[secdir] Review of draft-ietf-hip-hiccups-02
David McGrew <mcgrew@cisco.com> Mon, 14 June 2010 21:38 UTC
Return-Path: <mcgrew@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4CE1E3A6917; Mon, 14 Jun 2010 14:38:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Level:
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_50=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A2FlQC2HgzxC; Mon, 14 Jun 2010 14:38:06 -0700 (PDT)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id 453FF3A69F0; Mon, 14 Jun 2010 14:38:05 -0700 (PDT)
Authentication-Results: sj-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEABc+FkyrR7Ht/2dsb2JhbACea3GmPZoTgmCCOgSDTQ
X-IronPort-AV: E=Sophos;i="4.53,416,1272844800"; d="scan'208";a="261577682"
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-2.cisco.com with ESMTP; 14 Jun 2010 21:38:09 +0000
Received: from stealth-10-32-254-213.cisco.com (stealth-10-32-254-213.cisco.com [10.32.254.213]) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o5ELc8X6005862; Mon, 14 Jun 2010 21:38:09 GMT
Message-Id: <E14135F5-C08E-4B8E-A5C4-670C892A814D@cisco.com>
From: David McGrew <mcgrew@cisco.com>
To: IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-hip-hiccups.all@tools.ietf.org
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Mon, 14 Jun 2010 14:38:08 -0700
X-Mailer: Apple Mail (2.936)
Subject: [secdir] Review of draft-ietf-hip-hiccups-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2010 21:38:13 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. There are several points where the draft could be made more clear, some of which might impact security. I've listed those below, intermingled with some nits. Abstract and Section 1. "secure" is used where "authenticated" would be better, since this protocol does not provide any confidentiality services or encryption. RFC 4949 lists "message integrity code (MIC)" as a deprecated term, but this term is defined and used. In this case what is meant is "collision-resistant hash"; that phrase should be used in Sections 2 and 7. "Checksum" is an inappropriate term for a collision-resistant hash and it should be replaced in Section 4. For the security considerations section: does the hash need strong collision- resistance, or just second preimage resistance (also called weak collision-resistance)? Section 4 nits: "with help of MIC." -> "with the help of the MIC." "HIP DATA packet"-> "The HIP DATA packet" "Hash algorithm used to generate MIC is same " -> "The hash algorithm used to generate the MIC is the same " Section 4.1. I suggest emphasizing the requirement for the "Sequence Number" fields in distinct SEQ_DATA parameters to be distinct. Section 4.3. says "Payload Data 8 last bytes of the payload data over which the MIC is calculated. This field is used to uniquely bind PAYLOAD_MIC parameter to next header, in case there are multiple copies of same type." It seems to me that this uniqueness is not guaranteed, but that if the last-8-bytes is not unique, the MIC verification process would fail, but that there is no way that an attacker could exploit this fact. I suggest noting this property in the security considerations. Section 4.3: The PAYLOAD_MIC parameter has a field called "Payload MIC". It would be less confusing if the latter was called "MIC Value" or some other named that is distinct from the parameter name. Section 4.3 nit: "Identifies the data that protected by this MIC." add "is". Section 5.1 nit: "A HIP DATA packet MUST contain SEQ_DATA or ACK_DATA parameter if both parameters are missing then packet MUST be dropped as invalid." -> "A HIP DATA packet MUST contain either a SEQ_DATA or ACK_DATA parameter; if both parameters are missing, then the packet MUST be dropped as invalid." Section 5.2 says "The receiver MUST validate these MICs." It should also describe how to validate them, and S 5.3 would be a more appropriate place to detail that process. Section 5.2 says " ... no SEQ_DATA sequence number is reused before the receiver has closed the processing window for the previous packet using the same SEQ_DATA sequence number." Important question: what enables the receiver to tell the difference? I assume that there are some other fields (e.g. nonces) associated with the connection that might serve this purpose; if that is right, I suggest documenting that fact. regards, David
- [secdir] Review of draft-ietf-hip-hiccups-02 David McGrew
- Re: [secdir] Review of draft-ietf-hip-hiccups-02 Jan Melen
- Re: [secdir] Review of draft-ietf-hip-hiccups-02 Jan Melen