IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-hip-native-nat-traversal

Carl Wallace <carl@redhoundsoftware.com> Thu, 05 March 2020 11:57 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EDF23A1246 for <secdir@ietfa.amsl.com>; Thu, 5 Mar 2020 03:57:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j-lzGviD0h-5 for <secdir@ietfa.amsl.com>; Thu, 5 Mar 2020 03:56:58 -0800 (PST)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A5D63A136E for <secdir@ietf.org>; Thu, 5 Mar 2020 03:56:58 -0800 (PST)
Received: by mail-qt1-x82c.google.com with SMTP id a4so3851530qto.12 for <secdir@ietf.org>; Thu, 05 Mar 2020 03:56:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version:content-transfer-encoding; bh=zgcPhg9J3GtD8VyoZu0bP7QLZ0kZdgpami7jXpZgb+g=; b=TNT0to5B1pgGt3OvvIGygzxVbk5FePKB5eKAq1dlW7f/eRQ7KN0Txxz81igavBIpUQ NmWO8vlzPpd3xGSiVFKQpclgk6HaSxva7nyw/y7os+05TJ8LOs/kfWs5BnKhE0DJSdkx cQAbBhrwqiqMGel7PPmOM83lOAjyCDIjWmiMg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=zgcPhg9J3GtD8VyoZu0bP7QLZ0kZdgpami7jXpZgb+g=; b=jYMobbOuXNiRVwMk34BklopzkJHLibDuyEFUN5VX50VW4sU7aB2duYiLFTkDmTA23b fmBUsiFeYMVPgo5sCAr/7OnUEb7usKjFAQRMX2bNrv481O63sFqafWNbK+Ky6YwksaF+ Eh7pqDrqG9Oaqf/Ssi/SOXQRf+ad8KqvNHSijFXQcVCDicagZAHxF6L1TJbjgrR+P8E7 samAMu+5YiIch2kG6CApiCv0eSP5BOOTjkEezFS/Lhg9Lmlue5oYrjKZJngbYPTBhZQ9 NxNHuRmN6AwbVGYXNc5gm+ga8w1jLPVDkCIwZjs/BzxRTWbrP2OMbxnqZdfXKZHIz7en e/AQ==
X-Gm-Message-State: ANhLgQ36bQCdgUXjypv7Q090TVP5P/xBeWeFN9xp5ED6hcWlPCLQWv0E njspwg7XD56SBlEXl6OFoAUs8ja7JkY=
X-Google-Smtp-Source: ADFU+vtKcwNlJv3y/cllXQwYwBsBLhsjMspNem3oT6BvCPJ11a9/P2WfW/SR9oaDB3V4p9Bo/7rQRA==
X-Received: by 2002:ac8:c4f:: with SMTP id l15mr6875561qti.177.1583409417548; Thu, 05 Mar 2020 03:56:57 -0800 (PST)
Received: from [192.168.2.6] (pool-173-73-189-140.washdc.fios.verizon.net. [173.73.189.140]) by smtp.googlemail.com with ESMTPSA id j17sm16180116qth.27.2020.03.05.03.56.55 (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 05 Mar 2020 03:56:56 -0800 (PST)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Thu, 05 Mar 2020 06:57:35 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: draft-ietf-hip-native-nat-traversal.all@ietf.org
CC: secdir@ietf.org, iesg@ietf.org
Message-ID: <DA86522E.F387E%carl@redhoundsoftware.com>
Thread-Topic: secdir review of draft-ietf-hip-native-nat-traversal
References: <D6C74CED.B1F41%carl@redhoundsoftware.com>
In-Reply-To: <D6C74CED.B1F41%carl@redhoundsoftware.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/8BZyGxH-LI4-veiTdhkQksOHj9c>
Subject: Re: [secdir] secdir review of draft-ietf-hip-native-nat-traversal
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 11:57:07 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.


This is an update to a review performed for -28 draft to cover text in
current -30 version. The primary differences since that draft is the
addition of clarifying text, mostly regarding differences with Legacy
ICE-HIP and rationale for current draft. The new language is helpful. The
draft is ready for publication.


On 3/8/18, 8:26 PM, "Carl Wallace" <carl@redhoundsoftware.com> wrote:

>I have reviewed this document as part of the security directorate's
>ongoing effort to review all IETF documents being processed by the IESG.
>These comments were written primarily for the benefit of the security area
>directors. Document editors and WG chairs should treat these comments just
>like any other last call comments.
>
>This document specifies a new Network Address Translator (NAT) traversal
>mode for the Host Identity Protocol (HIP). While I am not a HIP guy, it
>seems ready for publication. It's well-written and the security
>considerations section is thorough. The only bit that raised a question
>was in section 4, which states "it should be noted that HIP version 2
>[RFC7401 <https://tools.ietf.org/html/rfc7401>] instead of HIPv1 is
>expected to be used with this NAT traversal mode". Earlier in the
>document, it states the draft is based on HIPv2. Are there any
>considerations worth noting in the cases where HIPv1 is used or should
>section 4 be revised to require v2?
>
>

v2.23.0 | Report a Bug | By Email