[secdir] Secdir review of draft-ietf-softwire-dslite-deployment

Tobias Gondrom <tobias.gondrom@gondrom.org> Sun, 14 October 2012 19:47 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 4C11821F84E2 for <secdir@ietfa.amsl.com>; Sun, 14 Oct 2012 12:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.361
X-Spam-Status: No, score=-95.361 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 0CZjHM6xOsDs for <secdir@ietfa.amsl.com>; Sun, 14 Oct 2012 12:47:25 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de []) by ietfa.amsl.com (Postfix) with ESMTP id 38FEA21F847D for <secdir@ietf.org>; Sun, 14 Oct 2012 12:47:24 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=icC62Oqoa4SvOaeD8P3uj8i/PqImf7lAHexluAnTzbc4Yym8DYxdigFPVvEYDPlv4/iRhMHlgY+O5TpQ04MEDllz70DfLgMwPEPMSaowwtT5b6h2FncPlLOe9/rZs01k; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type;
Received: (qmail 20321 invoked from network); 14 Oct 2012 21:47:23 +0200
Received: from 188-223-113-88.zone14.bethere.co.uk (HELO ? ( by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 14 Oct 2012 21:47:23 +0200
Message-ID: <507B16CA.3090405@gondrom.org>
Date: Sun, 14 Oct 2012 20:47:22 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121011 Thunderbird/16.0.1
MIME-Version: 1.0
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-softwire-dslite-deployment.all@tools.ietf.org
References: <5030B08F.6080806@gondrom.org>
In-Reply-To: <5030B08F.6080806@gondrom.org>
Content-Type: multipart/alternative; boundary="------------040104000807020300070909"
Subject: [secdir] Secdir review of draft-ietf-softwire-dslite-deployment
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Oct 2012 19:47:26 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors. Document editors and WG chairs should treat 
these comments just like any other last call comments.

I believe this document (draft-ietf-softwire-dslite-deployment) has an 
adequate security considerations section and the main security risks are 
sufficiently described for an informational "deployment considerations" RFC.

section 2.6:
"Internet hosts such as servers must no longer rely solely on IP address 
to identify an abused user."
Don't you mean here: "... an abusive user."
and again in the next sentence "...to identify an abused user..." should 
be "...to identify an abusive user".

- section 1: Overview
third sentence: first mention of "softwire" may require a reference

- section 2.5, last paragraph:
s/Depedning on the rate of NAT table changes/Depending on the rate of 
NAT table changes

Best regards, Tobias