Review of draft-ietf-dmm-hnprenum-03

Jean-Michel Combes <> Mon, 19 December 2016 18:35 UTC

Return-Path: <>
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 28F47129531; Mon, 19 Dec 2016 10:35:24 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Jean-Michel Combes <>
To: <>
Subject: Review of draft-ietf-dmm-hnprenum-03
X-Test-IDTracker: no
X-IETF-IDTracker: 6.40.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <>
Date: Mon, 19 Dec 2016 10:35:24 -0800
Archived-At: <>
X-Mailman-Version: 2.1.17
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 19 Dec 2016 18:35:24 -0000

Reviewer: Jean-Michel Combes
Review result: Ready with Issues


First, this is the first time I am trying this new tool for reviewers,
so, sorry if I am making process mistakes.

Please find the official text below:
I am an assigned INT directorate reviewer for
draft-ietf-dmm-hnprenum-03. These comments were written primarily for
the benefit of the Internet Area Directors. Document editors and
shepherd(s) should treat these comments just like they would treat
comments from any other IETF contributors and resolve them along with
any other Last Call comments that have been received. For more details
on the INT Directorate, see

Please, find my review below:

*** Section 1, p2 ***
"However, a widespread use of PI addresses may cause Border Gateway
Protocol (BGP) scaling problems."
Any Ref?

*** Section 7, p6 ***
"The protection of UPN and UPA messages in this document follows
[RFC5213] and [RFC7077].  This extension causes no further security

Sorry but, I must admit I don't agree:

[RFC5213] says:
"The Mobile IPv6 specification [RFC3775] requires the home agent to
prevent a mobile node from creating security associations or creating
binding cache entries for another mobile node's home address. In the
protocol described in this document, the mobile node is not involved
in creating security associations for protecting the signaling
messages or sending binding updates. Therefore, the local mobility
anchor MUST restrict the creation and manipulation of proxy bindings
to specifically authorized mobile access gateways and prefixes. The
local mobility anchor MUST be locally configurable to authorize such
specific combinations.  Additional mechanisms, such as a policy store
or Authentication, Authorization, and Accounting (AAA) may be
employed, but these are outside the scope of this specification."

Based on the fact that an operator could set up internal check-ups
about the allowed HNP(s) for the MN, there could be strong
restrictions (e.g., not allowed roaming between operators) about the
mechanism described inside this document.

So, IMHO, additional text is needed regarding this point.

Best regards,