[secdir] Review of draft-ietf-netlmm-lma-discovery-06

Tero Kivinen <kivinen@iki.fi> Tue, 12 October 2010 12:36 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8FEAD3A6931; Tue, 12 Oct 2010 05:36:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.474
X-Spam-Level:
X-Spam-Status: No, score=-102.474 tagged_above=-999 required=5 tests=[AWL=0.125, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VYKD5OxJDkzT; Tue, 12 Oct 2010 05:36:02 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by core3.amsl.com (Postfix) with ESMTP id 57B3A3A67D3; Tue, 12 Oct 2010 05:36:01 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.14.3) with ESMTP id o9CCbBEZ007361 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 12 Oct 2010 15:37:11 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id o9CCbBRZ004044; Tue, 12 Oct 2010 15:37:11 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <19636.22135.112570.232329@fireball.kivinen.iki.fi>
Date: Tue, 12 Oct 2010 15:37:11 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: iesg@ietf.org, secdir@ietf.org
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 8 min
X-Total-Time: 12 min
Cc: draft-ietf-netlmm-lma-discovery.all@tools.ietf.org
Subject: [secdir] Review of draft-ietf-netlmm-lma-discovery-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Oct 2010 12:36:03 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document describes several different ways how Mobile Access
Gateway (MAG) can dynamically discover a Local Mobility Anchor (LMA)
for Mobile Node (MN) and recommends the AAA based discovery solutions.

The security considerations section warns about the risks about using
DNS to obtaining the IP address of the mobility agent, but explains
that as MAG and LMA needs to authenticate each other (using IPsec)
before PMIPv6 signaling messages are exchanged.

The security considerations section seems to be adequate. I have no
other comments for this draft.
-- 
kivinen@iki.fi