[secdir] Secdir review of draft-ietf-manet-olsrv2-sec-threats-03
Joseph Salowey <joe@salowey.net> Sat, 17 December 2016 19:36 UTC
Return-Path: <joe@salowey.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25E4F1296D5 for <secdir@ietfa.amsl.com>; Sat, 17 Dec 2016 11:36:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzWmSL2Y6jTJ for <secdir@ietfa.amsl.com>; Sat, 17 Dec 2016 11:36:13 -0800 (PST)
Received: from mail-it0-x22e.google.com (mail-it0-x22e.google.com [IPv6:2607:f8b0:4001:c0b::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C22F11296B8 for <secdir@ietf.org>; Sat, 17 Dec 2016 11:36:13 -0800 (PST)
Received: by mail-it0-x22e.google.com with SMTP id b132so19656924iti.1 for <secdir@ietf.org>; Sat, 17 Dec 2016 11:36:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=c17Q88DDzmchhy6z2azLAK2d2i6AUb9qv/snhofw0DM=; b=wmolpQIa1ezN3g2dMU7gOIC/+R4VPhLniMCxQU4G9hGxej6ZOdEZq1CWEL2MzOgBLV Mqo2oboYddYF7QwjMcD1c2x/9Y06eziBCFTeY5U7UrnS+dPSKcGfH1Odn5WsZ2pP7QJj mr6RvM/jkpOwWIbszVRDa2s6LgYQYJCuJPaJHhSqhO4vPWba5p+YeXlBlond2N74O409 PP29GfAnSP6GF3Pn7O23Cz5NzdTwrNDbJZF1gFgHOorFmdVXDkXMmH2QB/aEjeItBknL 1Otx6FfkKSnbTbQMTSp+rlxueHvMn6mBcN6EXv5nEvKSxZE7m77hL1UU9RhOZq5JIemB 2zuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=c17Q88DDzmchhy6z2azLAK2d2i6AUb9qv/snhofw0DM=; b=JOyaHWG0odFCt1XLrSGAeL8jboyLJGEc1wl8LvVDgVMfdtXRts1CbRU6X1xx7jw3F9 tqziMXyxRiasM48Op0XknJxWlSMUxPHeQDYv0q47NDs/OxPoKTwNXvv6WjymC3aXtDDX Jk/mtZSq7XZAJZtcGHcmnr+PHFEW+UntUaNsjctVdpDkTE0uqeXgxDFzw2q4bQh7hmUt dwFiwzsFFfhA3CNYlSbvCpThp0Oqgx2VY1/pLyAjrqttnsW+3jUBezsKxnfJ8yf6Ps+t 7HQevFV86cdRjTs6Wdbz3LiPAzpdqylZciZvIGikfHmJZjDIhUo+pB3Aljrq/7WPs6LE LpbA==
X-Gm-Message-State: AKaTC00E4/eEdIHgVE1VYTtvL7RxbAoUewVptNmBYhO+ZxhcwQIqjHIQtxnnKrDahf56yX9Vm2Arw7x/F31PDA==
X-Received: by 10.36.116.202 with SMTP id o193mr9780653itc.96.1482003373049; Sat, 17 Dec 2016 11:36:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.79.14.131 with HTTP; Sat, 17 Dec 2016 11:35:52 -0800 (PST)
From: Joseph Salowey <joe@salowey.net>
Date: Sat, 17 Dec 2016 11:35:52 -0800
Message-ID: <CAOgPGoDv+s4DtJwL+A2iN-+E5AHqAK8oEUX9TwL5DydbZBtq1g@mail.gmail.com>
To: secdir <secdir@ietf.org>, draft-ietf-manet-olsrv2-sec-threats.all@ietf.org, The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="001a114ab9129b59ca0543dfcc8d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/k0FKc0sU7MSNL1coCcdiNZ33f4M>
Subject: [secdir] Secdir review of draft-ietf-manet-olsrv2-sec-threats-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Dec 2016 19:36:15 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is ready with issues. In general, I think the document does a reasonable job of describing some of the threats associated with OLSRv2. There are some places where the document could be clearer and there are some additional variations threats the authors may wish to consider. One issue that I did not see discussed in the draft would be for the attacker to effectively delay packets. For example, the attacker captures packets while jamming to prevent some stations from receiving packets. The attacker can collect a sequence of traffic and replay at a later time, with different timing and in a different location. Not all replay mechanisms will defend against this attack int he same way. Sequence number validation (which appears to be allowed in 7183) may not be as effective as timestamps, depending upon the time skew allowed. The document does discuss timestamps , but I think it should probably make the following clearer: There are several places in sections 4 and 5 where the document says something like "This kind of attack can be mitigated using integrity check mechanisms". I think in most of these instances replay protection is also important. One solution would be to remove these instances and just relay on section 6.2 which has a better description of the available protections. Since it seems that the integrity check could be deployed with just sequence number instead of timestamps it might be good to mention that it is important to include and verify timestamps for replay protection. Thanks, Joe
- [secdir] Secdir review of draft-ietf-manet-olsrv2… Joseph Salowey