[secdir] secdir review of draft-ietf-anima-prefix-management-06

Catherine Meadows <catherine.meadows@nrl.navy.mil> Fri, 01 December 2017 15:45 UTC

Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52F821293EC; Fri, 1 Dec 2017 07:45:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sh3YRTdtlEB1; Fri, 1 Dec 2017 07:45:24 -0800 (PST)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09704124B09; Fri, 1 Dec 2017 07:45:19 -0800 (PST)
Received: from ashurbanipal.fw5540.net (fw5540.nrl.navy.mil [132.250.196.100]) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id vB1FjI6V005615 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Fri, 1 Dec 2017 10:45:18 -0500
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C93D7A34-9259-45D5-9764-D790B79C9879"
Date: Fri, 1 Dec 2017 10:45:18 -0500
Message-Id: <0479ED1E-2A28-4E89-BA8C-58F7FDA35E3A@nrl.navy.mil>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-anima-prefix-management.all@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/EepvQatZpz3RKlaSK-h4kQK8XJI>
Subject: [secdir] secdir review of draft-ietf-anima-prefix-management-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Dec 2017 15:45:26 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments

This informational  draft describes two autonomic technical objectives for  IPV6  prefix management  in large-scale networks,
with an extension to support IPV4 prefixes.  The focus is mainly on edge nodes, since it is assumed that the network’s main infrastructure
elements already have addresses and prefixes.  The main purpose of the document is to be used for the validation of the 
(GeneRic Autonomic Signaling Protocol) GRASP in  draft-ietf-anima-grasp-15 and other components of the autonomic networking infrastructure
described in  draft-ietf-anima-reference-model-04.  
The technical objectives have to do with efficient and correct distribution of prefixes with minimum amount of human involvement. 
GRASP itself is  a generic protocol that enables autonomic
nodes to dynamically discover peers, to synchronize state with each other,and to negotiate parameter settings with each other.  The application described
in draft-ietf-anima-prefix-management-06 clearly falls within the intended application of GRASP.



The Security Considerations Section secdir review of draft-ietf-anima-prefix-management-06 reads as follows:

 Relevant security issues are discussed in [I-D.ietf-anima-grasp].The preferred security model is that devices are trusted following the secure bootstrap procedure
[I-D.ietf-anima-bootstrapping-keyinfra] and that a secure AutonomicControl Plane (ACP) [I-D.ietf-anima-autonomic-control-plane] is in place.  

I’ve taken a look at draft-ietf-anima-grasp-15 and it provides an extensive security considerations section that covers the security issues
involved in using it.  I do not see that draft-ietf-anima-prefix-management-06 introduces any new issues. 

Draft-ietf-anima-prefix-management-06 is somewhat unusual in that the documents that it references in the Security Considerations Section are themselves drafts, not RFCs.
So it is possible (although I do not think very likely) that changes in the referenced drafts could have an effect on the security considerations of
draft-ietf-anima-prefix-management-06.  Leaving that concern aside, I consider this document Ready.







Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil <mailto:catherine.meadows@nrl.navy.mil>