Re: [Int-dir] Int Area Directorate Review Assignment - draft-ietf-savi-mix-11
David Lamparter <equinox@diac24.net> Fri, 07 October 2016 11:50 UTC
Return-Path: <equinox@diac24.net>
X-Original-To: int-dir@ietfa.amsl.com
Delivered-To: int-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE0371294D0 for <int-dir@ietfa.amsl.com>; Fri, 7 Oct 2016 04:50:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.415
X-Spam-Level:
X-Spam-Status: No, score=-0.415 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FAKE_REPLY_C=1.486, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 76eZU9vyFqfK for <int-dir@ietfa.amsl.com>; Fri, 7 Oct 2016 04:50:28 -0700 (PDT)
Received: from eidolon.nox.tf (eidolon.nox.tf [IPv6:2a07:2ec0:2185::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1FE4129481 for <int-dir@ietf.org>; Fri, 7 Oct 2016 04:50:28 -0700 (PDT)
Received: from equinox by eidolon.nox.tf with local (Exim 4.87) (envelope-from <equinox@diac24.net>) id 1bsTfH-00426m-Iu for int-dir@ietf.org; Fri, 07 Oct 2016 13:50:26 +0200
Date: Fri, 07 Oct 2016 13:50:11 +0200
From: David Lamparter <equinox@diac24.net>
To: int-dir@ietf.org
Message-ID: <20161007115011.GX379151@eidolon>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="zywvytGCXzdVpkje"
Content-Disposition: inline
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-dir/t2lGE_hCwYrdxzDviH5sHfNSKWI>
Subject: Re: [Int-dir] Int Area Directorate Review Assignment - draft-ietf-savi-mix-11
X-BeenThere: int-dir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is for discussion between the members of the Internet Area directorate." <int-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-dir>, <mailto:int-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-dir/>
List-Post: <mailto:int-dir@ietf.org>
List-Help: <mailto:int-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-dir>, <mailto:int-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 11:50:31 -0000
Hi everyone, [apologies for the delay, got some interference from a release cycle...] Apart from some typos (which I think the RFC editors will fix?), my review is the following: - the draft has no privacy consideration section. It should have one, pointing out the following: "When implementing multiple SAVI methods, privacy considerations of all methods apply cumulatively. In addition, there is a minor additional loss of privacy in that the SAVI device can correlate information from different SAVI methods." (optionally: "This additional loss of privacy is considered miniscule.", though that's just my personal opinion.) - in section 6.1.2.2., on "responding to the DAD message", it would be useful to state that the DAD message should be discarded and not forwarded. (Forwarding it may cause other SAVI devices to send additional defense NAs.) I believe this is the intent, but it's not quite obvious. Maybe I'm also misunderstanding something there? - also in section 6.1.2.2., a suggestion to ratelimit (or, in general, apply precautions) defense NAs in order to reduce security threats is probably a good idea. The problem I see there is that it's newly specified behaviour that just needs to be pointed out as requiring the same approach as the individual SAVI methods. - lastly, it could be pointed out that applying SAVI-MIX in an inconsistent way can well break one's network. Obvious case of user stupidity, but well... All in all I believe the draft is in good shape and should proceed with minor edits. Hope this is useful, -David On Fri, Sep 16, 2016 at 12:49:58PM +0200, Carlos Jesús Bernardos Cano wrote: > You are next up on the Int Area Directorate review assignment queue > and the Int ADs have requested a review of draft-ietf-savi-mix-11 (see > https://tools.ietf.org/html/draft-ietf-savi-mix-11). [...]
- Re: [Int-dir] Int Area Directorate Review Assignm… David Lamparter
- Re: [Int-dir] Int Area Directorate Review Assignm… Carlos Jesús Bernardos Cano
- Re: [Int-dir] Int Area Directorate Review Assignm… Jun Bi