[secdir] secdir review of draft-ietf-hokey-ldn-discovery-06

Samuel Weiler <weiler@watson.org> Mon, 28 February 2011 22:24 UTC

Return-Path: <weiler@watson.org>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F2D863A6C97; Mon, 28 Feb 2011 14:24:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b+qyjZJXvWcs; Mon, 28 Feb 2011 14:24:58 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by core3.amsl.com (Postfix) with ESMTP id 21A403A6C6E; Mon, 28 Feb 2011 14:24:57 -0800 (PST)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.4/8.14.4) with ESMTP id p1SMPw83058226; Mon, 28 Feb 2011 17:25:58 -0500 (EST) (envelope-from weiler@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.4/8.14.4/Submit) with ESMTP id p1SMPvaY058222; Mon, 28 Feb 2011 17:25:58 -0500 (EST) (envelope-from weiler@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Mon, 28 Feb 2011 17:25:57 -0500 (EST)
From: Samuel Weiler <weiler@watson.org>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-hokey-ldn-discovery.all@tools.ietf.org
Message-ID: <alpine.BSF.2.00.1102281720230.26298@fledge.watson.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Mon, 28 Feb 2011 17:25:59 -0500 (EST)
Subject: [secdir] secdir review of draft-ietf-hokey-ldn-discovery-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: secdir-secretary@mit.edu
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Feb 2011 22:24:59 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.


There is a big risk here, and the security considerations section 
captures it very succinctly: "The communication ... is security 
sensitive and requires authentication, integrity and replay 
protection."  Perhaps that should be repeated earlier in the doc.

Editorial: it's not clear to me why this is being defined only for 
DHCPv6.  A sentence explaining that would be helpful.

-- Sam