[secdir] SECDIR review of draft-ietf-6man-ipv6-address-generation-privacy-07
Donald Eastlake <d3e3e3@gmail.com> Sat, 01 August 2015 15:47 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F190C1A8972; Sat, 1 Aug 2015 08:47:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N0ycz4f9PcTv; Sat, 1 Aug 2015 08:47:31 -0700 (PDT)
Received: from mail-ob0-x235.google.com (mail-ob0-x235.google.com [IPv6:2607:f8b0:4003:c01::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A9D71A897B; Sat, 1 Aug 2015 08:47:31 -0700 (PDT)
Received: by obbop1 with SMTP id op1so73353180obb.2; Sat, 01 Aug 2015 08:47:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc:content-type; bh=O65XiwjIU6/4H3iwBlBdIBwAzykteJrmI356QtIFj7s=; b=L7tlL45EwZyf4NJjkjYFQD93z55XKjgi+cRZkGsy25QAajiMMwuOjMKb3lPxHPie1/ rvbWdcoSUulfGKTT+R0fzs5zLNdgaLzRa0HFBbfwZRjZeCW/QEoseCS5VJS0WLNvPps4 ekLj92mQpywebcs+p0tEWNBewElikKWxUHrIkA5lA5AtVenGJQbtjcAInV1J6w9Shz+o fsK+nw+LCKpnK7yd3P9CLL0QqgXkQOpGjRUCf0JVKG/57ZH3+EpKF8nXf0XQz/WQ5nFs VV9VY3BskijO03wfSPGDLZgVUr+fyiO6IMRSo8Cs5B5QMP52BscBW5rqjM1nUcYGmFPd rCnA==
X-Received: by 10.182.5.102 with SMTP id r6mr8871991obr.68.1438444051020; Sat, 01 Aug 2015 08:47:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.91.1 with HTTP; Sat, 1 Aug 2015 08:47:15 -0700 (PDT)
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sat, 01 Aug 2015 11:47:15 -0400
Message-ID: <CAF4+nEEAwUrM-osyKzMpqMYeHmx1OPJ=+ZB+dFAJ=tT=vCxiTw@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-6man-ipv6-address-generation-privacy.all@tools.ietf.org
Content-Type: multipart/alternative; boundary="001a1134a940b0c214051c41daa3"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/3FOhDCfKPaChmQPvFbxJdjAKOYw>
Cc: "secdir@ietf.org" <secdir@ietf.org>
Subject: [secdir] SECDIR review of draft-ietf-6man-ipv6-address-generation-privacy-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Aug 2015 15:47:33 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. This draft is ready with nits. It provides a survey of the privacy and security considerations of a variety of IPv6 address generation mechanisms. As far as I can tell, it does a thorough job and is a useful document. I have the following minor comments: Section 1: Although references and lengthier names are given for all the other categories of configuration method, the "Manual configuration" method section is notable for the brevity of its entries and lack of any references whatsoever. I don't have the faintest idea what "Wordy" is and a couple of the others convey to me only a vague idea of what is being listed. Section 2: What does "DHT" stand for? Given that it occurs exactly once in this document, perhaps it should be spelled out. Section 3.3: It might also be useful to mention that the group-addressed bit in the upper 24-bits of a 48 bit MAC will be zero and the global/local bit will probably be zero also. It would be good to add a reference to RFC 7042. Section 4, Table 1: Given that there seems to be plenty of space, I would recommend spelling out "CGA" in the Mechanism column. Also, I see no reason for the "(s)" on the end of "Mechanism" in the column header. Section 4.2: "low byte", which occurs here as well as in Section 1, could use a couple of sentences of explanation. Section 4.3: The first sentence reads very oddly. Suggest replacing "it" with "such a mechanism". Section 5.2: Maybe it is just me but it sounds quite odd to come across a "This document recommends" exactly once here almost at the end of this Informational document. It is certainly a reasonable recommendation but there are a number of previous points in the document where some mechanisms seems so much better, from the privacy and security point of view, than others that a recommendation would be equally justified. So I suggest changing "This document recommends that compliance testing suites be ..." to "Such compliance testing suites should be ...". (I realize that means about the same thing but somehow it bothers me a lot less.) Alternatively, state in the introduction that recommendations are provided and review the document and add appropriate recommendation language in favor of superior mechanisms. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com
- [secdir] SECDIR review of draft-ietf-6man-ipv6-ad… Donald Eastlake
- Re: [secdir] SECDIR review of draft-ietf-6man-ipv… Alissa Cooper (alcoop)
- Re: [secdir] SECDIR review of draft-ietf-6man-ipv… Donald Eastlake