[secdir] SECDIR review of draft-ietf-softwire-map-radius-23

Donald Eastlake <d3e3e3@gmail.com> Wed, 29 May 2019 04:15 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 20A75120105; Tue, 28 May 2019 21:15:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id YDHNB_NBP_ye; Tue, 28 May 2019 21:15:04 -0700 (PDT)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08944120047; Tue, 28 May 2019 21:15:04 -0700 (PDT)
Received: by mail-io1-xd31.google.com with SMTP id n5so636736ioc.7; Tue, 28 May 2019 21:15:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=yuxOJK3qbAR7sUpxWAWELnDtL2oml4VOlu9ScL4tGiA=; b=XrChwz/u8gfN13U2+NkDiFT3dXAmQIGJsUwHbb68Sm/vYG7Cz+uGFKHyh7JeMtyCCn u8Ttn/Z3O+HS6lIqfnzJgJ8h03tDcqIbWxpExg8W7miahhBdhkBx3KMmHxx0W3Tr8wN/ xEsd4N5Ebe1rhhOXFRyvX+isIdV3KtGrPENUXE3J5+k5/0OP0+Tm5HUKBFoT+CUWof9s WxJpyly0qA5B9YboL7O2bL//qtO99FzWDvWY3seWHs1X7qm2sGuZ3lWiW+1Y6txtl+kj 2mi3Ydlk2jNgs48zBN0mZeGEZeWQUg3N7t6y/aObv8PM9OC8PJ6ldOvfpQOBlx+x+dDX IRzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=yuxOJK3qbAR7sUpxWAWELnDtL2oml4VOlu9ScL4tGiA=; b=l9x0E4D5TyfggnTaU3NHUeDrsvtQ8V8+o3Cb5YaT6Dq/jIWJJkRxJhOMe2Upd85yrT 4VlXZzhy7YrzSXQ/PjL64FrzA+NjhrSFM1DxlAYsPjHcBXH49ccPumEXERw7sq4b+fqV 9Q1fUfdpaJMo3Yi0hEikhFXE1IPNrWMor7T/EBb8ip6OsTDRIjVIrIKm3OLQkL4A4AEe /68SYQ6yxlFkgDHVsiHV+QyuriCzxodey7ZmTuu69Msd6+nMgbOEwN20kPcRy0xdmjK8 L9JoG5q3xUtqZGfXzE5XOrtk89iX522NeLF1r+DT3hsDsx8L544gw5FlMyVe70iCA3FM 3o6A==
X-Gm-Message-State: APjAAAUTYAKy9UPvQfxiSH8hGdFFdjBQJvBGbDPed3eiTTEyIMXz+ZHK pwqw0/yd2nR1on2glPFtzco3f8zp/2EvqJlst7HVHU16
X-Google-Smtp-Source: APXvYqwiv64KNqh9sOFv2MkL+rt/d38ZChd0VnYyqjlDRH0WjtFYDGomXklz4Plf2jDd06XzOynCapcTttACaYf7bpg=
X-Received: by 2002:a5d:9306:: with SMTP id l6mr1950083ion.168.1559103302971; Tue, 28 May 2019 21:15:02 -0700 (PDT)
MIME-Version: 1.0
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Wed, 29 May 2019 00:14:51 -0400
Message-ID: <CAF4+nEHEvQpkBBx=D3djZdtrCC9WmrGihBEtZjad9Z33PbAC+w@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-softwire-map-radius.all@ietf.org
Cc: secdir <secdir@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008ab9050589ff065c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Ac6qTBRpuiUAnlRQr-rEJABIw8g>
Subject: [secdir] SECDIR review of draft-ietf-softwire-map-radius-23
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2019 04:15:05 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  Document
editors and WG chairs should treat these comments just like any other last
call comments.

The summary of the review is Almost Ready.

This draft specifies new RADIUS attributes that correspond with DHCPv6
Options for a number of IPv4 over IPv6 protocols. The main scenario being
supported is that customer equipment connects to a Broadband Network
Gateway (BNG). The BNG then authenticates the user with a AAA server using
RADIUS. There is also a DHCPv6 server at the BNG and the value of relevant
DHCPv6 Options are populated at the BNG from the RADIUS attributes in the
response from the AAA server.

Section 6 provides Security Considerations. It consists almost entirely in
a list of references to security considerations in other RFCs.  This seems
pretty complete but reading it feels kind of scattered. It would be good if
a few sentences could be added and the maybe the material slightly
re-organized to make it clearer how the parts of the Security
Considerations fit together.


   - Although there isn't much questions here, I think it is usual when
   creating a registry that goes on an existing web page to identify that web
   - The acronyms BMR and DMR are only used once in the body of the
   document. Perhaps they could be dispensed with and only the spelled out
   version used at that one occurrence for each. There may be other acronyms
   like this.
   - lwAFTR should be expanded on first use.
   - There is a slightly awkward thing about the IANA Considerations
   section. The first sentence of Section 7 talks about requesting IANA to act
   but then each subsection redundantly requests action and, in fact Section
   7.1 request action at the start of each paragraph. Either (1) the first
   sentence should say something like "IANA is requested to perform the
   actions described in the subsections below." and all the other "request"
   wording should go away or (2) the first sentence should omit "request"
   wording and just say something like "IANA actions are discussed in the
   subsections below." and the "requests" left in the subsections.

 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 1424 Pro Shop Court, Davenport, FL 33896 USA