[secdir] Review of draft-ietf-mboned-ipv4-uni-based-mcast-06

Shawn Emery <shawn.emery@oracle.com> Sat, 12 June 2010 07:28 UTC

Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id E8D303A68EA; Sat, 12 Jun 2010 00:28:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id v8n-dOT-RiaL; Sat, 12 Jun 2010 00:28:04 -0700 (PDT)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com []) by core3.amsl.com (Postfix) with ESMTP id 5799F3A68E6; Sat, 12 Jun 2010 00:27:58 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com []) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o5C7Rvp6003311 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sat, 12 Jun 2010 07:27:59 GMT
Received: from acsmt355.oracle.com (acsmt355.oracle.com []) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o5BDcane016323; Sat, 12 Jun 2010 07:27:56 GMT
Received: from abhmt014.oracle.com by acsmt353.oracle.com with ESMTP id 340907591276327554; Sat, 12 Jun 2010 00:25:54 -0700
Received: from [] (/ by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sat, 12 Jun 2010 00:25:54 -0700
Message-ID: <4C133681.3060908@oracle.com>
Date: Sat, 12 Jun 2010 01:25:53 -0600
From: Shawn Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv: Gecko/20100214 Lightning/1.0b1 Thunderbird/3.0.1
MIME-Version: 1.0
To: secdir@ietf.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Auth-Type: Internal IP
X-Source-IP: acsinet15.oracle.com []
X-CT-RefId: str=0001.0A090201.4C133700.0142:SCFMA922111,ss=1,fgs=0
Cc: draft-ietf-mboned-ipv4-uni-based-mcast.all@tools.ietf.org, iesg@ietf.org
Subject: [secdir] Review of draft-ietf-mboned-ipv4-uni-based-mcast-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jun 2010 07:28:06 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors. Document editors and WG chairs should treat 
these comments just like any other last call comments.

This draft describes a mechanism for mapping an organization's unicast 
to multicast address in IPv4.

The security considerations section does exist and (as also stated in 
RFC 3180) the dynamic means for constructing multicast addressing using 
this scheme reduces DoS attacks for allocations from outside the 
organization.  Which I agree with.

General comments:


Editorial comments: