Kivinen <kivinen@iki.fi> Thu, 21 November 2013 12:27 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA6BF1ADEBF; Thu, 21 Nov 2013 04:27:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.426
X-Spam-Level:
X-Spam-Status: No, score=-2.426 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.525, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U0IW-Ae04Tqs; Thu, 21 Nov 2013 04:27:51 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) by ietfa.amsl.com (Postfix) with ESMTP id 618BE1ADEBE; Thu, 21 Nov 2013 04:27:50 -0800 (PST)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.7/8.14.5) with ESMTP id rALCRe3L028643 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 21 Nov 2013 14:27:40 +0200 (EET)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.7/8.12.11) id rALCRdcg029876; Thu, 21 Nov 2013 14:27:39 +0200 (EET)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <21133.64571.158642.421795@fireball.kivinen.iki.fi>
Date: Thu, 21 Nov 2013 14:27:39 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-roll-trickle-mcast.all@tools.ietf.org
X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd)
X-Edit-Time: 7 min
X-Total-Time: 6 min
Subject: [secdir] Secdir review of draft-ietf-roll-trickle-mcast-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2013 12:27:54 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the Multicast protocol for Low and Lossy Networks. This protocol uses trickle algorithm. I am not familiar enough to trickle to really analyze what the protocol does. Security considerations section mentions that the protocol uses sequence numbers to keep track of messages, and attacker who can insert messages can mess up with those sequence numbers, and attacker can then flush messages from the buffered messages list, and can also allow setting it high enough so recipients will not get any messages as they have too small sequence number. The protocol has no protection against this attack, but notes that both of those are denial-of-service attacks and devices can protect against them by using link-layer security mechanisms. It also claims that those mechanisms are typically employed without specifying which security methods it is pointing to. I do not know how often those link-layer security methods are really used. Perhaps it would be useful to list some of those security methods here. I do not have any other comments for the protocol, and otherwise I think the document is ready, but as I said I did not have time to really analyze the protocol itself. -- kivinen@iki.fi
- [secdir] Secdir review of draft-ietf-roll-trickle… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-roll-tri… Michael Richardson
- Re: [secdir] Secdir review of draft-ietf-roll-tri… Donald Eastlake
- Re: [secdir] Secdir review of draft-ietf-roll-tri… Michael Richardson