I think I've incorporated all the comments I got so far, and the latest
version on github addresses all open issues.
Tomorrow I'm planning on pushing version -05. If you still have
comments, I'd appreciate them in the next 24h (or a quick note that I
should still expect comments).
Again, goal is WGLC.
Michael
On 16/10/17 03:15, Jéferson Campos Nobre wrote:
Hi Michael.
I think the security section looks good, but I have some comments, to
clarify some passages
My comments:
In Section 9:
"... transit, inject and replay packets "on the wire". In an insider
attack, the attacker has access to an autonomic node, or can insert
packets directly into the ACP."
- I understand the difference between "on the wire" and "directly into
the ACP", but I think this should be better explained.
In Section 9.1:
"...as well as mechanisms specific to
an autonomic network (such as a secured MASA server)."
- I believe "secured MASA server" can be replaced by "MASA service".
"AN specific protocols and methods must also follow traditional
security methods, in that all packets that can be sniffed or injected
by an outside attacker are:
o protected against modification.
o authenticated.
o protected against replay attacks.
o encrypted."
- I'd rather be consistent using "protection on Confidentiality,
Integrity, Availability, and Non-repudiation".
"Most AN messages run inside the cryptographically protected ACP. The
not protected AN messages outside the ACP are limited to a simple
discovery method, defined in Section 2.5.2 of [I-D.ietf-anima-grasp]:
The "Discovery Unsolicited Link-Local (DULL)" message, with detailed
rules on its usage."
- Since it is a important exception, I think the usage rules should be
replicated here instead of just using a reference to the GRASP I-D.
Cheers.
Jéferson
Em qui, 12 de out de 2017 às 06:23, Michael H. Behringer
<[email protected] <mailto:[email protected]>>
escreveu:
As mentioned before, the Security Considerations section needed
work. I
have now restructured and to a large extent re-written that section.
The main focus is on the fact that while AN is auto-protecting, in the
case of a vulnerability, protocol design error, operational error, the
attack surface is huge.
All, especially co-authors: Please read the new section and comment!
Right now only on github:
https://github.com/mbehring/ANIMA-Reference-Model/blob/master/draft-ietf-anima-reference-model.txt
Other than that:
- on sections 7.6 and 7.7 I'm waiting for feedback from John.
- otherwise, to my knowledge, all other input received has been taken
into account.
Once 7.6, 7.7 and the security considerations are stable, I'll push a
new version. Co-authors: Comment now! :-)
Michael
_______________________________________________
Anima mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/anima
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
