I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>
Please resolve these comments along with any other Last Call comments you
may receive. (My apologies for submitting these a day late.)
Document: draft-ietf-roll-security-threats-00
Reviewer: Peter Yee
Review Date: Jan-22-2012
IETF LC End Date: Jan-21-2012
IESG Telechat date: Unknown
Summary: This draft is basically ready for publication, but has nits that
should be fixed before publication. [Ready with nits.]
This document analyzes security threats for routing in a low-power and lossy
networks. It discusses countermeasures and operational considerations for
dealing with the threats in the design of ROLL protocols.
Major issues:
Minor issues:
Nits/editorial comments:
General: replace "low power" with "low-power" throughout the document to
match usage in other ROLL RFCs
General: replace "a LLN" with "an LLN" throughout the document.
General: there are quite a few really long, dense sentences in this
document. They make parsing and comprehension more difficult. I realize
that's not something terribly concrete on which you can act.
Section 1, 1st paragraph, 2nd sentence: insert "a" before "user access
interface" or consider making "interface" plural.
Section 2, definition of Node: place a comma after "power".
Section 3, 1st paragraph, 2nd sentence: since you're going to use CIA later
in the document, perhaps you would like to include integrity in this
sentence.
Section 3.1, 1st paragraph, 3rd sentence: an adjective such as "improper" or
"unauthorized" before "access" would be helpful.
Section 3.3, 5th paragraph, last sentence: make "damages" singular.
Section 4.1.1, second sentence: add a period after "etc".
Section 4.3.2, Figure 2: I'm not sure why "Falsify as Good Link to Node_5"
appears twice. Perhaps delete one?
Section 4.3.4, 1st paragraph, 1st sentence: add a serial comma after
"memory".
Section 5.1.4, 3rd paragraph, last sentence: add a serial comma after
"integrity".
Section 5.1.4, 6th paragraph, 1st sentence: consider mentioning FIPS 140-2
not just for device hardening but for other tamper-resistance mechanisms and
for correctness of cryptographic operations (including random number
generation).
Section 5.2.3, 2nd paragraph, 2nd sentence: consider changing "explicit and
implicit" to "explicitly and implicitly". If not, rewrite the sentence so
it parses.
Section 5.2.3, 3rd paragraph, 2nd sentence: replace "shared key or public
key based" with "a shared key- or public key-based".
Section 5.2.4, 2nd sentence: add an "s" after "need"
Section 5.2.5, 5th paragraph: You might also wish to consider an intrusion
detection system (within the node and/or in conjunction with other nodes) as
an alternative to external audit entity. The literature for MANETs has much
to offer in this regard. The seminal paper is:
Zhang, Y. & Lee, W. (2000). Intrusion detection in wireless ad-hoc
networks. Proceedings of the 6th International Conference on Mobile
Computing and Networking (MobiCom 2000), 275-283. doi:10.1145/345910.345958
Also consider:
Liu, Y., Comaniciu, C., & Man, H. (2006). A Bayesian game approach
for intrusion detection in wireless ad hoc networks. Proceedings of the
2006 Workshop on Game Theory for Communications and Networks (GAMENET06).
doi:0.1145/1190195.1190198
Li, W., Parker, J., & Joshi, A. (2012). Security through
collaboration and trust in MANETs. Mobile Networks & Applications, 17(3),
342-352. doi:10.1007/s11036-010-0243-9
Section 5.3, 1st sentence: Drop "a" before "proper".
Section 5.3.2, 1st paragraph, 1st sentence: replace "battery or energy
scavenging" with "batteries or energy scavenging".
Section 5.3.2, 1st paragraph, 2nd sentence: replace "battery" with
"energy-constrained".
Section 5.3.3, 2nd bullet item: add "ing" to "select".
Section 5.3.3, last paragraph, 2nd sentence: add "a" before "method".
Section 5.3.3, last paragraph, 2nd sentence: it's also suboptimal from a
network utilization perspective.
Section 6, 2nd paragraph, 3rd sentence: delete "that" before "do not of".
Section 6, last paragraph, last sentence: add a serial comma after
"integrity".
Section 6.1., 1st paragraph after bullet items: change "accordance of" to
"accordance with".
Section 6.2, 4th bullet item: add a comma after "increments".
Section 6.2, 1st paragraph after bullet items, 2nd sentence: add "be" before
"used".
Section 6.2, 1st paragraph after bullet items, last sentence: insert
"counting" between "as" and "against".
Section 6.4, 5th paragraph, 3rd sentence: add "ly" after "separate".
Section 6.4, 5th paragraph, 3rd sentence: remove the space in "IETF-
standard".
Section 6.4, 5th paragraph, 4th sentence: change "IKE" to "IKEv2".
Section 6.4, 5th paragraph, 4th sentence: consider changing "private" to
"secret" to avoid confusion between symmetric and asymmetric cryptograph
concepts.
Section 6.5.1, 3rd paragraph, 1st sentence: add "ly" after "independent".
Section 6.5.1, 8th paragraph, 2nd sentence: add a comma after "LLNs" for
ease of parsing.
Section 6.5.1, 9th paragraph, 1st sentence: change "extends" to "extend".
Section 6.5.2, 1st paragraph, 2nd sentence: delete ", as listed in the last
subsection," since it isn't listed there.