Re: [secdir] Secdir last call review of draft-ietf-6lo-use-cases-12

Robert Sparks <rjsparks@nostrum.com> Tue, 05 April 2022 21:09 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D97BC3A11B7; Tue, 5 Apr 2022 14:09:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qeRICcPBd6aB; Tue, 5 Apr 2022 14:09:42 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D8763A11BB; Tue, 5 Apr 2022 14:09:41 -0700 (PDT)
Received: from [192.168.1.114] ([47.186.48.51]) (authenticated bits=0) by nostrum.com (8.17.1/8.16.1) with ESMTPSA id 235L9dZt077330 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 5 Apr 2022 16:09:39 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1649192979; bh=GNeigeFFHIykbOOc9FIQ/I9x269P75yAm/Hw27BvRns=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=Er+6Ne+9sOFA2R7jsuP6L9OjWgUA398kN6gDOLr20a8gtalvyuTxJJSE640m3515U 5r25cMO5i1zXQ2PXZfr7z5wb9L84zhXnDm+ibOxmqSoW+Eb63SomXMs+h9u0lSvFWT ERiCtE5m3tn44hoBTPLV0sxBGa5kSC7JyuOjsqOM=
X-Authentication-Warning: raven.nostrum.com: Host [47.186.48.51] claimed to be [192.168.1.114]
Message-ID: <f79d9aba-618c-5d08-8a4e-744616097e6c@nostrum.com>
Date: Tue, 05 Apr 2022 16:09:33 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: secdir@ietf.org
Cc: last-call@ietf.org, draft-ietf-6lo-use-cases.all@ietf.org, 6lo@ietf.org
References: <164919269800.5647.13515861264060312018@ietfa.amsl.com>
From: Robert Sparks <rjsparks@nostrum.com>
In-Reply-To: <164919269800.5647.13515861264060312018@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/EIBu2dbL31p_J7rk-jNMOEt5Q6Y>
Subject: Re: [secdir] Secdir last call review of draft-ietf-6lo-use-cases-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2022 21:09:47 -0000

Apologies, there's an edit-buffer glitch below, corrected in what's 
uploaded at 
https://datatracker.ietf.org/doc/review-ietf-6lo-use-cases-12-secdir-lc-sparks-2022-04-05/.

On 4/5/22 4:04 PM, Robert Sparks via Datatracker wrote:
> Reviewer: Robert Sparks
> Review result: Has Issues
>
> I have reviewed this document as part of the security directorate's ongoing
> effort to review all IETF documents being processed by the IESG. These comments
> were written primarily for the benefit of the security area directors. Document
> editors and WG chairs should treat these comments just like any other last call
> comments.
>
> This document has issues to address before publication as an Informational RFC
>
> Issues:
>
> >From the abstract: "The document targets an audience who would like to
> understand and evaluate running end-to-end IPv6 over the constrained node
> networks for local or Internet connectivity."
>
> Its security considerations section claims "Security considerations are not
> directly applicable to this document". Yet the text of the draft has several
> places that rightly call out thing like "there exist implications for privacy",
> "privacy also becomes a serious issue", and "the assumption is that L2 security
> must be present." A summary of these things in the security considerations
> section seems prudent. At _least_ call out again the assumption about L2
> security.
>
> The "Security Requirement"A summary of these things in the security
> considerations section seems prudent. At _least_ call out again the assumption
> about L2 security.
>
> The "Security Requirement" row in Table 2 is not well explained. The values in
> that row are explained at all. (For instance, the word "Partially" appears
> exactly once in the document - it is unclear what it means).
>
> Nits/Comments:
>
> Appendix A is neither introduced nor referenced from the body of the document.
> Why is it here?
>
> I'm a little concerned about some of the technology descriptions possibly
> moving beyond simple facts into interpretation or even marketing. The last
> paragraph of section 2.5 is a particularly strong example. Look for phrases
> section 4 that include "targets" or "targeted by" and make sure that's what the
> organizations ins that define those technologies say (consider references).
>
> At 'superior "range"', why is range in quotes? Think about restructuring the
> sentences that use 'superior' to avoid the connotation of "better than". All
> this document really needs to acknowledge is "goes further".
>
>
>
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: https://trac.ietf.org/trac/sec/wiki/SecDirReview