Re: [secdir] SECDIR review of draft-ietf-roll-security-threats-00
Michael Richardson <mcr+ietf@sandelman.ca> Fri, 18 January 2013 18:18 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E70E21F84C9 for <secdir@ietfa.amsl.com>; Fri, 18 Jan 2013 10:18:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qh0-PN6Q+qYr for <secdir@ietfa.amsl.com>; Fri, 18 Jan 2013 10:17:58 -0800 (PST)
Received: from tuna.sandelman.ca (unknown [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) by ietfa.amsl.com (Postfix) with ESMTP id 9C9C921F84C8 for <secdir@ietf.org>; Fri, 18 Jan 2013 10:17:57 -0800 (PST)
Received: from sandelman.ca (desk.marajade.sandelman.ca [209.87.252.247]) by tuna.sandelman.ca (Postfix) with ESMTP id B9C352016D; Fri, 18 Jan 2013 13:22:46 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id 531B9FE86; Fri, 18 Jan 2013 13:17:04 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 417D91FD94; Fri, 18 Jan 2013 13:17:04 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Stephen Kent <kent@bbn.com>
In-Reply-To: <50F8301A.2060508@bbn.com>
References: <50F8301A.2060508@bbn.com>
X-Mailer: MH-E 8.3; nmh 1.3-dev; XEmacs 21.4 (patch 22)
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Fri, 18 Jan 2013 13:17:04 -0500
Message-ID: <20711.1358533024@sandelman.ca>
Sender: mcr@sandelman.ca
X-Mailman-Approved-At: Sat, 19 Jan 2013 08:02:02 -0800
Cc: angel.lozano@upf.edu, vanesa.daza@upf.edu, secdir <secdir@ietf.org>, jpv@cisco.com, roger.alexander@cooperindustries.com, mischa.dohler@cttc.es, adrian@olddog.co.uk, tzeta.tsao@cooperindustries.com
Subject: Re: [secdir] SECDIR review of draft-ietf-roll-security-threats-00
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2013 18:18:00 -0000
I'd like this email thread on the mailing list. Is that okay? If so, I will forward your email, or you can repost, and I'll repost my reply. Unless I say otherwise, I agree with pretty much everything you write, and I am extremely thankful for your review. >>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes: Stephen> 4949 the security glossary). These were good Stephen> omens. Unfortunately, there are Stephen> a number of problems with the text, as noted below. Given Stephen> that this is a 00 Stephen> doc, I'm guessing that the ROLL WG has not been so Stephen> interested as to provide Stephen> feedback. Pity. This is a rename and truncation of http://datatracker.ietf.org/doc/draft-ietf-roll-security-framework/ Stephen> 3.3 -- The phrase "sleepy node" is introduced, but was not Stephen> defined in the Stephen> terminology section. I see that http://datatracker.ietf.org/doc/draft-ietf-roll-terminology/?include_text=1 also does not include sleepy node, and I think that it should, and be referenced. Stephen> 4.1- the authors should use technical terminology from Stephen> 4949, since they went Stephen> to the trouble to cite in various places, e.g., replace Stephen> "sniffing" with Stephen> "passive wiretapping," both here and throughput the Stephen> document. Also, the term Stephen> "traffic analysis" is much broader than what the authors Stephen> suggest here. Even okay, than's a very good suggestion that will bring this document much better in line with other IETF work. Stephen> 4.3- "Selective forwarding," "wormhole," and "sinkhole" Stephen> attacks are Stephen> mentioned, without definition. Using a diagram to Stephen> illustrate these attacks is Stephen> not a substitute for concise definitions. In 4.3.4 Stephen> "overload" attacks are Stephen> noted, but not defined. Also, selective forwarding isn't a Stephen> routing attack, so Stephen> why is it included here? I'd like these terms added to the terminology document too. Stephen> 5.1.4 -- Discussions of anti-tamper are rarely appropriate Stephen> for IETF Stephen> documents. There is no reason to believe that these authors Stephen> are especially Stephen> knowledgeable about such technology. I suggest this section Stephen> be deleted. We have some other work that proposes future protocol changes to deal with the case where nodes are compromised, and relies a bit, on the amount of time required for the adversary overcome anti-tampering. So, I would like some discussion to remain. Stephen> 5.3.1 -- Unlike previous sections, the focus here seems to be Stephen> protocol-specific. I'd feel more comfortable that this was Stephen> not simply an ad Stephen> hocdiscussion if it were posed in a more general form. On Stephen> the other hand, if Stephen> ROLL has already selected a specific routing paradigm, the Stephen> preceding section Stephen> should be specific to that model. Yes, ROLL already has a specific routing paradigm (RFC6550), I think that this document simply did not evolve with enough with the discussion. Stephen> 5.3.2 -- "Overload attacks are a form of DoS attack in that Stephen> a malicious node overloads the network with irrelevant Stephen> traffic, thereby draining the nodes' energy store quicker" Stephen> -> "Overload attacks are a form of DoS attack in which Stephen> a malicious node overloads the network with irrelevant Stephen> traffic, thereby draining the nodes' energy store _more Stephen> quickly_." This sort of attack is not Stephen> one against routing, unless the overload is the result of Stephen> processing routing traffic? The attack is against the routing system. The result is not an invalid route (the traffic gets through), but rather one that drains the energy on a node which otherwise did not need to be involved. It's not clear, btw, that we have any defense against such an attack, as it needs to be done by an insider, but the point of the document is to detail this attack. Stephen> 5.3.5 -- "In wormhole attacks at least two malicious nodes Stephen> shortcut or divert the usual routing path by means of a Stephen> low-latency out-of-band channel." This seems to be a narrow Stephen> characterization of such attacks. One might also say Stephen> that two nodes that _claim_ to have a short path between Stephen> themselves are effecting such an attack. If two nodes Stephen> really do have a short, low latency path between themselves Stephen> then, from a routing perspective, what's the problem? That's a legimate question. It's not clear that there even *is* a problem. The problem is who created such a thing, and what other things (such as selective forwarding) might then occur as a result of this shorter path? For instance, an appropriate pair of antenna connected together by coax could "route around" a closed door or wall. Whether this is a desired part of the network is another question.... Stephen> 6 -- I find the opening sentence to be very confusing: "The Stephen> assessments and Stephen> analysis in Section 4 examined all areas of threats and Stephen> attacks that could Stephen> impact routing, and the countermeasures presented in Stephen> Section 5 were reached Stephen> without confining the consideration to means only available Stephen> to routing." I think that with section 7 gone, this should be removed. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
- [secdir] SECDIR review of draft-ietf-roll-securit… Stephen Kent
- Re: [secdir] SECDIR review of draft-ietf-roll-sec… Michael Richardson
- Re: [secdir] SECDIR review of draft-ietf-roll-sec… Stephen Kent