[secdir] secdir review of draft-ietf-csi-sndp-prob

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 01 December 2009 01:25 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id D309C3A6AB2; Mon, 30 Nov 2009 17:25:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.835
X-Spam-Status: No, score=-1.835 tagged_above=-999 required=5 tests=[AWL=0.764, BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id T7jajQbvzVK5; Mon, 30 Nov 2009 17:25:06 -0800 (PST)
Received: from relay.imagine.ie (dns1.dns.imagine.ie []) by core3.amsl.com (Postfix) with ESMTP id EF2243A686E; Mon, 30 Nov 2009 17:25:05 -0800 (PST)
Received: from mail2.int.imagine.ie (mail2 []) by relay.imagine.ie (Postfix) with ESMTP id D705132886; Tue, 1 Dec 2009 01:24:57 +0000 (GMT)
Received: from [] (dsl-102-234.cust.imagine.ie []) by mail2.int.imagine.ie (8.13.4/8.13.4/Debian-3) with ESMTP id nB11OrJ2000761 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 1 Dec 2009 01:24:54 GMT
Message-ID: <4B147060.4000207@cs.tcd.ie>
Date: Tue, 01 Dec 2009 01:24:48 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Thunderbird (X11/20090812)
MIME-Version: 1.0
To: draft-ietf-csi-prob@tools.ietf.org, sec-ads@ietf.org, secdir@ietf.org
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Bayes-Prob: 0.0001 (Score 0)
X-Canit-Stats-ID: 58130340 - 690f3ab6f055 (trained as not-spam)
X-CanItPRO-Stream: outgoing
X-Scanned-By: CanIt (www . roaringpenguin . com) on
Subject: [secdir] secdir review of draft-ietf-csi-sndp-prob
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2009 01:25:06 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

The draft is a generally well-written description of some issues with
securing neighbour discovery when proxies are involved. As a problem
statement draft I find it just fine.

I have two minor security comments and a few nits below.

1. The suggestion at the end of 4.2 that certificate serial number
or time field ordering be used to indicate relationships between
end entities seems very hacky. I'd suggest either deleting that
if its felt to be unlikely used, or else, if its actually
likely to be used, then documenting how it could actually work

2. 7.2 mentions "signed, non-repudiable certificates" which is a
horribly odd phrase. Hopefully that's just sloppy language.
(s/signed, non-repudiable//), but if not, then its a concern (the
concern being that non-repudiation in protocols is mythical).


1. 2nd last para of 3.1: fix word ordering in last sentence, think it
ought say:

 Such a message would be valid according to the SEND specification, if the
 Target Address and the source IPv6 address of the Neighbor Advertisement
 weren't different [RFC3971].

2. 2.2.4 1st para: similar word ordering, maybe:

 The router or CA may then be able to certify proxying for
 only a subset of the prefixes for which it is certified.

3. 1st sentence of 7.2: s/The certificagte delegation/Certificate