Re: [secdir] secdir review of draft-ietf-v6ops-mobile-device-profile-04

<mohamed.boucadair@orange.com> Tue, 03 September 2013 05:52 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4404111E817F; Mon, 2 Sep 2013 22:52:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.235
X-Spam-Level:
X-Spam-Status: No, score=-2.235 tagged_above=-999 required=5 tests=[AWL=0.013, BAYES_00=-2.599, HELO_EQ_FR=0.35, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LHlzYT2uKFHd; Mon, 2 Sep 2013 22:52:25 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias92.francetelecom.com [193.251.215.92]) by ietfa.amsl.com (Postfix) with ESMTP id A787B11E817B; Mon, 2 Sep 2013 22:52:21 -0700 (PDT)
Received: from omfedm05.si.francetelecom.fr (unknown [xx.xx.xx.1]) by omfedm14.si.francetelecom.fr (ESMTP service) with ESMTP id 0DA5822C6E8; Tue, 3 Sep 2013 07:52:18 +0200 (CEST)
Received: from PUEXCH51.nanterre.francetelecom.fr (unknown [10.101.44.31]) by omfedm05.si.francetelecom.fr (ESMTP service) with ESMTP id E1EAC35C048; Tue, 3 Sep 2013 07:52:17 +0200 (CEST)
Received: from PUEXCB1B.nanterre.francetelecom.fr ([10.101.44.12]) by PUEXCH51.nanterre.francetelecom.fr ([10.101.44.31]) with mapi; Tue, 3 Sep 2013 07:52:17 +0200
From: mohamed.boucadair@orange.com
To: Simon Josefsson <simon@josefsson.org>
Date: Tue, 03 Sep 2013 07:52:16 +0200
Thread-Topic: secdir review of draft-ietf-v6ops-mobile-device-profile-04
Thread-Index: Ac6n6R9plQc+60qVQA6IOYRwo45VGwAgE3Gw
Message-ID: <94C682931C08B048B7A8645303FDC9F36EF033600D@PUEXCB1B.nanterre.francetelecom.fr>
References: <20130831232125.19f0ceb6@latte.josefsson.org> <94C682931C08B048B7A8645303FDC9F36EF0335DAE@PUEXCB1B.nanterre.francetelecom.fr> <20130902163118.0a0e1cb2@latte.josefsson.org>
In-Reply-To: <20130902163118.0a0e1cb2@latte.josefsson.org>
Accept-Language: fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: fr-FR
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2013.8.27.90030
Cc: "draft-ietf-v6ops-mobile-device-profile.all@tools.ietf.org" <draft-ietf-v6ops-mobile-device-profile.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-v6ops-mobile-device-profile-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2013 05:52:29 -0000

Hi Simon,

Ok to move rfc3316bis to the normative references. 

I implemented all the changes we agreed. FWIW, I will send you a message when the new revision is available online.

Many thanks for your review. Much appreciated.

Cheers,
Med

>-----Message d'origine-----
>De : Simon Josefsson [mailto:simon@josefsson.org]
>Envoyé : lundi 2 septembre 2013 16:31
>À : BOUCADAIR Mohamed IMT/OLN
>Cc : secdir@ietf.org; iesg@ietf.org; draft-ietf-v6ops-mobile-device-
>profile.all@tools.ietf.org
>Objet : Re: secdir review of draft-ietf-v6ops-mobile-device-profile-04
>
>You wrote:
>
>> >A notable point is that there is no discussion or references to IPSec
>>
>> [Med] IPsec is not explicitly mentioned in this document as it is
>> discussed in these two references cited in the "Security
>> Considerations" section: rfc3316bis and rfc6092. Is there any
>> particular change you want us make in the "Security Considerations"
>> section? Thanks.
>
>No -- that was a general observation.  However both rfc3316bis and
>rfc6092 are informative references in your document, so what you say
>above combined with...
>
>> >in the document, nor any of the IPv6 "bugs" (e.g., RFC 5722 and RFC
>> >6946).  There may be other document that could be referenced that
>> >would lead to improved security, but it is hard to list them all.
>>
>> [Med] We didn't included explicit references to RFC5722 and RFC6980
>> as those are already cited in rfc3316bis. "Security Considerations"
>> refers explicitly to rfc3316bis. Is there any particular change you
>> want us to make in "Security Considerations" section? Thanks.
>
>...what you say here makes it sounds as if rfc3316bis should be a
>normative reference to me.  It seems like reading rfc3316bis is
>essential to get a good understanding of this document.
>
>> >This document seems related to draft-ietf-v6ops-rfc3316bis which
>> >describe another IPv6 profile for 3GPP hosts.  The utility of having
>> >two different IPv6 profiles for 3GPP hosts could be discussed, but it
>> >is only a security issue in the marginal sense that complexity often
>> >leads to poor security.
>> >
>> >The security considerations of this document is only pointers to
>> >the security considerations of RFC3316bis, RFC6459, and RFC6092 which
>> >feels underwhelming to me -- especially since the RFC3316bis security
>> >consideration is for the particular profile that RFC3316bis defines.
>> >The security considerations of RFC3316bis wouldn't automatically
>> >apply to the profile defined by
>> >draft-ietf-v6ops-mobile-device-profile since the profiles are
>> >different.
>>
>> [Med] The relationship between the two documents is explained in the
>> introduction; in particular:
>>
>>    This document defines a different profile than the one for general
>>    connection to IPv6 mobile networks defined in
>>    [I-D.ietf-v6ops-rfc3316bis]; in particular:
>>
>>    o  It lists an extended list of required features while
>>       [I-D.ietf-v6ops-rfc3316bis] identifies issues and explains how
>> to implement basic IPv6 features in a cellular context.
>>
>>    o  It identifies also features to ensure IPv4 service delivery over
>>       an IPv6-only transport.
>>
>> Because of this difference, this document points to the security
>> considerations of rfc3316bis security section and to RFC6092 because
>> Cellular Devices with LAN capabilities are within the scope of this
>> document.
>
>OK.
>
>> >Other notes:
>> >
>> >* The document uses RFC 2119 language "for precision", although I
>> >don't
>> >  understand what it means for an Informational document to contain
>> >  MUST languages.
>>
>> [Med] This use is not specific to this document; see for example:
>> http://tools.ietf.org/html/rfc6092#section-1.2. A note was added to
>> the document to explain this usage.
>
>OK.
>
>> >* The document really really should reference RFC 2460.
>>
>> [Med] Done.
>
>Thanks.  Having a normative reference to 2460 also takes care of my
>concern about not referring to RFC 5722 and RFC 6946.
>
>> [Med] I made this change:
>>
>> OLD:
>>    The security considerations identified in
>> [I-D.ietf-v6ops-rfc3316bis] and [RFC6459] are to be taken into
>> account.
>>
>>    REQ#34:  If the cellular device provides LAN features, it SHOULD be
>>           compliant with the security requirements specified in
>>           [RFC6092].
>>
>> NEW:
>>    The security considerations identified in
>> [I-D.ietf-v6ops-rfc3316bis] and [RFC6459] are to be taken into
>> account.
>>
>>    Security-related considerations that apply when the cellular device
>>    provides LAN features are specified in [RFC6092].
>>
>> RFC6092 is already called out in the core part of the document.
>
>Thanks, this seems clearer to me.
>
>> >* I found REQ#32 a bit too generalized.  I believe it is common for
>> >  applications to be aware of whether connections are over IPv4 or
>> > IPv6 and behave differently.
>> >   >REQ#32:  Applications MUST be independent of the underlying IP
>> >   >       address family. This means applications must be IP version
>> >   >       agnostic.
>> >
>>
>> [Med] I agree this is a too generalized requirements. We have it on
>> purpose to encourage applications devs to avoid making assumptions on
>> the underlying available connectivity. FWIW, our teams tested devices
>> that support IPv6 connectivity... but that embed applications which
>> are broken when IPv6 connectivity is enabled (e.g., ip address
>> literals). An education effort is still needed to avoid this kind of
>> brokenness.
>
>I understand and completely agree!
>
>/Simon