[secdir] Secdir last call review of draft-ietf-dmm-distributed-mobility-anchoring-13

Joseph Salowey via Datatracker <noreply@ietf.org> Sun, 13 October 2019 22:25 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 71F0112006D; Sun, 13 Oct 2019 15:25:57 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joseph Salowey via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: draft-ietf-dmm-distributed-mobility-anchoring.all@ietf.org, iesg@ietf.org, dmm@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.105.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Joseph Salowey <joe@salowey.net>
Message-ID: <157100555733.20750.5488529297693995498@ietfa.amsl.com>
Date: Sun, 13 Oct 2019 15:25:57 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/4udcfE2ZM8u99xE9cwkRnFd8-pI>
Subject: [secdir] Secdir last call review of draft-ietf-dmm-distributed-mobility-anchoring-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Oct 2019 22:25:58 -0000

Reviewer: Joseph Salowey
Review result: Has Issues

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is the document has issues with the security
considerations section.

The security consideration section is extremely light.  It mainly contains text
from RFC 7333.  It seems that there should be more discussion of security as it
relates to the different configurations and different cases.   Do each of these
cases have the same security properties and require the same types of security
controls?

Are the IPSEC recommendations mentioned in the security considerations of
draft-ietf-dmm-deployment-models-04 applicable for all the cases?   Should
these be pointed out in the security considerations section?