secid review of draft-ietf-ipv6-deprecate-rh0-01
"David Harrington" <ietfdbh@comcast.net> Mon, 24 September 2007 21:14 UTC
Return-path: <ietf-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZvFj-00078r-KO; Mon, 24 Sep 2007 17:14:03 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZvFh-00077u-Tj for ietf@ietf.org; Mon, 24 Sep 2007 17:14:01 -0400
Received: from rwcrmhc14.comcast.net ([216.148.227.154]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IZvFW-00065R-OS for ietf@ietf.org; Mon, 24 Sep 2007 17:13:56 -0400
Received: from harrington73653 (c-24-128-104-207.hsd1.nh.comcast.net[24.128.104.207]) by comcast.net (rwcrmhc14) with SMTP id <20070924211329m1400jcucpe>; Mon, 24 Sep 2007 21:13:30 +0000
From: David Harrington <ietfdbh@comcast.net>
To: 'Sam Hartman' <hartmans-ietf@mit.edu>, tim.polk@nist.gov, secdir@mit.edu
Date: Mon, 24 Sep 2007 17:13:09 -0400
Message-ID: <02c601c7feef$b6460730$6702a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
Thread-Index: Acf+77T84XY/kgXwRoCtFJP7EsfOJQ==
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
Cc: gnn@neville-neil.com, jari.arkko@piuha.net, psavola@funet.fi, 'IETF discussion list' <ietf@ietf.org>
Subject: secid review of draft-ietf-ipv6-deprecate-rh0-01
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. - The purpose of draft-ietf-ipv6-deprecate-rh0-01 is to deprecate a feature of IPv6 which has been shown to have undesirable security implications. In particular, RH0 provides a mechanism for traffic amplification, which might be used as a denial-of-service attack. As such, the whole document is a security consideration. The vulnerability appears well-documented, and the guidelines for handling the deprecated RH0 are clear. I have a few comments 1) RH0 really is something we do not want to see used, right? Should this RH be obsoleted rather than deprecated? 2) Per BCP61, MUST is for implementers, and SHOULD is for users/deployers. There is a MUST NOT in section 4.2 that is a deployment decision, so this should be a SHOULD NOT. At the same time, there is a "must" in section 4.2 that is an implementation requirement, so this should be a MUST. 3) Section three uses "must" where MUST would seem appropriate. David Harrington dbharrington@comcast.net ietfdbh@comcast.net _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- secid review of draft-ietf-ipv6-deprecate-rh0-01 David Harrington
- Re: secid review of draft-ietf-ipv6-deprecate-rh0… Sam Hartman
- Re: secid review of draft-ietf-ipv6-deprecate-rh0… Jari Arkko
- Re: secid review of draft-ietf-ipv6-deprecate-rh0… Joe Abley