Re: [secdir] SECDIR review of draft-ietf-manet-nhdp-sec-threats-04
Jiazi Yi <yi.jiazi@gmail.com> Tue, 11 June 2013 08:52 UTC
Return-Path: <yi.jiazi@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AE0A21F9A7E; Tue, 11 Jun 2013 01:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J8G9zIdcFOyN; Tue, 11 Jun 2013 01:52:57 -0700 (PDT)
Received: from mail-we0-x230.google.com (mail-we0-x230.google.com [IPv6:2a00:1450:400c:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id 86DFB21F9A84; Tue, 11 Jun 2013 01:52:54 -0700 (PDT)
Received: by mail-we0-f176.google.com with SMTP id t56so5542810wes.21 for <multiple recipients>; Tue, 11 Jun 2013 01:52:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=Smsx6gv7AsIawp3PDro8N/+6isgO9BbEg6tV/fvMvrM=; b=RzU/cJ1BcapZW4PGw4mrBirB4QnAOLTO9GhuIMBJwRyit3RN6vDgLhg1k9Z2WEfnQA HlNrrikc5QzKWP7fo2EatoPZFxTg5bVyLPK1Yqpf/vf0tDu+B4S2NWhrq+8qtq4py413 KvoZp0MbCr+ajN0/vITqP6qQ83kcpxfskyehzH9EoOi/k8blBcepVlGCqhN+68tMBr8Q fJOM6OWYLH6vsNsBNUNGywjiOdG59HVTJGs7ZVIuneLPYoj0IHBW8hY62+MIsyO0M7Pb j4lUZqvRkENVr82uTpK8yraRx3Q2NtdsMxrjChCiWRQ3XHzasYvuo2XhmbqdfPMG7GV3 iY7A==
X-Received: by 10.194.237.38 with SMTP id uz6mr7792648wjc.73.1370940773746; Tue, 11 Jun 2013 01:52:53 -0700 (PDT)
Received: from 193.55.177-98.saclay.inria.fr ([193.55.177.98]) by mx.google.com with ESMTPSA id f8sm15676251wiv.0.2013.06.11.01.52.52 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 11 Jun 2013 01:52:53 -0700 (PDT)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Jiazi Yi <yi.jiazi@gmail.com>
In-Reply-To: <CANTg3aBH6T5Hqg84Me_-J9K0rfg9zZh+GHY_yVzNv66DKV7w+A@mail.gmail.com>
Date: Tue, 11 Jun 2013 10:52:58 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <5BB5E033-6EBD-4218-9022-20245E60EDE0@gmail.com>
References: <CANTg3aBH6T5Hqg84Me_-J9K0rfg9zZh+GHY_yVzNv66DKV7w+A@mail.gmail.com>
To: Matthew Lepinski <mlepinski.ietf@gmail.com>
X-Mailer: Apple Mail (2.1508)
X-Mailman-Approved-At: Tue, 11 Jun 2013 01:55:25 -0700
Cc: draft-ietf-manet-nhdp-sec-threats@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] SECDIR review of draft-ietf-manet-nhdp-sec-threats-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 08:52:57 -0000
Dear Matthew, Thanks for your review of the draft. Please check the reply inline: On Jun 10, 2013, at 06:13 , Matthew Lepinski <mlepinski.ietf@gmail.com> wrote: > I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. > > This document provides a taxonomy of attacks against the Mobile Ad Hoc Network Neighborhood Discovery Protocol (NHDP) [RFC 6130]. The document also contains a discussion of the impact of these attacks on running on top of NHDP (in particular, OLSRv2 and SMF) > > Having reviewed the document, I do not see substantial issues in the document. I believe it is reasonable to publish as an informational RFC. > > One minor issue: The replay attack described in Section 4.5 did not seem substantially different than the attacks described in Section 4.4. It is not clear to me how replaying a message from another part of the network is any worse (or substantially different) than just fabricating a message claiming connectivity that does not exist (i.e., like what is described in 4.4.2). I would recommend either deleting 4.5 or else clarifying how these attacks are substantially different. The main difference between 4.4 and 4.5 is that reply attack is based on manipulating the transmission channel, while Incorrect HELLO message generation is based on wrong HELLO message. We proposed more text to describe the difference in the end of section 4.5: == Compared to Incorrect HELLO Message attacks described in Section 4.4, the messages used in Replay attack are legitimate messages sent out by (non-malicious) NHDP routers and replayed at a later time or different locality by malicious routers. This makes this kind of attack harder to be detect and to counteract: integrity checks cannot help in this case as the original message ICV was correctly calculated. ==== If you are OK with the text, we will add it to the next revision. > > Trivial nit: In Section 5, "a Compromised NHDP router will seek to manipulate" -- substitute "may seek" instead of "will seek". We don't know for certain what a compromised router will do (unless one assigns clear motivation to the adversary, which this document does not). Yes, will be corrected in the next revision :) thanks again best Jiazi
- [secdir] SECDIR review of draft-ietf-manet-nhdp-s… Matthew Lepinski
- Re: [secdir] SECDIR review of draft-ietf-manet-nh… Jiazi Yi
- Re: [secdir] SECDIR review of draft-ietf-manet-nh… Matthew Lepinski