Dear all During the sec dir review, Scott asked whether we see some new security issue potentially opened by the new behaviour of registering multicast (as opposed to unicast) vs RFC 8505. If you see such a thing, now is a perfect time to have this discussion :) Many thanks iun advance!
Pascal Le lun. 8 avr. 2024 à 11:34, Pascal Thubert <pascal.thub...@gmail.com> a écrit : > Hello Scott > > many thanks for the time and contributions to the progress of this > document. > Le 30/03/2024 à 19:21, Scott Kelly via Datatracker a écrit : > > Reviewer: Scott Kelly > Review result: Has Nits > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments > were written primarily for the benefit of the security area directors. > Document > editors and WG chairs should treat these comments just like any other last > call > comments. > > From the introduction, “This specification Extends [RFC8505] and [RFC9010] to > add the capability for the 6LN to subscribe anycast and multicast addresses > and > for the 6LR to inject them in RPL when appropriate.” > > I want to start by saying that I have little experience with the protocols > described in 8505 and 9010; I’d suggest that the AD have my security-related > comments double-checked with someone who has both security expertise and > expertise in these protocols. > > > Ack, Eric is now added to the "to" list to attract his attention. > > As a general comment, it took me several passes to make sense of the > introduction. It seems to aim toward explaining the gaps motivating this RFC, > along with the building blocks this document uses to fill those gaps. It might > help readers to explain this from the outset, and to explicitly call out which > is which. There are still some paragraphs/sentences there whose purpose I > don’t > understand. > > For the security considerations, I have 2 suggestions: first, it currently > calls out the “security section” of RFC 8505. Shouldn’t it also call out the > security considerations of RFC 9010? Second (and I’m not sure about this), > does > this extension potentially permit any new bad behavior (distinct from 8505 and > 9010) that should be called out? I don’t understand the protocol nuances well > enough to say, but I’d have felt more certain if it said so explicitly. > > > Makes sense. The call out is easy to do. I'll ask the list for inputs on > new security holes potentially being created by this. > > On the RPL side, I do not see much since multicast was already there. We > clarify the use of the sequence counter and add the concept of origin. I do > not see an attack vector there but we can think twice about it. > > As of using RFC 8505 on the first hop instead of RPL, we effectively add > the capability to validate the origin of the registration, which was not > present in RPL and could be the subject of a future ROV in RPL. So I'd say > we are improving the security situation, denoting that the segregation > allows less trusted devices to use the RPL network without allowing them to > inject RPL messages directly, which could be a more ope attack vector for > them. > > I'll craft some text around the above if that's all right with you? > > all the best; > > > Pascal > > > > > > -- Pascal
_______________________________________________ 6lo mailing list 6lo@ietf.org https://www.ietf.org/mailman/listinfo/6lo
