[6lo] Secdir last call review of draft-ietf-6lo-blemesh-08
Catherine Meadows via Datatracker <firstname.lastname@example.org> Wed, 18 November 2020 22:24 UTC
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 113D03A0DEE; Wed, 18 Nov 2020 14:24:24 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
From: Catherine Meadows via Datatracker <email@example.com>
Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
Reply-To: Catherine Meadows <email@example.com>
Date: Wed, 18 Nov 2020 14:24:24 -0800
Subject: [6lo] Secdir last call review of draft-ietf-6lo-blemesh-08
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:firstname.lastname@example.org?subject=unsubscribe>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:email@example.com?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 22:24:24 -0000
Reviewer: Catherine Meadows Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document specifies mechanisms that are needed to enable IPv6 mesh topologies over Bluetooth Low Energy Links established using the Bluetooth Internet Protocol Support Profile. It does not specify the routing protocol to be used in an IPv6, and it does not specify security mechanisms. In the Security Considerations Section the document directs the reader to the relevant documents. For most security issues, it points the reader to RFC 7668, “IPv6 over BLUETOOTH(R) Low Energy.” For security issues produced by the routing protocol, the reader is directed to RFC 7416, “ A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)”, and it is noted that the issues addressed in that RFC are useful for other low energy routing protocols as well. Finally it is noted that the Registration Ownership Verifier (ROVR) field can be derived from the Bluetooth address, and that this field is also subject to impersonation and spoofing. For this the document refers the reader the Internet Draft on "Address Protected Neighbor Discovery for Low-power and Lossy Networks.” I think that this document does an excellent job of identifying the relevant security issues to related to its topic, and of directing the reader to the relevant documents. I consider this document Ready.
- [6lo] Secdir last call review of draft-ietf-6lo-b… Catherine Meadows via Datatracker
- Re: [6lo] Secdir last call review of draft-ietf-6… Carles Gomez Montenegro