[secdir] Secdir review of draft-ietf-dhc-pd-exclude-04

Magnus Nyström <magnusn@gmail.com> Thu, 09 February 2012 06:43 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 2026E21F8565; Wed, 8 Feb 2012 22:43:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 48tNpuZipGM9; Wed, 8 Feb 2012 22:43:23 -0800 (PST)
Received: from mail-qy0-f172.google.com (mail-qy0-f172.google.com []) by ietfa.amsl.com (Postfix) with ESMTP id 86E5A21F8562; Wed, 8 Feb 2012 22:43:23 -0800 (PST)
Received: by qcsg13 with SMTP id g13so899438qcs.31 for <multiple recipients>; Wed, 08 Feb 2012 22:43:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=LMQjYHcjv+M6kLDUo0ElYoWICQKpl13yhmJZw8074G4=; b=nUlWb5J4fN63uzp5bJdgYY3FBFnWuq+WQodDz8B4XwRiuAlBK2LOSPMv4GCb+0gHq7 fyxidbhuHryOWM03zJPo1PcizWbZ7dZ5iHiVzK7wcD18oyQST0fZsX3vuntRlK9tzbAL c9Cq+Jvrse+AtoyGPU+fpb3k4fOSm36J7OU/s=
MIME-Version: 1.0
Received: by with SMTP id a23mr379829qck.100.1328769802193; Wed, 08 Feb 2012 22:43:22 -0800 (PST)
Received: by with HTTP; Wed, 8 Feb 2012 22:43:22 -0800 (PST)
Date: Wed, 8 Feb 2012 22:43:22 -0800
Message-ID: <CADajj4Z5RY5B-4Dj7RbYh2SXKTVF=v1W0zii3QoD=BTnX4b3eQ@mail.gmail.com>
From: =?ISO-8859-1?Q?Magnus_Nystr=F6m?= <magnusn@gmail.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-dhc-pd-exclude@tools.ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: [secdir] Secdir review of draft-ietf-dhc-pd-exclude-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2012 06:43:24 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

This document defines a method for DHCPv6 routers to exclude a prefix
out of a delegated set of prefixes.

I have no comments on the document itself but the Security
Considerations section is very terse. If the method in this draft does
not introduce any new security considerations beyond those already
present in RFC 3315 or RFC 3633 then it should at least say so. It
appears to me however that something could be said about
authenticating the request to exclude a particular prefix?

-- Magnus