On 16/10/17 03:15, Jéferson Campos Nobre wrote:
Hi Michael.
I think the security section looks good, but I have some comments, to
clarify some passages
My comments:
In Section 9:
"... transit, inject and replay packets "on the wire". In an insider
attack, the attacker has access to an autonomic node, or can insert
packets directly into the ACP."
- I understand the difference between "on the wire" and "directly into
the ACP", but I think this should be better explained.
Somehow I was afraid someone would say this. :-( It's not easy to
explain, in simple terms...
How does this sound:
"In an outsider attack all network elements and protocols are securely
managed and operating, and an outside attacker can sniff packets in
transit, inject and replay packets. In an insider attack, the attacker
has access to an autonomic node, or can insert packets directly into the
protected ACP."
In Section 9.1:
"...as well as mechanisms specific to
an autonomic network (such as a secured MASA server)."
- I believe "secured MASA server" can be replaced by "MASA service".
Done.
"AN specific protocols and methods must also follow traditional
security methods, in that all packets that can be sniffed or injected
by an outside attacker are:
o protected against modification.
o authenticated.
o protected against replay attacks.
o encrypted."
- I'd rather be consistent using "protection on Confidentiality,
Integrity, Availability, and Non-repudiation".
That's not the same :-) You don't cover re-play attacks.
"Most AN messages run inside the cryptographically protected ACP. The
not protected AN messages outside the ACP are limited to a simple
discovery method, defined in Section 2.5.2 of [I-D.ietf-anima-grasp]:
The "Discovery Unsolicited Link-Local (DULL)" message, with detailed
rules on its usage."
- Since it is a important exception, I think the usage rules should be
replicated here instead of just using a reference to the GRASP I-D.
I respectfully disagree, this would add a lot of detail, and would make
the section less readable. I think the reference is better here.
Will push the changes onto the git repo in a minute.
Michael
Cheers.
Jéferson
Em qui, 12 de out de 2017 às 06:23, Michael H. Behringer
<[email protected] <mailto:[email protected]>>
escreveu:
As mentioned before, the Security Considerations section needed
work. I
have now restructured and to a large extent re-written that section.
The main focus is on the fact that while AN is auto-protecting, in the
case of a vulnerability, protocol design error, operational error, the
attack surface is huge.
All, especially co-authors: Please read the new section and comment!
Right now only on github:
https://github.com/mbehring/ANIMA-Reference-Model/blob/master/draft-ietf-anima-reference-model.txt
Other than that:
- on sections 7.6 and 7.7 I'm waiting for feedback from John.
- otherwise, to my knowledge, all other input received has been taken
into account.
Once 7.6, 7.7 and the security considerations are stable, I'll push a
new version. Co-authors: Comment now! :-)
Michael
_______________________________________________
Anima mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/anima
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
