[secdir] sec-dir review of draft-ietf-dime-realm-based-redirect-11

Derek Atkins <derek@ihtfp.com> Mon, 26 August 2013 19:39 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id E9C4021F9D28; Mon, 26 Aug 2013 12:39:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id jT76NW+rpy73; Mon, 26 Aug 2013 12:39:22 -0700 (PDT)
Received: from mail2.ihtfp.org (mail2.ihtfp.org [IPv6:2001:4830:143:1::3a11]) by ietfa.amsl.com (Postfix) with ESMTP id 8B68321F9048; Mon, 26 Aug 2013 12:39:19 -0700 (PDT)
Received: from localhost (localhost []) by mail2.ihtfp.org (Postfix) with ESMTP id BB2FE260268; Mon, 26 Aug 2013 15:39:16 -0400 (EDT)
Received: from mail2.ihtfp.org ([]) by localhost (mail2.ihtfp.org []) (amavisd-maia, port 10024) with ESMTP id 30995-08; Mon, 26 Aug 2013 15:39:15 -0400 (EDT)
Received: from mocana.ihtfp.org (unknown [IPv6:fe80::224:d7ff:fee7:8924]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (not verified)) by mail2.ihtfp.org (Postfix) with ESMTPS id 7D3EC2600BB; Mon, 26 Aug 2013 15:39:15 -0400 (EDT)
Received: (from warlord@localhost) by mocana.ihtfp.org (8.14.7/8.14.5/Submit) id r7QJd8lN017365; Mon, 26 Aug 2013 15:39:08 -0400
From: Derek Atkins <derek@ihtfp.com>
To: iesg@ietf.org, secdir@ietf.org
Date: Mon, 26 Aug 2013 15:39:08 -0400
Message-ID: <sjmli3onswz.fsf@mocana.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Cc: Ruibing_Hao@cable.comcast.com, tom.taylor.stds@gmail.com, dime-chairs@tools.ietf.org
Subject: [secdir] sec-dir review of draft-ietf-dime-realm-based-redirect-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Aug 2013 19:39:23 -0000


I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

   Message redirection is a basic capability provided by the Diameter
   base protocol.  In its conventional form, message redirection is
   performed by an application-independent "redirect agent", which
   returns one or more individual hosts to the message sender as
   possible destinations of the redirected message.

   However, in some circumstances an operator may wish to redirect
   messages to an alternate domain without specifying individual hosts.
   This document specifies an application-specific mechanism by which
   that can be achieved.  New applications may incorporate this
   capability by reference to the present document.

The Security Considerations section offloads to RFC6733.  Other than a
bunch of English editorial issues (which I'm sure the RFC Editor will
handle) I see no significant issues with this document.


       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant