Re: [secdir] Secdir Review of draft-ietf-manet-olsrv2-dat-metric-08

Dacheng <> Mon, 23 November 2015 07:04 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 90AB71A1B1B; Sun, 22 Nov 2015 23:04:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.583
X-Spam-Status: No, score=-2.583 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.585] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KmrUNhBVBhD4; Sun, 22 Nov 2015 23:04:44 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E92E21B30FF; Sun, 22 Nov 2015 23:04:43 -0800 (PST)
Received: from BLU436-SMTP89 ([]) by over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Sun, 22 Nov 2015 23:04:42 -0800
X-TMN: [vCuzzI2cACEXrXz9TmEZB0lKRTjFyYbq]
X-Originating-Email: []
Message-ID: <BLU436-SMTP8927E2E6FAC81702121D7588070@phx.gbl>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B6151869-99DB-4A37-B450-8750773BCA4A"
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Dacheng <>
In-Reply-To: <>
Date: Mon, 23 Nov 2015 15:04:26 +0800
References: <BLU436-SMTP2489108BA79EA7032F2495A881F0@phx.gbl> <>
To: Henning Rogge <>
X-Mailer: Apple Mail (2.1878.6)
X-OriginalArrivalTime: 23 Nov 2015 07:04:40.0435 (UTC) FILETIME=[38E9D430:01D125BD]
Archived-At: <>
Cc:, The IESG <>, "" <>
Subject: Re: [secdir] Secdir Review of draft-ietf-manet-olsrv2-dat-metric-08
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 23 Nov 2015 07:04:50 -0000

Sorry for sending out an unfinished email by mistake. See my comments in line please.

在 2015年11月17日,下午5:14,Henning Rogge <> 写道:

> On 11/15/2015 08:40 AM, Dacheng wrote:
>> Dear all,
>> I have reviewed this document as part of the security directorate's
>> ongoing effort to review all IETF documents being processed by the IESG.
>> These comments were written primarily for the benefit of the security
>> area directors. Document editors and WG chairs should treat these
>> comments just like any other last call comments.
>> This draft is about a new routing  metro for OLSRv2.
>> Technical questions/comments:
>> 1) In this draft, “RFC5444 packet” can be found in many places. I didn’t
>> find the definition of this term. Do you indicate this solution may need
>> to process a packet which is not specified in OLSRv2?
> The header of the Terminology Section contains the following paragraph:
>   The terminology introduced in [RFC5444], [RFC7181] and [RFC6130],
>   including the terms "packet", "message" and "TLV" are to be
>   interpreted as described therein.
> Do you think this paragraph needs to be improved or extended?

Ok, I think ’a packet specified in RFC5444' looks better. But it is not a big problem.
>> 2) There is a good security consideration section in RFC 7181. Since
>> this draft is closely related to OLSRv2 (although this work does not
>> specify any new message or TLV), it will be good to build the security
>> considerations of this work based upon what has been discussed in
>> RFC7181. For example, maybe the authors could say ’there will be some
>> new security issues introduced by this work but not mentioned in RFC
>> 7181, there will be some security issues if we only use the mandatory
>> security mechanism specified in RFC7181, or our work does not introduce
>> any additional security issues..
> I think my security considerations section explicitly says (in the last sentence) that the Mandatory Security Mechanism for OLSRv2 (RFC7183) does NOT protect against modified packet sequence numbers.

It is fine. I just tried to give some comments to make this section looks better, and I understand your point. In addition, maybe you could mention at the end of the fist paragraph that the methods of protecting against the MITM attacks performed by rogue routers are out of scope. 
>> 3) This question is about the last sentencoe in the security
>> consideration—“The signature scheme described in [RFC7183] does not
>> protect the additional sequence number of the DAT metric because it does
>> only sign the RFC5444 messages, not the RFC5444 packet header.” First of
>> all, there is no signature mechanism specified in RFC7183, only HMAC is
>> used to protect the message integrity. In addition, the RFC7183 reuse
>> the process specified in RFC7182 to generate hashes, and so it should be
>> able to cover the message headers.   Open for discussion.
> RFC7183 introduces a RFC5444 message level integrity protection extension for RFC7181 (OLSRv2), based on the ICV Message TLV defined in RFC7182 (see section 9.1 of RFC7182).
> The ICV Message TLV does NOT protect the PACKET header fields of RFC5444 packets, including the RFC5444 packet sequence number.

Ok, you have answered my second question, and I think you are right.  The first comment about this sentence is to replace  “signature mechanism “ with “security mechanism”, because only there is only a HMAC mechanism specified in RFC 7183, right?
>> Editorial:
>> Section 2:
>> MAX(a,b) -> MAX(a, b)
>> Section 3:
>> The administrator should take care that link layer multicast
>> transmission do not not have ->  The administrator should take care that
>> link layer multicast transmission do not have
>> Section 4:
>> The routing decision of most operation systems don't take packet size
>> into account. -> The routing decisions of most operation systems don't
>> take packet size into account.
>> Section 7:
>> with a very slow or very fast linklayer -> with a very slow or very fast
>> link layer
> Will be fixed in the next revision.
> Henning Rogge
> -- 
> Diplom-Informatiker Henning Rogge , Fraunhofer-Institut für
> Kommunikation, Informationsverarbeitung und Ergonomie FKIE
> Kommunikationssysteme (KOM)
> Fraunhofer Straße 20, 53343 Wachtberg, Germany
> Telefon +49 228 9435-961,   Fax +49 228 9435 685