Re: [secdir] secdir review of draft-ietf-conex-mobile-05

Dirk Kutscher <> Fri, 11 September 2015 09:49 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 5C3061A90D5; Fri, 11 Sep 2015 02:49:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.161
X-Spam-Status: No, score=-0.161 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id T6aFul9Vk3ph; Fri, 11 Sep 2015 02:49:00 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B1D991A9172; Fri, 11 Sep 2015 02:48:59 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 51EDF10A89F; Fri, 11 Sep 2015 11:48:58 +0200 (CEST)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YbQkP3jRJ7eg; Fri, 11 Sep 2015 11:48:58 +0200 (CEST)
X-ENC: Last-Hop-TLS-encrypted
X-ENC: Last-Hop-TLS-encrypted
Received: from ( []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2DF1810A87C; Fri, 11 Sep 2015 11:48:50 +0200 (CEST)
Received: from ([]) by ([]) with mapi id 14.03.0210.002; Fri, 11 Sep 2015 11:48:50 +0200
From: Dirk Kutscher <>
To: "Xialiang (Frank)" <>
Thread-Topic: secdir review of draft-ietf-conex-mobile-05
Thread-Index: AdDsK7I1VyJu7Bl6QJ2ZXX3RKt6srwAQblSwAAEGHKAAAMkDEA==
Date: Fri, 11 Sep 2015 09:48:49 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: de-DE, en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_82AB329A76E2484D934BBCA77E9F52499A07B50EHydraofficehd_"
MIME-Version: 1.0
Archived-At: <>
X-Mailman-Approved-At: Fri, 11 Sep 2015 04:05:13 -0700
Cc: "" <>, "" <>, secdir <>
Subject: Re: [secdir] secdir review of draft-ietf-conex-mobile-05
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 11 Sep 2015 09:49:02 -0000

Hi Frank,

In general, the ConEx-related risks regarding manipulating congestion notification/exposure can apply to mobile networks, too.

What could perhaps be said is that mobile networks (UMTS, LTE) employ a virtual-circuit-like bearer model for the access, i.e., users in a cell can generally not see other users¡¯ traffic ¨C so that would rule out some threats. Also, authentication is part of the bearer establishment, so the network generally knows the user and device identity.

Now, assuming that mobile networks can be subject to passive monitoring, one could claim that this would enable attackers to collect information about a user¡¯s congestion contribution (also over time), but that threat seems less critical (compared to exposing the payload itself).

Best regards,

From: Xialiang (Frank) []
Sent: Freitag, 11. September 2015 11:20
To: Dirk Kutscher
Cc: secdir;;
Subject: Re: secdir review of draft-ietf-conex-mobile-05

Hi Dirk,
Thank you for quick response.
I reviewed the drafts you mentioned below. I agree that they already discussed the general security issues I am concerned, especially in the draft-conex-abstract-mech-13 and its reference.

So, in general, my concerns are addressed. But I still have a little bit doubts about possibly new security issues for the use cases of using ConEx protocol over the mobile communication networks. I am not an expert in this area, can you clarify me?



·¢¼þÈË: Dirk Kutscher []
·¢ËÍʱ¼ä: 2015Äê9ÔÂ11ÈÕ 16:52
ÊÕ¼þÈË: Xialiang (Frank); secdir;<>;<>
Ö÷Ìâ: RE: secdir review of draft-ietf-conex-mobile-05

Hi Frank,

thanks for the review.

The security issues you mentioned would apply to ConEx in general. The corresponding documents are discussing potential security issues: (also see the references)

We¡¯d therefore rather not duplicate that discussion in conex-mobile.

Regarding the security risks you mentioned, I¡¯d say it is questionable whether ConEx introduces additional issues for confidentiality (compared to IP alone).


From: Xialiang (Frank) []
Sent: Freitag, 11. September 2015 02:49
To: secdir;<>;<>
Subject: secdir review of draft-ietf-conex-mobile-05

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comment.

This memo describes a mobile communications use case for congestion exposure (ConEx) with a particular focus on those mobile communication networks that are architecturally similar to the 3GPP Evolved Packet System (EPS).

I have the following comments:

l  1. It should be helpful to consider the communication security between the ConEx senders and receivers such as the Confidentiality, data integrity and peer entity authentication in the security considerations part. Because in general, the corresponding risks are still possible to exist.

l  2. The authentication mechanism among all the elements of ConEx solution should also be considered to handle the condition of faked messages or invalid peer elements.

Recommendation:  Ready With Issues