[secdir] Secdir review of draft-ietf-l2tpext-keyed-ipv6-tunnel-07

"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Tue, 01 November 2016 16:16 UTC

Return-Path: <david.waltermire@nist.gov>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4659A1294B1; Tue, 1 Nov 2016 09:16:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id taich8SNmDwB; Tue, 1 Nov 2016 09:16:14 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0114.outbound.protection.outlook.com [23.103.200.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6781512945F; Tue, 1 Nov 2016 09:16:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NXA0W8njJ6Qv9xv18KSwRYIeeaQvSOkg1fz2H6P6Qbo=; b=GH1LUAJj6m1p/XfE7veFNk0kMPoreRU4+97byojgS7cZXPzn+Z3uRY7NmX1XvtcyZf+Sop/Un0aFVeZ9w4x94z5627LdaQJJOdjOpVEcSa5gNgHQWIMgScrHKlXlYh4+ZIYwrBuq4hPNRzkqS5Pz3/VS/2jWUDZbfC2Tvtno+j8=
Received: from MWHPR09MB1440.namprd09.prod.outlook.com (10.173.50.14) by MWHPR09MB1438.namprd09.prod.outlook.com (10.173.50.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.679.12; Tue, 1 Nov 2016 16:16:13 +0000
Received: from MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) by MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) with mapi id 15.01.0679.020; Tue, 1 Nov 2016 16:16:13 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: "'iesg@ietf.org'" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-l2tpext-keyed-ipv6-tunnel.all@ietf.org" <draft-ietf-l2tpext-keyed-ipv6-tunnel.all@ietf.org>
Thread-Topic: Secdir review of draft-ietf-l2tpext-keyed-ipv6-tunnel-07
Thread-Index: AdIzhqYgrbRnXbHOTYSnuKHT3a2shw==
Date: Tue, 01 Nov 2016 16:16:12 +0000
Message-ID: <MWHPR09MB1440BD2B80B0232933623921F0A10@MWHPR09MB1440.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov;
x-originating-ip: [129.6.224.58]
x-ms-office365-filtering-correlation-id: 9e892844-b353-4ff8-d7bd-08d40272664f
x-microsoft-exchange-diagnostics: 1; MWHPR09MB1438; 7:pUh9vz0GHaT9c+Ai7QutLQDlHhj80Ckkjyl33u4bX4N445G1NH1hGhP+Sxrvwt7b1t7lHlUMHHd1GfiwvYsoVfmkwfCjS+wtvfHy7sDGs4eYXWqNcb46dYyTyezS4g5WmpdKNVcXoxr9Y9vtN/Ty1sH/7cvQ/uwpO4mQl9NYiieKcCwSUGPkITgUGcuEky+Li3r8/HKo9xCEmpFBOfUIoIUdUhr4Imb7PkGlTGBzHfVAydNcFv5FzNZ7unCyOAFL7o+j1QgasPVLMWYJQzt+Pba9t6zwCMEriLrcUCQS+ByPCMZs/JZXb9W0QpYi5J9xrgpC6C14J0sRheORfmYz1xtFYPXRQxctGBEa4zYXS0s=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:MWHPR09MB1438;
x-microsoft-antispam-prvs: <MWHPR09MB1438341B2A3FD6D367D5F66DF0A10@MWHPR09MB1438.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026); SRVR:MWHPR09MB1438; BCL:0; PCL:0; RULEID:; SRVR:MWHPR09MB1438;
x-forefront-prvs: 01136D2D90
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(199003)(189002)(7846002)(74316002)(7736002)(66066001)(305945005)(5660300001)(50986999)(11100500001)(450100001)(3846002)(8936002)(2900100001)(81156014)(8676002)(77096005)(81166006)(189998001)(54356999)(7696004)(586003)(101416001)(122556002)(6116002)(102836003)(87936001)(229853001)(3280700002)(106356001)(99286002)(105586002)(107886002)(2906002)(33656002)(10400500002)(97736004)(68736007)(86362001)(76576001)(92566002)(5002640100001)(3660700001)(9686002)(2501003)(5001770100001)(2201001)(230783001)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR09MB1438; H:MWHPR09MB1440.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2016 16:16:12.9356 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR09MB1438
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Hq8Q2PMwaGRrllEHYbGoakXuw4o>
Subject: [secdir] Secdir review of draft-ietf-l2tpext-keyed-ipv6-tunnel-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 16:16:16 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

Summary: Ready

This standards track draft describes a mechanism for establishing an Ethernet tunnel over IPv6 using L2TPv3 encapsulation. IPv6 is ideal since unique IP addresses can be used to when establishing a L2TPv3 session. This can allow for an optimization, over current multiplexing approaches, where consulting the L2TPv3 session ID is not needed if each tunnel is assigned a unique IPv6 address. 

I found that the draft clearly articulates the problem that is solved. The security considerations seem to be appropriate for the draft. This draft appears to be ready for publication.

Regards,
Dave Waltermire