[Gen-art] review of draft-ietf-dhc-relay-server-security-03.txt
Francis Dupont <Francis.Dupont@fdupont.fr> Fri, 10 March 2017 09:40 UTC
Return-Path: <Francis.Dupont@fdupont.fr>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A38DC1295A3; Fri, 10 Mar 2017 01:40:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dwy75Oa9h6Vp; Fri, 10 Mar 2017 01:40:01 -0800 (PST)
Received: from givry.fdupont.fr (givry.fdupont.fr [IPv6:2001:41d0:1:6d55:211:5bff:fe98:d51e]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 059711294BB; Fri, 10 Mar 2017 01:40:00 -0800 (PST)
Received: from givry.fdupont.fr (localhost [IPv6:::1]) by givry.fdupont.fr (8.14.7/8.14.7) with ESMTP id v2A9SsCi043507; Fri, 10 Mar 2017 10:28:54 +0100 (CET) (envelope-from dupont@givry.fdupont.fr)
Message-Id: <201703100928.v2A9SsCi043507@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: gen-art@ietf.org
Date: Fri, 10 Mar 2017 10:28:54 +0100
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/8lPtBT2ickrt6H35yIDf9ybJTsU>
Cc: draft-ietf-dhc-relay-server-security.all@ietf.org
Subject: [Gen-art] review of draft-ietf-dhc-relay-server-security-03.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2017 09:40:03 -0000
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-ietf-dhc-relay-server-security-03.txt Reviewer: Francis Dupont Review Date: 20170303 IETF LC End Date: 20170313 IESG Telechat date: unknown Summary: Ready Major issues: None Minor issues: None Nits/editorial comments: - 3 pages 3-4: there is nothing about multicast which is an option for relay - agent exchanges. As multicast IPsec is a bit hard I understand this choice... - 3 page 4: there is a MUST for transport mode: I agree transport mode is better for this use but I am afraid not everybody in the security community will share this opinion. I propose to keep this and to wait for the security directorate review. - 4 page 4: I suggest: multiple relays -> relay chains - 4 page 5: I support your considerations: this use case is at least known plain text. - 4 page 5: preshared -> pre-shared (suggested by my spell checker and used by IKEv2 RFC) Regards Francis.Dupont@fdupont.fr
- [Gen-art] review of draft-ietf-dhc-relay-server-s… Francis Dupont