[secdir] secdir last call review of draft-ietf-dhc-slap-quadrant-07

Carl Wallace <carl@redhoundsoftware.com> Tue, 26 May 2020 20:22 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DEBB3A0400 for <secdir@ietfa.amsl.com>; Tue, 26 May 2020 13:22:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q3hc52_VEEpA for <secdir@ietfa.amsl.com>; Tue, 26 May 2020 13:22:26 -0700 (PDT)
Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E3D33A03FE for <secdir@ietf.org>; Tue, 26 May 2020 13:22:26 -0700 (PDT)
Received: by mail-qk1-x733.google.com with SMTP id n141so9666282qke.2 for <secdir@ietf.org>; Tue, 26 May 2020 13:22:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:message-id:thread-topic :mime-version:content-transfer-encoding; bh=LOhAhEY2jJD4oM8dzYI6G9Y4fgIbi9g5/UkvMEVQaiU=; b=fEvArAJ0BFrGamOpxA4dUNlC+ila/LM1ElmtyPSh1mccs/ddxCPVsgPOT/lkw+glt7 bZp2v1eFI8z7lCeqYXfvfHkA2DHyMXtGPoQ0sXdavkhhYxquuFLnk+wwVin9BDh3VQ2a T1/1hyF9JqJhbI/F84z18HmEcR4O9KV6pSADs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:mime-version:content-transfer-encoding; bh=LOhAhEY2jJD4oM8dzYI6G9Y4fgIbi9g5/UkvMEVQaiU=; b=O24SZH7KfR8btm6cd6oqjhVGxTk+bhfLzCaP2gbwKFT5eTwQQzzqvH/TQGSwRGNvaX Pph/sBqbHjVOj78+D1Tn2zQXS/9+jv3PKPKIlfLSeat/J9pqZfMiDG/xoHrbKTDbpi83 TuwZpPu1If0BOo+5yIQ+oaRwhYLlpsiWDEosxotlmo+BOVyiIsjyHT9GS8xU+MKrLXco UtlUaZ/4ZtyrOeE3KSG7RZMG96MdSvYibFFGyJv65qGS5dCNvtotFMLvZp+k67+eGeGb 8oodbZtCGjCglTGPXiVLk4FIRY/Je8hO+NT5LJjGFaB/OysjFSeSFkTl9NNlT6pHISNu 2eDQ==
X-Gm-Message-State: AOAM530ZlJTlcaRWmBWioYbsgBAqLgqLL+EbV2z+2FRetN0uGdASdCiB y2+kYu9jWwDxIpjoR0nro+orQ6N4yMQjdw==
X-Google-Smtp-Source: ABdhPJzp7Vi23LV0cMB1vpO9bNckLux2Ahra1/7V2R7OUpQmsm3XvxzlKmP3DpeFCvUFF9eLSGxxBg==
X-Received: by 2002:ae9:f811:: with SMTP id x17mr606182qkh.71.1590524544814; Tue, 26 May 2020 13:22:24 -0700 (PDT)
Received: from [192.168.2.143] (pool-108-18-106-102.washdc.fios.verizon.net. [108.18.106.102]) by smtp.gmail.com with ESMTPSA id a82sm584382qkb.29.2020.05.26.13.22.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2020 13:22:24 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/10.10.16.200509
Date: Tue, 26 May 2020 16:22:23 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: <secdir@ietf.org>, <draft-ietf-dhc-slap-quadrant.all@ietf.org>, <last-call@ietf.org>
Message-ID: <0269AE59-1EBB-4E40-BBD5-E65F0A07E45B@redhoundsoftware.com>
Thread-Topic: secdir last call review of draft-ietf-dhc-slap-quadrant-07
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/GPwSZRgA2MxE2M1K06xEAfKCEAk>
Subject: [secdir] secdir last call review of draft-ietf-dhc-slap-quadrant-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2020 20:22:28 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

This document proposes extensions to DHCPv6 protocols to enable a DHCPv6 client or a DHCPv6 relay to indicate a preferred SLAP quadrant to the server, so that the server allocates the MAC address to the given client out of the quadrant requested by relay or client.

The document is generally clear but I do have a few comments listed below. That the security considerations were incorporated by reference seems fine.

- The document should expand acronyms on first use, for example U/L in first sentence of section 1, instead of leaving these to referenced documents. 

- Figures 3 and 4 reference a timer expiring but the prose does not. Including verbiage similar to second paragraph in section 4.3 of draft-ietf-dhc-mac-assign-05 may be worth doing. 

- Section 3 may benefit from providing rationale for the preferences given, i.e., why might ELI/SAI be good, etc. Framing the criteria in terms of the quadrants instead of type of device may be helpful in addition as well, if a best practices type guidance is reasonable. 

- Also in Section 3, I am not familiar with the IEEE specs that govern the addresses associated with the SAI quadrant, but Section 3 created an impression that a client has a freehand to choose between SAI and other options that wouldn't seem appropriate for a quadrant governed by other standards.