Last Call Review of draft-ietf-6lo-dect-ule-08
review-ietf-6lo-dect-ule-08-secdir-lc-josefsson-2016-12-08-00
| Request | Review of | draft-ietf-6lo-dect-ule |
|---|---|---|
| Requested revision | No specific revision (document currently at 09) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2016-12-02 | |
| Requested | 2016-11-17 | |
| Authors | Peter B. Mariager , Jens T. Petersen , Zach Shelby , Marco van de Logt , Dominique Barthel | |
| I-D last updated | 2016-12-08 | |
| Completed reviews |
Genart Last Call review of -08
by Robert Sparks
(diff)
Secdir Last Call review of -08 by Simon Josefsson (diff) Intdir Early review of -05 by Pascal Thubert (diff) Intdir Early review of -05 by Tatuya Jinmei (diff) |
|
| Assignment | Reviewer | Simon Josefsson |
| State | Completed | |
| Request | Last Call review on draft-ietf-6lo-dect-ule by Security Area Directorate Assigned | |
| Reviewed revision | 08 (document currently at 09) | |
| Result | Has issues | |
| Completed | 2016-12-08 |
review-ietf-6lo-dect-ule-08-secdir-lc-josefsson-2016-12-08-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The draft describes how to transmit IPv6 packets over DECT ULE using 6LoWPAN. The document contains a good introduction to DECT, which is particulary helpful to the IETF community. The security consideration already mentions the privacy concern related to link-level MAC addresses, which is something that would otherwise would be easy to criticize. The document uses acronyms which makes it difficult to read but the document strikes me as well written and well thought out anyway. I believe the document is Ready with Nits. Major nits: 1) Security Considerations. I believe the document should state that IPv6 traffic transmitted over DECT ULE should be protected using normal IETF protocols (e.g., IPSEC or TLS) when there is a need for security. The text says DECT ULE is secured using AES-CCM keyed from the DECT ULE pairing, implying that this offers some security. The document does not explain (or inspire confidence) that the pairing process of DECT ULE has sufficient entropy as input to provide good link-level security, nor that it is based on any well established protocol. A word or two about this would be informative, but not really required. The process may be completely secure, but it may also not be. I don't recall any link layer security protocol that haven't had a significant security problem in the past. Regardless, I believe it is warranted to safeguard readers that they should not consider DECT ULE transport a secure transport for protecting data at the transport and/or application level. Implementers need to employ transport and/or application-level security like IPSEC/TLS/CMS/OpenPGP as well. To address my concern, I suggest to add the following after the third paragraph: While DECT ULE offer some link-layer security properties, the transport of data over DECT ULE may require additional transport protocol, or application protocol, security guarantees. When there is a need, the use of IPSEC [RFC XXXX], TLS [RFC YYYY], CMS [RFC ZZZZ], OpenPGP [RFC QQQQ] or similar security protocols, are recommended. Minor nits: A) Spell out DECT in the abstract and title. In the introduction section, change 'DECT (Digital Enhanced Cordless Telecommunications)' into 'Digital Enhanced Cordless Telecommunications (DECT)'. Cheers, /Simon