Re: [secdir] Secdir review of draft-ietf-manet-nhdp-optimization.all@ietf.org
"Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com> Fri, 24 October 2014 09:20 UTC
Return-Path: <chris.dearlove@baesystems.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B0721A8919; Fri, 24 Oct 2014 02:20:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.102
X-Spam-Level:
X-Spam-Status: No, score=-4.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RDNS_NONE=0.793] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qBvTP7Ssj8ZR; Fri, 24 Oct 2014 02:20:00 -0700 (PDT)
Received: from ukmta1.baesystems.com (unknown [20.133.0.55]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F24631ACED7; Fri, 24 Oct 2014 02:19:59 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.04,779,1406588400"; d="scan'208,217";a="490037741"
Received: from unknown (HELO baemasmds017.greenlnk.net) ([10.15.207.104]) by baemasmds003ir.sharelnk.net with ESMTP; 24 Oct 2014 10:19:59 +0100
X-IronPort-AV: E=Sophos; i="5.04,779,1406588400"; d="scan'208,217"; a="69899192"
Received: from glkxh0002v.greenlnk.net ([10.109.2.33]) by baemasmds017.greenlnk.net with ESMTP; 24 Oct 2014 10:19:58 +0100
Received: from GLKXM0002V.GREENLNK.net ([169.254.5.125]) by GLKXH0002V.GREENLNK.net ([10.109.2.33]) with mapi id 14.03.0174.001; Fri, 24 Oct 2014 10:19:58 +0100
From: "Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com>
To: Charlie Kaufman <charliekaufman@outlook.com>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir review of draft-ietf-manet-nhdp-optimization.all@ietf.org
Thread-Index: Ac/vUcWM4X3tPJK/Q2arXNwUJcJXBQAGaJvQ
Date: Fri, 24 Oct 2014 09:19:57 +0000
Message-ID: <B31EEDDDB8ED7E4A93FDF12A4EECD30D40D6D295@GLKXM0002V.GREENLNK.net>
References: <COL401-EAS217A77A10FF11F45D69473DDF930@phx.gbl>
In-Reply-To: <COL401-EAS217A77A10FF11F45D69473DDF930@phx.gbl>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.109.62.6]
Content-Type: multipart/alternative; boundary="_000_B31EEDDDB8ED7E4A93FDF12A4EECD30D40D6D295GLKXM0002VGREEN_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/zxG3JgJupKOVasZ8X5IkqAciGcg
Cc: "draft-ietf-manet-nhdp-optimization.all@tools.ietf.org" <draft-ietf-manet-nhdp-optimization.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-manet-nhdp-optimization.all@ietf.org
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 09:20:04 -0000
Charlie Thank you for your comments. I note that the minor improvement you note was also made by our AD, one of the authors has already indicated that, like you, he feels the gain is minor and not worth calling out. Christopher -- Christopher Dearlove Senior Principal Engineer, Information Assurance Group Communications, Networks and Image Analysis Capability BAE Systems Advanced Technology Centre West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK Tel: +44 1245 242194 | Fax: +44 1245 242124 chris.dearlove@baesystems.com<mailto:chris.dearlove@baesystems.com> | http://www.baesystems.com BAE Systems (Operations) Limited Registered Office: Warwick House, PO Box 87, Farnborough Aerospace Centre, Farnborough, Hants, GU14 6YU, UK Registered in England & Wales No: 1996687 From: Charlie Kaufman [mailto:charliekaufman@outlook.com] Sent: 24 October 2014 07:24 To: secdir@ietf.org Cc: draft-ietf-manet-nhdp-optimization.all@tools.ietf.org; iesg@ietf.org Subject: Secdir review of draft-ietf-manet-nhdp-optimization.all@ietf.org *** WARNING *** This message originates from outside our organisation, either from an external partner or the internet. Consider carefully whether you should click on any links, open any attachments or reply. For information regarding Red Flags that you can look out for in emails you receive, click here<http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Red%20Flags.pdf>. If you feel the email is suspicious, please follow this process<http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Dealing%20With%20Suspicious%20Emails.pdf>. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document specifies a conceptually minor change to the MANET Neighborhood Discovery Protocol (NHDP) (RFC6130). It is a backwards compatible optimization allowing neighbors accessible over links of marginal quality to be processed more efficiently in the case where communication bounces up and down due to the marginal link quality. It extends an optimization already specified in RFC6130 for one-hop neighbors to also apply to two-hop neighbors. The security considerations section says that this change introduces no additional security considerations beyond those in RFC6130, and I agree. If anything, this change reduces the potential of one kind of an attack where a node simulates a bouncing link to consume excessive resources on the target. But I don't believe this minor security advantage is worth mentioning... it is a consequence of the main point of the change which is to improve performance (mostly responsiveness). --Charlie ******************************************************************** This email and any attachments are confidential to the intended recipient and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person. ********************************************************************
- [secdir] Secdir review of draft-ietf-manet-nhdp-o… Charlie Kaufman
- Re: [secdir] Secdir review of draft-ietf-manet-nh… Dearlove, Christopher (UK)