[secdir] secdir review of draft-ietf-softwire-public-4over6-09

Rob Austein <sra@hactrn.net> Wed, 29 May 2013 16:31 UTC

Return-Path: <sra@hactrn.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B20021F8CA5; Wed, 29 May 2013 09:31:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PalgTFkFe4gi; Wed, 29 May 2013 09:31:01 -0700 (PDT)
Received: from cyteen.hactrn.net (cyteen.hactrn.net [IPv6:2002:425c:4242:0:210:5aff:fe86:1f54]) by ietfa.amsl.com (Postfix) with ESMTP id F190821F9298; Wed, 29 May 2013 09:30:52 -0700 (PDT)
Received: from thrintun.hactrn.net (thrintun.hactrn.net [IPv6:2002:425c:4242:0:219:d1ff:fe12:5d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "thrintun.hactrn.net", Issuer "Grunchweather Associates" (verified OK)) by cyteen.hactrn.net (Postfix) with ESMTPS id 3E45A9B42A; Wed, 29 May 2013 16:30:49 +0000 (UTC)
Received: from thrintun.hactrn.net (localhost [IPv6:::1]) by thrintun.hactrn.net (Postfix) with ESMTP id 084F517058; Wed, 29 May 2013 12:30:49 -0400 (EDT)
Date: Wed, 29 May 2013 12:30:49 -0400
From: Rob Austein <sra@hactrn.net>
To: iesg@ietf.org, draft-ietf-softwire-public-4over6.all@tools.ietf.org
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20130529163049.084F517058@thrintun.hactrn.net>
Cc: secdir@ietf.org
Subject: [secdir] secdir review of draft-ietf-softwire-public-4over6-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2013 16:31:02 -0000

I have reviewed draft-ietf-softwire-public-4over6-09 as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors and
WG chairs should treat these comments just like any other last call
comments.

Given that this is an informational draft documenting existing
practice, I have no serious security concerns with the draft.  FWIW, I
agree with the issue Sean Turner already raised in his discuss, not
that Sean needs my approval.

If the draft gets another spin, the security considerations could
benefit from a bit more text making it clear that the proposed use of
IPv6 address filtering is in the context of the constrained
environment of a single ISP, where such filtering is based on the
ISP's knowledge of its own topology and address allocation scheme.
One can sort of read this between the lines anyway, but it would be
better to make it explicit.