Re: [secdir] Token (was RE: Secdir review of draft-ohba-pana-relay)

Robert Cragie <robert.cragie@gridmerge.com> Wed, 15 December 2010 15:44 UTC

Return-Path: <robert.cragie@gridmerge.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BD36128C179; Wed, 15 Dec 2010 07:44:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tEGpOqdL9PRr; Wed, 15 Dec 2010 07:44:11 -0800 (PST)
Received: from mail78.extendcp.co.uk (mail78.extendcp.co.uk [79.170.40.78]) by core3.amsl.com (Postfix) with ESMTP id BD99B28C17B; Wed, 15 Dec 2010 07:44:09 -0800 (PST)
Received: from client-86-31-167-78.oxfd.adsl.virginmedia.com ([86.31.167.78] helo=[192.168.1.80]) by mail78.extendcp.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) id 1PStXv-0005NH-E9; Wed, 15 Dec 2010 15:45:39 +0000
Message-ID: <4D08E29E.3040509@gridmerge.com>
Date: Wed, 15 Dec 2010 15:45:34 +0000
From: Robert Cragie <robert.cragie@gridmerge.com>
Organization: Gridmerge Ltd.
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: Alan DeKok <aland@deployingradius.com>
References: <4D009D34.1020809@deployingradius.com> <4D01DABF.6060604@toshiba.co.jp> <001101cb9aa0$367b3480$a3719d80$@yegin@yegin.org> <4D064683.30009@deployingradius.com> <4D07A874.4010702@gridmerge.com> <4D07D090.9020407@deployingradius.com> <4D087AD5.8020901@gridmerge.com> <4D089C73.6050107@deployingradius.com> <4D08CF2A.9080909@gridmerge.com> <4D08D059.1090106@deployingradius.com>
In-Reply-To: <4D08D059.1090106@deployingradius.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms050400080708070806040703"
X-Mailman-Approved-At: Fri, 17 Dec 2010 14:07:10 -0800
Cc: 'Yoshihiro Ohba' <yoshihiro.ohba@toshiba.co.jp>, secdir@ietf.org, draft-ohba-pana-relay@tools.ietf.org, Alper Yegin <alper.yegin@yegin.org>, margaretw42@gmail.com, pana@ietf.org, paduffy@cisco.com, samitac@ipinfusion.com, 'Ralph Droms' <rdroms.ietf@gmail.com>
Subject: Re: [secdir] Token (was RE: Secdir review of draft-ohba-pana-relay)
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: robert.cragie@gridmerge.com
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Dec 2010 15:44:17 -0000

Agreed, it just makes the attack more complex.

Robert

Robert Cragie (Pacific Gas & Electric)

Gridmerge Ltd.
89 Greenfield Crescent,
Wakefield, WF4 4WA, UK
+44 1924 910888
+1 415 513 0064
http://www.gridmerge.com <http://www.gridmerge.com/>


On 15/12/2010 2:27 PM, Alan DeKok wrote:
> Robert Cragie wrote:
>> Actually, there is one additional consideration - the PRE has to have
>> prior knowledge of the PAA address. It is not stated how this is
>> achieved but is state which is stored in the PRE which means not just
>> any rogue device can masquerade as the PAA as the PRE would check the
>> source address. A rogue PAA would either have to hijack the PRE-PAA
>> address resolution phase or somehow obtain the PAA address and spoof it.
>    PANA is carried over UDP, right?
>
>    Anyone can trivially spoof UDP packets.  Checking the PAA source IP is
> useful, but it adds no security.
>
>    Alan DeKok.
>