[secdir] secdir review of draft-ietf-hip-native-nat-traversal
Carl Wallace <carl@redhoundsoftware.com> Fri, 09 March 2018 01:26 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7712120727 for <secdir@ietfa.amsl.com>; Thu, 8 Mar 2018 17:26:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AuKVOF0TfK5x for <secdir@ietfa.amsl.com>; Thu, 8 Mar 2018 17:26:29 -0800 (PST)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A23AA126BF6 for <secdir@ietf.org>; Thu, 8 Mar 2018 17:26:29 -0800 (PST)
Received: by mail-qk0-x235.google.com with SMTP id f25so1997311qkm.0 for <secdir@ietf.org>; Thu, 08 Mar 2018 17:26:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :mime-version:content-transfer-encoding; bh=8rwC5sMAxCAf5rk/KviQJvqotPo+CQCCphDzrVFRHdU=; b=FW5gSf6i4OSMI93wjddbAR1SfJ2MAflLFK+UVlYX1pLdlRm8YKMMVuY61KFG0eU+yO EOfSC245tcpTqRC/3vByodRKp9EuNl8Dz1y6KXBSJnHJBuTJvxlTMgC2WPo9BDyaWBGp WGFcGGAoQal8lo0Yvd5T8M9p1fRCv3LgoznqI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:mime-version:content-transfer-encoding; bh=8rwC5sMAxCAf5rk/KviQJvqotPo+CQCCphDzrVFRHdU=; b=omvSsONfses9ZpAeXRs9ZVzb/tQMfEt0l10km9F54YH91LATynOAqDKqw9B/eL5Xnw 6UaqURm/f4xq5GNKWJS3XIKJDC3HQZnL412+M82lZkkE+bcAOcQLXJsBw3W0ne10n5LU cl0g9I4Q/7TnWda2gaQ+kPvhuEYT0hqIlOavlhg+c4jPJ65FWTK+UlOcV2PBScwtMyFj k3pRwQoMV0KzvQrnwRhWv78EFXiusYommPmJtAvw99eTlvCuHQyJSGkC1vE1uLsqqEOw 0b2aF6Pu7LDL5Jl9i6uQQ6FRwjytoU0KxEnwMsNuDpQHP5Djsnn9t4EKb9xtqBp5u/3L hbbw==
X-Gm-Message-State: AElRT7GfXC8tTAcjFwmU9ZVslfeczmdZvCXMhaqw8VznVdO4ZawIJk9t 92TozrrpxxwojN6zoggiqzzqEw==
X-Google-Smtp-Source: AG47ELsfpZgdNU4y4EasQ2j4w/gei0kai09tOSeN3nFWxwGqYW/rHGGcVNqdYgEmxYYGR1lN7ETa7g==
X-Received: by 10.55.212.12 with SMTP id l12mr40801184qki.303.1520558788711; Thu, 08 Mar 2018 17:26:28 -0800 (PST)
Received: from [192.168.2.246] (pool-74-96-253-73.washdc.fios.verizon.net. [74.96.253.73]) by smtp.googlemail.com with ESMTPSA id t68sm12348776qkf.62.2018.03.08.17.26.26 (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 08 Mar 2018 17:26:27 -0800 (PST)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Thu, 08 Mar 2018 20:26:21 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: draft-ietf-hip-native-nat-traversal.all@ietf.org
CC: secdir@ietf.org, iesg@ietf.org
Message-ID: <D6C74CED.B1F41%carl@redhoundsoftware.com>
Thread-Topic: secdir review of draft-ietf-hip-native-nat-traversal
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/9DiVZG4WHIVFP7WGyPd8Ts_b008>
Subject: [secdir] secdir review of draft-ietf-hip-native-nat-traversal
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Mar 2018 01:26:32 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). While I am not a HIP guy, it seems ready for publication. It's well-written and the security considerations section is thorough. The only bit that raised a question was in section 4, which states "it should be noted that HIP version 2 [RFC7401 <https://tools.ietf.org/html/rfc7401>] instead of HIPv1 is expected to be used with this NAT traversal mode". Earlier in the document, it states the draft is based on HIPv2. Are there any considerations worth noting in the cases where HIPv1 is used or should section 4 be revised to require v2?
- [secdir] secdir review of draft-ietf-hip-native-n… Carl Wallace
- Re: [secdir] Fwd: secdir review of draft-ietf-hip… Miika Komu
- Re: [secdir] secdir review of draft-ietf-hip-nati… Carl Wallace