[secdir] SECDIR review of draft-ietf-mif-happy-eyeballs-extension-10

Donald Eastlake <d3e3e3@gmail.com> Sun, 28 August 2016 05:33 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E7A412D5BF; Sat, 27 Aug 2016 22:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zT4IFfBB2SAn; Sat, 27 Aug 2016 22:33:42 -0700 (PDT)
Received: from mail-ua0-x22a.google.com (mail-ua0-x22a.google.com [IPv6:2607:f8b0:400c:c08::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19AD412B053; Sat, 27 Aug 2016 22:33:41 -0700 (PDT)
Received: by mail-ua0-x22a.google.com with SMTP id k90so199380775uak.1; Sat, 27 Aug 2016 22:33:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=LQTvEKPjjsp2LtYF5mDkM0JwQqTI/lJuirkBwNuBvCw=; b=zGvrhr6YIwzapt5Nn+jSWun8N1khEg+KIUiZrfqSmuY47yH57tm4VH9/4Sq4a570UK Ly6jhX9UG4B30reSL19xmavwBT7HgTQ7zXIAlOZDDt2QgUqIGlT/JSt4MNgRBnfozInR 7t44TAz3rybVOGcBf2XrMSNa+chq4jQgwoBhY0tgdA9RK/C6xUNB50pfBt2FVO7dV8Dp vLNNt+S3oEqdWNSCfDyVRkp4GQRkkCUuP0cFs0wfL9RTTIduHZOS4SPTnm4U7RLTpeM9 ds90ImXVdFvD1KtHPfsKk4eUMakLHDFSqLsahW5etvvi3wlZwCNuNu6CWGmuYqYV2qZ7 crBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=LQTvEKPjjsp2LtYF5mDkM0JwQqTI/lJuirkBwNuBvCw=; b=gf5XY9ioKkBgHwVL+ihg3AhIGHPPQdG3xV3XyE+VEW43IuhxoxbGFS5SOqLotOfz18 sZ8E+8eJ2jWv+fm1lxk3OkwfpemTZ5f3S/8WJM13DhDbUVRv8G2dAC+YI01a0RB3ue1+ b7N7PH/g5T8YScIwEt+nbcZ2Jfmo4KBZRIPyz4m468vOr9/4a+bI28UrcZfudyndWxhj zymx/uzRaNoijvE5lg8TFXr3mJeBUOzJPdqaFrgD54fMVDIg0ctoCHZMsoTq2fEj5m86 kDMAMQa/b9irMjYbc2pWKeZQzMeZXrXzHtsR6zWTq4LPHsVD6DgFrensgAXqjyYi/E+H zOnw==
X-Gm-Message-State: AE9vXwPMD80MTnvdD5jzkZuURDfXky0slF61wyb0jERhzByUUwms3Z7i2Kwg9/BsMcSzimsL4pBHjhZgE3+QsA==
X-Received: by 10.159.39.136 with SMTP id b8mr2032309uab.109.1472362420604; Sat, 27 Aug 2016 22:33:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.85.21 with HTTP; Sat, 27 Aug 2016 22:33:25 -0700 (PDT)
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sun, 28 Aug 2016 01:33:25 -0400
Message-ID: <CAF4+nEG3zF6kC40tBcpQ04mA5F2UWBK8COGNwvLD+KQipts5hA@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-mif-happy-eyeballs-extension.all@ietf.org
Content-Type: multipart/alternative; boundary=94eb2c1242c80f9586053b1b175a
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Ef5_4_3Jp8DMkNR5kX3CXoo2tLo>
Subject: [secdir] SECDIR review of draft-ietf-mif-happy-eyeballs-extension-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Aug 2016 05:33:44 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  Document
editors and WG chairs should treat these comments just like any other last
call comments.

The goal of this Informational draft is to suggest extensions of Happy
Eyeballs (RFC 6555), originally targeted at IP protocol decisions in the a
dual stack environment, to the more general case of multiple provisioning
domains. The result is referred to as HE-MIF (Happy Eyeballs - Multiple
Interfaces).

>From a security point of view, I believe this document needs a bit more in
the Security Considerations section to be ready for publication. From a
general text point of view, it would benefit from an English language
review (see Editorials below).

*Security:*
The current Security Considerations section is the following sentence "The
security consideration is following the statement in [RFC6555
<https://tools.ietf.org/html/rfc6555>] and [RFC6418
<https://tools.ietf.org/html/rfc6418>]." Having read the Security
Considerations in those RFCs, I would say they are close to covering what
should be mentioned in this document but there are two additional points
that I think should be covered: (1) The dependence of the Happy Eyeballs
interface and IP version choice on the results of generally unsecured
connection attempts means that the interface and IP protocol used could be
steered by an adversaries interference with such attempts. (2) To the
extent that DNS query results affect HE-MIF decisions, DNSSEC should be
used when available.

I would also re-write the existing Securities Considerations sentence to be
something more like: "For security considerations related to Happy
Eyeballs, see [RFC6555]. For Security Considerations related to multiple
provisioning domains, see [RFC6418]."

*Editorial:*
Section 1, 2nd sentence: "a issue" -> "an issue"

Section 1, 2nd paragraph: Shouldn't some of these sentences that are
questions end in a question mark?

Section 1, 3rd paragraph: "defined in [RFC6555
<https://tools.ietf.org/html/rfc6555>] necessary" -> "defined in [RFC6555
<https://tools.ietf.org/html/rfc6555>] that are necessary"

Section 3: "scenarios the HE-MIF targeted to use" -> "scenarios targeted by
HE-MIF"

Section 4, 1st sentence: "This section provides input parameter proposal
that HE-MIF should catch." -> "This section describes the recommended input
parameters to the HE-MIF decision process."

Section 5, last sentence of the 2nd paragraph: "to proceed the sort
process." probably -> "on which to sort"

Section 5.1: "mergence" -> "the merger"
     "worth to note" -> "worthwhile to note" or "notable"

Section 5.2.3, 1st paragraph: "receive certain next hop in a RA message"
First of all, should be "an RA". But next hop what? You could replace "next
hop" with "next hop information" but that is a bit vague. If this means
"receive the next hop address in an RA message", say that.

Section 5.2.3, 2nd paragraph, 1st sentence: "When destination and source
pairs are identified, it should be treated with higher priority compared to
others and choose to initiate the connection in advance." does not really
make sense. Probably should say something like "When destination and source
pairs are identified, a connection should be initiated only to the highest
priority pair or pairs."

Section 5.2.3, last paragraph: "would initiate" -> "would be initiated"
     "most fast" -> "fastest" or possible "most expeditious"

Section 7.2, 1st paragraph: "in replied ICMP" -> "in an ICMP reply"

Section 7.2, 2nd paragraph: "More optimal timer may be expected." -> "A
more optimal timer for the circumstances is desirable."
     "The memo didn't" -> "This memo doesn't"

Section 7.2, 1st bullet item: "compensate the issues" -> "compensate for
this issue"
     "it leaves a" -> "this is left to a"

Section 7.2, 2nd bullet item: "in the principle of" -> "based on"

Section 7.3, 2nd bullet item: "cause messy" -> "cause confusion"


Other editorial:

Replace "WiFi" by "Wi-Fi" throughout.

"out of the document scope" -> "out of this document's scope" or "beyond
the scope of this document"
"beyond this document scope" -> "beyond the scope of this document" or
"beyond this document's scope"

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com