[secdir] Secdir last call review of draft-ietf-dmm-pmipv6-dlif-04

Vincent Roca via Datatracker <noreply@ietf.org> Mon, 21 October 2019 12:47 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A7BFE12013B; Mon, 21 Oct 2019 05:47:07 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Vincent Roca via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: draft-ietf-dmm-pmipv6-dlif.all@ietf.org, ietf@ietf.org, dmm@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.106.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Vincent Roca <vincent.roca@inria.fr>
Message-ID: <157166202760.31949.6972305880517491481@ietfa.amsl.com>
Date: Mon, 21 Oct 2019 05:47:07 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/3kTwm26gQtqRXY2eMyVtJHH6LXc>
Subject: [secdir] Secdir last call review of draft-ietf-dmm-pmipv6-dlif-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 12:47:08 -0000

Reviewer: Vincent Roca
Review result: Has Nits

Hello,

I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

Summary: Almost ready / has nits

RFC4832 is a nice document that explains in detail security threats for the
class of mobility management protocol PMIPv6 belongs to. It is referenced by
RFC5213 which itself is referenced by the current document. Therefore I think
that an interested reader can find the requiered information.

However, the small text of section 6 that refers to RFC5213 and updates a few
sentences to apply RFC5213 recommendations to MAARs, is misleading in my
opinion. It suggests there is a single threat, the impersonation of a MAAR, and
since using IPsec eliminates this threat, a reader can easily conclude there's
nothing else.

But what about the other benefits of using IPsec? Is the use of IPsec only for
endpoint authentication (what I understand)? What about anti-replay, integrity,
confidentiality? Is it meaningless in the present context? By the way, what is
the attacker model?

The subject is too complex, the risks are too varied, and I don't like this way
of presenting things that overly simplifies the problems.

Clarification on a different topic:
This is a detail, but the document refers to the S-MAAR's global address or
P-MAAR's global address as if there was a necessarily a single address. What
happens if a MAAR has multiple global addresses? It may happen with a router
that is multiply connected to the Internet.

Cheers.  Vincent