[secdir] Secdir last call review of draft-ietf-dhc-problem-statement-of-mredhcpv6-05

Christopher Wood via Datatracker <noreply@ietf.org> Tue, 19 May 2020 23:51 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E67363A053F; Tue, 19 May 2020 16:51:07 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Christopher Wood via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: dhcwg@ietf.org, draft-ietf-dhc-problem-statement-of-mredhcpv6.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.130.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <158993226788.7058.12159366851189346862@ietfa.amsl.com>
Reply-To: Christopher Wood <caw@heapingbits.net>
Date: Tue, 19 May 2020 16:51:07 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/7x6gYy00lnMGevRkol-euBvBCtA>
Subject: [secdir] Secdir last call review of draft-ietf-dhc-problem-statement-of-mredhcpv6-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2020 23:51:08 -0000

Reviewer: Christopher Wood
Review result: Serious Issues

Summary: Series Issues

Comments:

- Section 1. The introduction needs a lot of work. It seems to be trying to say
something, but I cannot tell what that is. It's claimed that many documents
attempt to extend DHCPv6, yet no extensions are cited. There's mention of
"multi-requirement extension problems," but no example of such a problem.
There's reference to the possibility of administrators modifying DHCPv6 code
(and possibly breaking things in the process), but that does not seem relevant
to or follow from the previous text. Please revise this entire section and make
the goal clear. What is the problem being solved, why is it important, and what
is the summary of the proposed solution?

- Section 3.2. This section seems largely irrelevant. What is its purpose? It
mainly documents software support, rather than "extension practices."

- Section 4.1. Figure 1 could benefit from some descriptive text to match the
diagram. For example, it's clear how "options" are points of extensibility, but
how are "message processing functions" points of extensibility? An example
might help clarify.

- Section 4.2.3. What does "not all DHCPv6 software considers this extension"
mean? Does it imply that not all server implements support for this extension,
or something else?

- Section 5. This seems to be the crux of the document, yet I failed to glean
much from its contents. There are some examples of extensions which may require
multiple more than one "moving part," such as (1) client identity transmission
and (2) server use of those identities for address allocation. Is there
guidance that should be followed for specifying this type of multi-requirement
extension? If so, what is it? (Is that not the whole point of this document?)
Are there considerations administrators or specification writers should be
mindful of when designing these extensions? If so, what are they?

In general, it seems that if a document is to emphasize considerations for
folks, then those considerations out to be clearly articulated. Instead, this
document seems to just list some examples (current practices) without any
further insight. This makes me question its overall value for the community.

Nits:

- Section 1. "The IP address plays a significant role in the communication of
the Internet." Did this mean to say communication *on* the Internet?

- Please remove unnecessary gender terms from the document ("his").

- This text:

   For example, considering such a requirement that
   DHCPv6 servers assign IPv6 addresses generated by user identifiers to
   the clients in a network to hold users accountable, two extensions
   should be fulfilled to meet this requirement.

Could probably be simplified. Also, what does it mean for an extension to be
fulfilled?