Re: [secdir] secdir re-review of draft-ietf-manet-olsrv2-16

"Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com> Thu, 11 October 2012 16:16 UTC

Return-Path: <Chris.Dearlove@baesystems.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BA9421F862B; Thu, 11 Oct 2012 09:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ec0Go5zLSktJ; Thu, 11 Oct 2012 09:16:43 -0700 (PDT)
Received: from ukmta1.baesystems.com (ukmta1.baesystems.com [20.133.0.55]) by ietfa.amsl.com (Postfix) with ESMTP id BA32A21F8628; Thu, 11 Oct 2012 09:16:42 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.80,572,1344207600"; d="scan'208";a="277710856"
Received: from unknown (HELO baemasmds009.greenlnk.net) ([141.245.68.246]) by baemasmds003ir.sharelnk.net with ESMTP; 11 Oct 2012 17:16:42 +0100
Received: from GLKXH0002V.GREENLNK.net ([10.109.2.33]) by baemasmds009.greenlnk.net (Switch-3.4.4/Switch-3.4.4) with ESMTP id q9BGGfLX000490 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 11 Oct 2012 17:16:41 +0100
Received: from GLKXM0002V.GREENLNK.net ([169.254.2.28]) by GLKXH0002V.GREENLNK.net ([10.109.2.33]) with mapi id 14.02.0309.002; Thu, 11 Oct 2012 17:16:40 +0100
From: "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>
To: Tom Yu <tlyu@MIT.EDU>
Thread-Topic: secdir re-review of draft-ietf-manet-olsrv2-16
Thread-Index: AQHNp8MJ026twcscyke8bpBTPlMjRJe0Q0Tg
Date: Thu, 11 Oct 2012 16:16:40 +0000
Message-ID: <B31EEDDDB8ED7E4A93FDF12A4EECD30D24F77ADF@GLKXM0002V.GREENLNK.net>
References: <ldvzk3u0waw.fsf@cathode-dark-space.mit.edu> <B31EEDDDB8ED7E4A93FDF12A4EECD30D24F776E1@GLKXM0002V.GREENLNK.net> <ldvd30p11oo.fsf@cathode-dark-space.mit.edu>
In-Reply-To: <ldvd30p11oo.fsf@cathode-dark-space.mit.edu>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.109.62.6]
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 11 Oct 2012 09:22:50 -0700
Cc: "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-manet-olsrv2.all@tools.ietf.org" <draft-ietf-manet-olsrv2.all@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir re-review of draft-ietf-manet-olsrv2-16
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Oct 2012 16:16:44 -0000

Tom

I should again note that this is personal, not the collective view of the authors.

Is there work, yes. Is it all public, no.

A single shared secret key is, as you indicate, a possibility. It is that used in (not OLSRv2) IEEE 802.11s I believe. Key management would however have to be out of band, typically before deployment. (Whatever you do, something has to be done before deployment.) I can point to a non-shared secret key approach outlined in
http://ftp.rta.nato.int/public/PubFullText/RTO/MP/RTO-MP-IST-092/MP-IST-092-21.doc (which pre-dates RFC 6622). I am not suggesting that as more than an example.

I remain of the opinion that the approach separating the two is the correct one. I can assure you that does not mean I - or anyone else I know doing serious work - will be ignoring the subject.

Christopher

-- 
Christopher Dearlove
Senior Principal Engineer, Communications Group
Communications, Networks and Image Analysis Capability
BAE Systems Advanced Technology Centre
West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK
Tel: +44 1245 242194 |  Fax: +44 1245 242124
chris.dearlove@baesystems.com | http://www.baesystems.com

BAE Systems (Operations) Limited
Registered Office: Warwick House, PO Box 87, Farnborough Aerospace Centre, Farnborough, Hants, GU14 6YU, UK
Registered in England & Wales No: 1996687


-----Original Message-----
From: Tom Yu [mailto:tlyu@MIT.EDU] 
Sent: 11 October 2012 16:14
To: Dearlove, Christopher (UK)
Cc: secdir@ietf.org; iesg@ietf.org; draft-ietf-manet-olsrv2.all@tools.ietf.org
Subject: Re: secdir re-review of draft-ietf-manet-olsrv2-16

----------------------! WARNING ! ----------------------
This message originates from outside our organisation,
either from an external partner or from the internet.
Keep this in mind if you answer this message.
Follow the 'Report Suspicious Emails' link on IT matters
for instructions on reporting suspicious email messages.
--------------------------------------------------------

"Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com> writes:

> With regard to the final correction, I think neither version is good. I think the original meant to say reject it as having the status valid, the replacement is saying reject it, it has the status invalid. I think a third wording (I'm not proposing a candidate here) would be better.

RFC 6130 Section 12.1 (which this document references) describes when
a message is invalid, so I think "invalid" is the correct word to use
in that sentence in Section 23.2 of this document.

> With regard to RFC 6622, I should note that I'm not an author of it. But from the perspective of OLSRv2, I can only comment that it was accepted by the IESG. Stressing the speaking personally, I would be happy to reference, or not reference, it.

RFC 6622 basically provides building blocks for authenticating MANET
messages.  I think it is not feasible to implement RFC 6622 in an
interoperable way, but even if it were, I think it remains the
responsibility of a document referencing RFC 6622 to describe how to
use those building blocks to construct an appropriate authentication
scheme.

I find that this document doesn't provide enough specification detail
to build a plausible interoperable authentication scheme for the
OLSRv2 protocol out of RFC 6622 building blocks.  If anything, it
seems to defer such specification of such authentication schemes to
future work ("security extensions"), but it refers to no specific work
in progress.  Is any such work in progress or planned?  If there are
no such plans, perhaps it is best to explicitly state that (with
justifications), and let the IESG decide on those grounds.

> There are good reasons why security functionality is separated out, essentially because (as is commented on in the security considerations section) there are a wide range of circumstances that ad hoc networks are used in. To name but two, there are obviously different requirements (including key management approaches) in a community Wi-Fi network, and a military application such as a group of soldiers. It would be, for the people who will use the protocol, wrong to even consider putting a "one size fits all" mechanism for signatures, timestamps, or (probably especially) key management into the routing protocol.

I agree that there can be good reasons to separate out the security
capabilities of a protocol, but it should be possible to implement
something that provides a reasonable level of security.  For a routing
protocol, strong authentication seems desirable for most reasonable
deployment scenarios.  Confidentiality seems likely to be less
important for a routing protocol, except for specialized situations.
(I imagine that a combat deployment would be one situation where
revealing topology information about a wireless network could put
personnel at an elevated risk of physical attack by leaking
information about their physical locations.)

This document appears to recommend message authentication in Section
23.2, but it doesn't specify how to determine which cryptographic key
protects what message, or how protocol participants manage those keys.
It also doesn't specify which messages should be authenticated using
public key versus shared key cryptography.

Do you envision that an entire MANET shares a single symmetric key?
If so, how would operators provision this key to routers?  Is this a
reasonable risk in envisioned deployment scenarios?  What if one
router is compromised?  etc.

Although allowing alternative security mechanisms can be beneficial, I
think it's important to specify at least one, so that it is clear that
the architecture can support at least one mechanism that has the
desired security properties for the protocol.  The specification of
such a "proof of concept" security mechanism need not be in this
document, but it should be somewhere.


********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************