[secdir] SECDIR review of draft-ietf-softwire-map-radius-23
Donald Eastlake <d3e3e3@gmail.com> Wed, 29 May 2019 04:15 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20A75120105; Tue, 28 May 2019 21:15:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YDHNB_NBP_ye; Tue, 28 May 2019 21:15:04 -0700 (PDT)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08944120047; Tue, 28 May 2019 21:15:04 -0700 (PDT)
Received: by mail-io1-xd31.google.com with SMTP id n5so636736ioc.7; Tue, 28 May 2019 21:15:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=yuxOJK3qbAR7sUpxWAWELnDtL2oml4VOlu9ScL4tGiA=; b=XrChwz/u8gfN13U2+NkDiFT3dXAmQIGJsUwHbb68Sm/vYG7Cz+uGFKHyh7JeMtyCCn u8Ttn/Z3O+HS6lIqfnzJgJ8h03tDcqIbWxpExg8W7miahhBdhkBx3KMmHxx0W3Tr8wN/ xEsd4N5Ebe1rhhOXFRyvX+isIdV3KtGrPENUXE3J5+k5/0OP0+Tm5HUKBFoT+CUWof9s WxJpyly0qA5B9YboL7O2bL//qtO99FzWDvWY3seWHs1X7qm2sGuZ3lWiW+1Y6txtl+kj 2mi3Ydlk2jNgs48zBN0mZeGEZeWQUg3N7t6y/aObv8PM9OC8PJ6ldOvfpQOBlx+x+dDX IRzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=yuxOJK3qbAR7sUpxWAWELnDtL2oml4VOlu9ScL4tGiA=; b=l9x0E4D5TyfggnTaU3NHUeDrsvtQ8V8+o3Cb5YaT6Dq/jIWJJkRxJhOMe2Upd85yrT 4VlXZzhy7YrzSXQ/PjL64FrzA+NjhrSFM1DxlAYsPjHcBXH49ccPumEXERw7sq4b+fqV 9Q1fUfdpaJMo3Yi0hEikhFXE1IPNrWMor7T/EBb8ip6OsTDRIjVIrIKm3OLQkL4A4AEe /68SYQ6yxlFkgDHVsiHV+QyuriCzxodey7ZmTuu69Msd6+nMgbOEwN20kPcRy0xdmjK8 L9JoG5q3xUtqZGfXzE5XOrtk89iX522NeLF1r+DT3hsDsx8L544gw5FlMyVe70iCA3FM 3o6A==
X-Gm-Message-State: APjAAAUTYAKy9UPvQfxiSH8hGdFFdjBQJvBGbDPed3eiTTEyIMXz+ZHK pwqw0/yd2nR1on2glPFtzco3f8zp/2EvqJlst7HVHU16
X-Google-Smtp-Source: APXvYqwiv64KNqh9sOFv2MkL+rt/d38ZChd0VnYyqjlDRH0WjtFYDGomXklz4Plf2jDd06XzOynCapcTttACaYf7bpg=
X-Received: by 2002:a5d:9306:: with SMTP id l6mr1950083ion.168.1559103302971; Tue, 28 May 2019 21:15:02 -0700 (PDT)
MIME-Version: 1.0
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Wed, 29 May 2019 00:14:51 -0400
Message-ID: <CAF4+nEHEvQpkBBx=D3djZdtrCC9WmrGihBEtZjad9Z33PbAC+w@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-softwire-map-radius.all@ietf.org
Cc: secdir <secdir@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008ab9050589ff065c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Ac6qTBRpuiUAnlRQr-rEJABIw8g>
Subject: [secdir] SECDIR review of draft-ietf-softwire-map-radius-23
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2019 04:15:05 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Almost Ready. This draft specifies new RADIUS attributes that correspond with DHCPv6 Options for a number of IPv4 over IPv6 protocols. The main scenario being supported is that customer equipment connects to a Broadband Network Gateway (BNG). The BNG then authenticates the user with a AAA server using RADIUS. There is also a DHCPv6 server at the BNG and the value of relevant DHCPv6 Options are populated at the BNG from the RADIUS attributes in the response from the AAA server. Section 6 provides Security Considerations. It consists almost entirely in a list of references to security considerations in other RFCs. This seems pretty complete but reading it feels kind of scattered. It would be good if a few sentences could be added and the maybe the material slightly re-organized to make it clearer how the parts of the Security Considerations fit together. Trivia: - Although there isn't much questions here, I think it is usual when creating a registry that goes on an existing web page to identify that web page. - The acronyms BMR and DMR are only used once in the body of the document. Perhaps they could be dispensed with and only the spelled out version used at that one occurrence for each. There may be other acronyms like this. - lwAFTR should be expanded on first use. - There is a slightly awkward thing about the IANA Considerations section. The first sentence of Section 7 talks about requesting IANA to act but then each subsection redundantly requests action and, in fact Section 7.1 request action at the start of each paragraph. Either (1) the first sentence should say something like "IANA is requested to perform the actions described in the subsections below." and all the other "request" wording should go away or (2) the first sentence should omit "request" wording and just say something like "IANA actions are discussed in the subsections below." and the "requests" left in the subsections. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 1424 Pro Shop Court, Davenport, FL 33896 USA d3e3e3@gmail.com
- [secdir] SECDIR review of draft-ietf-softwire-map… Donald Eastlake
- Re: [secdir] SECDIR review of draft-ietf-softwire… mohamed.boucadair