[secdir] secdir review of draft-ietf-anima-prefix-management-06
Catherine Meadows <catherine.meadows@nrl.navy.mil> Fri, 01 December 2017 15:45 UTC
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52F821293EC; Fri, 1 Dec 2017 07:45:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sh3YRTdtlEB1; Fri, 1 Dec 2017 07:45:24 -0800 (PST)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09704124B09; Fri, 1 Dec 2017 07:45:19 -0800 (PST)
Received: from ashurbanipal.fw5540.net (fw5540.nrl.navy.mil [132.250.196.100]) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id vB1FjI6V005615 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Fri, 1 Dec 2017 10:45:18 -0500
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C93D7A34-9259-45D5-9764-D790B79C9879"
Date: Fri, 01 Dec 2017 10:45:18 -0500
Message-Id: <0479ED1E-2A28-4E89-BA8C-58F7FDA35E3A@nrl.navy.mil>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-anima-prefix-management.all@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/EepvQatZpz3RKlaSK-h4kQK8XJI>
Subject: [secdir] secdir review of draft-ietf-anima-prefix-management-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Dec 2017 15:45:26 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments This informational draft describes two autonomic technical objectives for IPV6 prefix management in large-scale networks, with an extension to support IPV4 prefixes. The focus is mainly on edge nodes, since it is assumed that the network’s main infrastructure elements already have addresses and prefixes. The main purpose of the document is to be used for the validation of the (GeneRic Autonomic Signaling Protocol) GRASP in draft-ietf-anima-grasp-15 and other components of the autonomic networking infrastructure described in draft-ietf-anima-reference-model-04. The technical objectives have to do with efficient and correct distribution of prefixes with minimum amount of human involvement. GRASP itself is a generic protocol that enables autonomic nodes to dynamically discover peers, to synchronize state with each other,and to negotiate parameter settings with each other. The application described in draft-ietf-anima-prefix-management-06 clearly falls within the intended application of GRASP. The Security Considerations Section secdir review of draft-ietf-anima-prefix-management-06 reads as follows: Relevant security issues are discussed in [I-D.ietf-anima-grasp].The preferred security model is that devices are trusted following the secure bootstrap procedure [I-D.ietf-anima-bootstrapping-keyinfra] and that a secure AutonomicControl Plane (ACP) [I-D.ietf-anima-autonomic-control-plane] is in place. I’ve taken a look at draft-ietf-anima-grasp-15 and it provides an extensive security considerations section that covers the security issues involved in using it. I do not see that draft-ietf-anima-prefix-management-06 introduces any new issues. Draft-ietf-anima-prefix-management-06 is somewhat unusual in that the documents that it references in the Security Considerations Section are themselves drafts, not RFCs. So it is possible (although I do not think very likely) that changes in the referenced drafts could have an effect on the security considerations of draft-ietf-anima-prefix-management-06. Leaving that concern aside, I consider this document Ready. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil <mailto:catherine.meadows@nrl.navy.mil>
- [secdir] secdir review of draft-ietf-anima-prefix… Catherine Meadows