[secdir] SECIR review of draft-ietf-hip-rfc5201-bis-14

Donald Eastlake <d3e3e3@gmail.com> Tue, 24 June 2014 22:03 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 00DC61A01AD; Tue, 24 Jun 2014 15:03:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.149
X-Spam-Status: No, score=0.149 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id I388rpph1JG2; Tue, 24 Jun 2014 15:03:36 -0700 (PDT)
Received: from mail-oa0-x230.google.com (mail-oa0-x230.google.com [IPv6:2607:f8b0:4003:c02::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E11E1A00EB; Tue, 24 Jun 2014 15:03:36 -0700 (PDT)
Received: by mail-oa0-f48.google.com with SMTP id m1so1092007oag.21 for <multiple recipients>; Tue, 24 Jun 2014 15:03:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=FwlrBwYqXFkpxrCjvqQ1SngTWhAf/sr5jvXG5Ts/KV0=; b=NfOF+WBCEF4fcunKkxVl5e4aNe99ft7vyzBDn7Qga+v9GbnUKw2UGiVciku496n8b8 VLGhk9aysr/VowQ2deWXDh3LP4TLSSnARvv1R9G8R0tnjES+NwjExDstAGkd5glCYi9i z5ZpIutXunjGN8RqZHvmwuNqq7/UTR0AmmZkVg81/TUmqdBJK0tSG+IaNixWchyabWTT Z6IGEK+U++zSFnoXf5eF2zJuqVmKUDbDWu869RZ8kM/HtTFSVDoOAqaQEcpeZQTeoZeX VKu+651oxh0PHmTUIHToOFsusvXWlSw5rh1vTmYgoTCQSv9TEZlQp9WeKrH6KXeQA4G7 ZOEQ==
X-Received: by with SMTP id ir1mr3874609obb.41.1403647415449; Tue, 24 Jun 2014 15:03:35 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Tue, 24 Jun 2014 15:03:15 -0700 (PDT)
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Tue, 24 Jun 2014 18:03:15 -0400
Message-ID: <CAF4+nEErTOaDSg5gwx3f3wQaU9+ZKxvuFUEy5RsAcCJnC4QSbQ@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-hip-rfc5201-bis.all@tools.ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/21qsCEciZuCxk54Td_CQXI94SiI
Subject: [secdir] SECIR review of draft-ietf-hip-rfc5201-bis-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jun 2014 22:03:37 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document specifies Version 2 of HIP, the Host Identity Protocol,
obsoleting RFC 5201.

The Security Considerations includes thorough discussion of
denial-of-service and man-in-the-middle attacks which are also touched
on in other appropriate parts of the document.

I was impressed with the thoroughness of the consideration of security
issues throughout this document. I think it is ready from a security
point of view for publication.

 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA