[secdir] Review of draft-ietf-hip-hiccups-02

David McGrew <mcgrew@cisco.com> Mon, 14 June 2010 21:38 UTC

Return-Path: <mcgrew@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4CE1E3A6917; Mon, 14 Jun 2010 14:38:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Level:
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_50=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A2FlQC2HgzxC; Mon, 14 Jun 2010 14:38:06 -0700 (PDT)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id 453FF3A69F0; Mon, 14 Jun 2010 14:38:05 -0700 (PDT)
Authentication-Results: sj-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEABc+FkyrR7Ht/2dsb2JhbACea3GmPZoTgmCCOgSDTQ
X-IronPort-AV: E=Sophos;i="4.53,416,1272844800"; d="scan'208";a="261577682"
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-2.cisco.com with ESMTP; 14 Jun 2010 21:38:09 +0000
Received: from stealth-10-32-254-213.cisco.com (stealth-10-32-254-213.cisco.com [10.32.254.213]) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o5ELc8X6005862; Mon, 14 Jun 2010 21:38:09 GMT
Message-Id: <E14135F5-C08E-4B8E-A5C4-670C892A814D@cisco.com>
From: David McGrew <mcgrew@cisco.com>
To: IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-hip-hiccups.all@tools.ietf.org
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Mon, 14 Jun 2010 14:38:08 -0700
X-Mailer: Apple Mail (2.936)
Subject: [secdir] Review of draft-ietf-hip-hiccups-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2010 21:38:13 -0000

I have reviewed this document as part of the security directorate's  
ongoing effort to review all IETF documents being processed by the  
IESG.  These comments were written primarily for the benefit of the  
security area directors.  Document editors and WG chairs should treat  
these comments just like any other last call comments.

There are several points where the draft could be made more clear,  
some of which might impact security.  I've listed those below,  
intermingled with some nits.

Abstract and Section 1.  "secure" is used where "authenticated" would  
be better, since this protocol does not provide any confidentiality  
services or encryption.

RFC 4949 lists "message integrity code (MIC)" as a deprecated term,  
but this term is defined and used.  In this case what is meant is  
"collision-resistant hash"; that phrase should be used in Sections 2  
and 7.  "Checksum" is an inappropriate term for a collision-resistant  
hash and it should be replaced in Section 4.   For the security  
considerations section: does the hash need strong collision- 
resistance, or just second preimage resistance (also called weak  
collision-resistance)?

Section 4 nits: "with help of MIC." -> "with the help of the MIC."
"HIP DATA packet"-> "The HIP DATA packet"
"Hash algorithm used to generate MIC is same " -> "The hash algorithm  
used to generate the MIC is the same "

Section 4.1.  I suggest emphasizing the requirement for the "Sequence  
Number" fields in distinct SEQ_DATA parameters to be distinct.

Section 4.3. says "Payload Data 8 last bytes of the payload data over  
which the MIC is calculated. This field is used to uniquely bind  
PAYLOAD_MIC parameter to next header, in case there are multiple  
copies of same type."   It seems to me that this uniqueness is not  
guaranteed, but that if the last-8-bytes is not unique, the MIC  
verification process would fail, but that there is no way that an  
attacker could exploit this fact.   I suggest noting this property in  
the security considerations.

Section 4.3: The PAYLOAD_MIC parameter has a field called "Payload  
MIC".  It would be less confusing if the latter was called "MIC Value"  
or some other named that is distinct from the parameter name.

Section 4.3 nit: "Identifies the data that protected by this MIC." add  
"is".
Section 5.1 nit: "A HIP DATA packet MUST contain SEQ_DATA or ACK_DATA  
parameter if both parameters are missing then packet MUST be dropped  
as invalid." -> "A HIP DATA packet MUST contain either a SEQ_DATA or  
ACK_DATA parameter; if both parameters are missing, then the packet  
MUST be dropped as invalid."
Section 5.2 says "The receiver MUST validate these MICs."  It should  
also describe how to validate them, and S 5.3 would be a more  
appropriate place to detail that process.
Section 5.2 says " ... no SEQ_DATA sequence number is reused before  
the receiver has closed the processing window for the previous packet  
using the same SEQ_DATA sequence number."  Important question: what  
enables the receiver to tell the difference?   I assume that there are  
some other fields (e.g. nonces) associated with the connection that  
might serve this purpose; if that is right, I suggest documenting that  
fact.
regards,
David