[secdir] secdir review of draft-ietf-6tisch-architecture-21

David Mandelberg <david@mandelberg.org> Mon, 24 June 2019 01:22 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id CCB31120274 for <secdir@ietfa.amsl.com>; Sun, 23 Jun 2019 18:22:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.8
X-Spam-Status: No, score=-0.8 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mandelberg.org
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id mIg7D22I-deB for <secdir@ietfa.amsl.com>; Sun, 23 Jun 2019 18:22:12 -0700 (PDT)
Received: from smtp.rcn.com (smtp.rcn.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25FFF120277 for <secdir@ietf.org>; Sun, 23 Jun 2019 18:22:11 -0700 (PDT)
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.2 cv=R/9BIpZX c=1 sm=1 tr=0 a=OXtaa+9CFT7WVSERtyqzJw==:117 a=OXtaa+9CFT7WVSERtyqzJw==:17 a=KGjhK52YXX0A:10 a=IkcTkHD0fZMA:10 a=NTnny0joGdQA:10 a=dq6fvYVFJ5YA:10 a=bmmO2AaSJ7QA:10 a=TPLd9O6Y13ttJ8cbTIcA:9 a=QEXdDO2ut3YA:10
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
X-Authed-Username: ZHNlb21uQHJjbi5jb20=
Authentication-Results: smtp02.rcn.cmh.synacor.com header.DKIM-Signature=@mandelberg.org; dkim=pass
Authentication-Results: smtp02.rcn.cmh.synacor.com header.from=david@mandelberg.org; sender-id=softfail
Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.mail=david@mandelberg.org; spf=softfail; sender-id=softfail
Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.user=dseomn@rcn.com; auth=pass (LOGIN)
Received: from [] ([] helo=uriel.mandelberg.org) by smtp.rcn.com (envelope-from <david@mandelberg.org>) (ecelerity r(Core: with ESMTPSA (cipher=DHE-RSA-AES256-GCM-SHA384) id C5/8D-10370-0C5201D5; Sun, 23 Jun 2019 21:22:08 -0400
Received: from [] (DD-WRT []) by uriel.mandelberg.org (Postfix) with ESMTPSA id 96ACE1C6033; Sun, 23 Jun 2019 21:22:07 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mandelberg.org; s=201903; t=1561339327; bh=vKvzmMyf+feWiGZawMkmTKLriSf5CnXz7BniIuGDAzc=; h=To:From:Subject:Date:From; b=YjY597BJ8SQpV+MRulGR7doCz0jqRbL53xlqbsqK1/E1Nkd44aYbNCz3iaMW0LdX9 PiAqgWXJ7hG23baBC5Eu+5WUH87JiVNtWKKPMlM7xY3pWjvbdxmjWpn2DoTdIV2KTm ljKlWtDx4HPvwRemFCuEMiA5osbmYTC/xoRlp09JLycz+Npg3NNZoJnGLNw9V/RE7v Ox4YQ09rrYHYFU7MyC+AwjuNUPsSiH2GMGG8oSOq6QhKO7rW5dUfEaUGZkET2RrKM3 cav1I755pnUPK3C8ThnTKLKjFWlshwIikFXGqS+b/62H6pVmDfNCjPJbpvCShpu7FQ RwI5ntMr2rYFw==
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-6tisch-architecture.all@ietf.org
From: David Mandelberg <david@mandelberg.org>
Message-ID: <2cced16c-d1df-88c2-eb21-7452b42f081a@mandelberg.org>
Date: Sun, 23 Jun 2019 21:22:05 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/tw1aZMDZaUw-32qqI3f8XjcKLaQ>
Subject: [secdir] secdir review of draft-ietf-6tisch-architecture-21
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2019 01:22:13 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready with nits.

The review deadline for this was really short, so I didn't have a chance 
to read this as closely as I would have liked. That said, from skimming 
the document and reading the sections that looked most interesting, it 
looks pretty good. The security considerations section covers what I 
expected it to. I have only one question/concern:

Sections 4.2.1 and 4.3.4 talk about the security of joining a network, 
and time synchronization, respectively. Do any of the security 
mechanisms in 4.2.1 rely on having an accurate clock? (E.g., to distrust 
old/expired keys.) Is time synchronization done before the join process, 
and is there any way to exploit time synchronization in order to cause a 
node to join a malicious network?