Last Call Review of draft-ietf-core-observe-14
review-ietf-core-observe-14-secdir-lc-gellert-2014-08-28-00

Request Review of draft-ietf-core-observe
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-08-19
Requested 2014-08-01
Other Reviews Genart Last Call review of -14 by Meral Shirazipour (diff)
Genart Telechat review of -14 by Meral Shirazipour (diff)
Review State Completed
Reviewer Dorothy Gellert
Review review-ietf-core-observe-14-secdir-lc-gellert-2014-08-28
Posted at https://www.ietf.org/mail-archive/web/secdir/current/msg04982.html
Reviewed rev. 14 (document currently at 16)
Review result Has Issues
Draft last updated 2014-08-28
Review completed: 2014-08-28

Review
review-ietf-core-observe-14-secdir-lc-gellert-2014-08-28















I have reviewed this document as part of the security directorate's

ongoing effort to review all IETF documents being processed by the IESG.

These comments were written primarily for the benefit of the security

area directors. Document editors and WG chairs should treat these

comments just like any other last call comments.

This Standards Track draft is a best effort protocol extension to CoAP to enable clients to retrieve a representation of a resource and keep this representation updated by its server for a period of time.




The security considerations section does exist and discloses the following threats and suggests ways to mitigate these attacks. 










- an increase in amplification attacks, and requires the server to limit notifications without client authentication.  













- acknowledgements may be spoofed if confirmable messages are predictable. 










- server may want access control to prevent resource exhaustion attacks,










- intermediaries may create loops.. 










Section 1.3, describes 2 issues where a client might be assuming an old state. This issue could be considered a security threat depending on the sensitivity of that resource.  You might
 want to flag this also in the security considerations section.







This protocol is intended to be best effort only, as noted in the abstract section.    This should be also emphasized in the security section. 







In general, very nice thorough analysis of all the race conditions inherent in a best effort only protocol syncing state between client and server.  










As an editorial comment, please expand the first occurrence of CoAP 










Best Regards,










Dorothy Gellert




Silver Spring Networks 




Director, Standards and Technology




E

 

dgellert at silverspringnet.com




O

 

+1 650 839 4378




C 

+1
 650 556-5994