[secdir] secdir review of draft-ietf-hip-native-nat-traversal

Carl Wallace <carl@redhoundsoftware.com> Fri, 09 March 2018 01:26 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7712120727 for <secdir@ietfa.amsl.com>; Thu, 8 Mar 2018 17:26:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AuKVOF0TfK5x for <secdir@ietfa.amsl.com>; Thu, 8 Mar 2018 17:26:29 -0800 (PST)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A23AA126BF6 for <secdir@ietf.org>; Thu, 8 Mar 2018 17:26:29 -0800 (PST)
Received: by mail-qk0-x235.google.com with SMTP id f25so1997311qkm.0 for <secdir@ietf.org>; Thu, 08 Mar 2018 17:26:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :mime-version:content-transfer-encoding; bh=8rwC5sMAxCAf5rk/KviQJvqotPo+CQCCphDzrVFRHdU=; b=FW5gSf6i4OSMI93wjddbAR1SfJ2MAflLFK+UVlYX1pLdlRm8YKMMVuY61KFG0eU+yO EOfSC245tcpTqRC/3vByodRKp9EuNl8Dz1y6KXBSJnHJBuTJvxlTMgC2WPo9BDyaWBGp WGFcGGAoQal8lo0Yvd5T8M9p1fRCv3LgoznqI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:mime-version:content-transfer-encoding; bh=8rwC5sMAxCAf5rk/KviQJvqotPo+CQCCphDzrVFRHdU=; b=omvSsONfses9ZpAeXRs9ZVzb/tQMfEt0l10km9F54YH91LATynOAqDKqw9B/eL5Xnw 6UaqURm/f4xq5GNKWJS3XIKJDC3HQZnL412+M82lZkkE+bcAOcQLXJsBw3W0ne10n5LU cl0g9I4Q/7TnWda2gaQ+kPvhuEYT0hqIlOavlhg+c4jPJ65FWTK+UlOcV2PBScwtMyFj k3pRwQoMV0KzvQrnwRhWv78EFXiusYommPmJtAvw99eTlvCuHQyJSGkC1vE1uLsqqEOw 0b2aF6Pu7LDL5Jl9i6uQQ6FRwjytoU0KxEnwMsNuDpQHP5Djsnn9t4EKb9xtqBp5u/3L hbbw==
X-Gm-Message-State: AElRT7GfXC8tTAcjFwmU9ZVslfeczmdZvCXMhaqw8VznVdO4ZawIJk9t 92TozrrpxxwojN6zoggiqzzqEw==
X-Google-Smtp-Source: AG47ELsfpZgdNU4y4EasQ2j4w/gei0kai09tOSeN3nFWxwGqYW/rHGGcVNqdYgEmxYYGR1lN7ETa7g==
X-Received: by 10.55.212.12 with SMTP id l12mr40801184qki.303.1520558788711; Thu, 08 Mar 2018 17:26:28 -0800 (PST)
Received: from [192.168.2.246] (pool-74-96-253-73.washdc.fios.verizon.net. [74.96.253.73]) by smtp.googlemail.com with ESMTPSA id t68sm12348776qkf.62.2018.03.08.17.26.26 (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 08 Mar 2018 17:26:27 -0800 (PST)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Thu, 08 Mar 2018 20:26:21 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: <draft-ietf-hip-native-nat-traversal.all@ietf.org>
CC: <secdir@ietf.org>, <iesg@ietf.org>
Message-ID: <D6C74CED.B1F41%carl@redhoundsoftware.com>
Thread-Topic: secdir review of draft-ietf-hip-native-nat-traversal
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/9DiVZG4WHIVFP7WGyPd8Ts_b008>
Subject: [secdir] secdir review of draft-ietf-hip-native-nat-traversal
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Mar 2018 01:26:32 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.

This document specifies a new Network Address Translator (NAT) traversal
mode for the Host Identity Protocol (HIP). While I am not a HIP guy, it
seems ready for publication. It's well-written and the security
considerations section is thorough. The only bit that raised a question
was in section 4, which states "it should be noted that HIP version 2
[RFC7401 <https://tools.ietf.org/html/rfc7401>] instead of HIPv1 is
expected to be used with this NAT traversal mode". Earlier in the
document, it states the draft is based on HIPv2. Are there any
considerations worth noting in the cases where HIPv1 is used or should
section 4 be revised to require v2?