security review issue 1: denial of service against vendor MASA service

[mcr]

1. Denial of service against the vendor MASA service. Adversaries could mount an
   attack against the service at a critical time, preventing real-time issuance of
   nonced vouchers. This could for example prevent the deployment of autonomic networks
   during emergencies.

[pritikin]

shrug... true. the following attempts have been made to mitigate this:

• the protocol allows for nonce-less vouchers
• proximity detection

[mcr]

what mechanism exist to mitigate:

• nonceless vouchers
• proximity assertion prevents prevents DoS against the audit log, but not against the TCP port.
• supply-chain integration (know your customers) prevents at the TLS level.

Structure Security Considerations to deal with this section. (9.0, 9.1, 9.2), move DoS to new section 9.3.

[pritikin]

since much of the text already existed in 9.0 and to avoid changing the flow I added the DoS section as 9.1 which changed the existing 9.1 & 9.2 section numbers. I think this is a cleaner fix.

[pritikin]

b482a02