[secdir] Secdir review of draft-ietf-roll-p2p-measurement-09.txt

Alexey Melnikov <alexey.melnikov@isode.com> Wed, 06 February 2013 10:23 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1BF021F8793; Wed, 6 Feb 2013 02:23:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id shBDp9H3n+uI; Wed, 6 Feb 2013 02:23:36 -0800 (PST)
Received: from statler.isode.com (statler.isode.com [62.3.217.254]) by ietfa.amsl.com (Postfix) with ESMTP id 8D77221F8715; Wed, 6 Feb 2013 02:23:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1360146214; d=isode.com; s=selector; i=@isode.com; bh=ich5xI+lhgY3fBwK53gL37vdF4o/RUffwBdPGrbpa8s=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=D7768oi+stXmaCxgRj4QQOrk+6AlnZUAvh/ZVPJmGJMmc1UXvJ6DQQRa1hfUYNRxhwhpH+ wxHObjzZzss1DjKfZDrqte0XlVzwl19gjmw0AhH5dRllFPoPBpYrpZXWVqqRvWX1C+jO/w 7PaQ86H7eNNHGSoQt5/YZFs3Pj8YIxk=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250]) by statler.isode.com (submission channel) via TCP with ESMTPA id <URIvJAAYIVVf@statler.isode.com>; Wed, 6 Feb 2013 10:23:34 +0000
Message-ID: <51122F5E.4060804@isode.com>
Date: Wed, 06 Feb 2013 10:24:30 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-roll-p2p-measurement.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [secdir] Secdir review of draft-ietf-roll-p2p-measurement-09.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 10:23:37 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document specifies a mechanism that enables an RPL router [RFC6550] 
to measure the aggregated values of given routing metrics along an 
existing route towards another RPL router, thereby allowing the
router to decide if it wants to initiate the discovery of a better
route.

The Security Considerations section talks about compromised routers 
causing CPU overload in the routers in the network, draining their
batteries and causing traffic congestion in the network. It also talks 
about using this extension to discover topological features of the LLN 
(such as the identity of the key routers in the topology) or the 
remaining energy levels [RFC6551] in the routers in order to attack LLN. 
It points to use of Secure Measurement Object as a way to provide 
authorization for performing such discovery operation. This looks 
adequate to me.