Last Call Review of draft-ietf-geopriv-res-gw-lis-discovery-05
review-ietf-geopriv-res-gw-lis-discovery-05-secdir-lc-meadows-2013-08-02-00
| Request | Review of | draft-ietf-geopriv-res-gw-lis-discovery |
|---|---|---|
| Requested revision | No specific revision (document currently at 08) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2013-07-31 | |
| Requested | 2013-07-18 | |
| Authors | Martin Thomson , Ray Bellis | |
| I-D last updated | 2013-08-02 | |
| Completed reviews |
Genart Last Call review of -05
by Peter E. Yee
(diff)
Genart Last Call review of -07 by Peter E. Yee (diff) Secdir Last Call review of -05 by Catherine Meadows (diff) Opsdir Last Call review of -07 by Nevil Brownlee (diff) |
|
| Assignment | Reviewer | Catherine Meadows |
| State | Completed | |
| Request | Last Call review on draft-ietf-geopriv-res-gw-lis-discovery by Security Area Directorate Assigned | |
| Reviewed revision | 05 (document currently at 08) | |
| Result | Has nits | |
| Completed | 2013-08-02 |
review-ietf-geopriv-res-gw-lis-discovery-05-secdir-lc-meadows-2013-08-02-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft describes a method in which a device can discover a Location Information Server when a residential gateway is present that does not support such discovery. Normally such discovery is done by the device via an option is DHCP (described in RFC5389 ), but this will not be possible if the gateway does not support this option in DHCP. In both the DHCP-supported protocol and the protocol covered in this draft the device provides a domain name to a DNS server, which uses it to discover the appropriate LIS. In the DHCP-supported protocol the device uses the access network domain name DHCP options as the preferred source of domain names. This draft provides ways in which the device can determine likely candidates for domain names if the DHCP option is not supported. The main security considerations for both the protocol described in this draft and RFC 5986 arise from the fact that communication with the DNS server is not authenticated. This is noted and discussed in the security considerations section. I have a couple of questions. The authors mention that RFC 5986 is the preferred method whenever it is supported. I believe that this is because it is more accurate. First question: am I correct in believing this? Secondly, is there any way an attacker could a) cause a device to identify the wrong domain name and b) if a device identifies an incorrect domain name (whether or not the attacker can cause this to happen) is there anyway an attacker can exploit that? Question 2a) may be difficult to answer because the draft does not mandate any particular solution. Indeed it cannot, because the solution used will depend on what is supported locally. But if the answers to questions 1 and 2b) are "yes" it might be worthwhile to point this out in the security considerations section as an additional reason to use the solution given in RFC5389 whenever it is available. Cathy Meadows