RE: [DNA] RE: draft-ietf-dna-link-information-03

[Alper Yegin <alper.yegin@yegin.org>]

> >Additionally, protocol stack
> >may also use some upper layer mechanisms to achieve partial protection
> >against situations where incorrect event notifications are generated
> (e.g.,
> >upper-layer confirmation of the link-layer event).
> 
> Are you referring to DNA itself here?  (e.g. use of SEND)

I know the above text is vague. If we try to make it more concrete by giving
examples, I'm afraid we need to further expand on it as it is not straight
forward how one can use SEND, etc. to achieve that added protection. 

If we cannot capture a solid solution (even as an example) without
generating more questions than we answer, I'm inclined to delete the above
paragraph as it may not help in this form.

Thoughts?

> >When the link-layer and the network-layer reside on separate nodes as in
> a
> >distributed stack implementation, the event notifications MUST be
> >authenticated, replay and integrity protected as they are delivered. The
> >specific mechanisms to achieve the security of notifications are outside
> >the
> >scope of this document.
> 
> It seems odd to be making strong normative statements at the same time it
> is
> stated that the mechanisms to achieve the mandates are out of scope.

I didn't think of shying away from a must-do just because we are not
providing the solution in this document. Think of it as a requirement for
the implementations of event notifications. 

Please let us know if you have a suggested text replacement.

> Overall, I think there is still a missing piece here relating to damping.
> It is one thing for an attacker to be able to execute a DoS attack on one
> node;  it is another to be able to leverage that node's DNA implementation
> to DoS others on the same network, or across the Internet.

This sounds reasonable. Can you please propose some text to capture what you
are saying?

Alper