Re: [secdir] Secdir review of draft-ietf-mboned-64-multicast-address-format-01
<mohamed.boucadair@orange.com> Tue, 05 June 2012 06:29 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D425E21F86D6; Mon, 4 Jun 2012 23:29:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level:
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_FR=0.35, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6++5P5O5VyRn; Mon, 4 Jun 2012 23:29:33 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias91.francetelecom.com [193.251.215.91]) by ietfa.amsl.com (Postfix) with ESMTP id 204AF21F86D5; Mon, 4 Jun 2012 23:29:32 -0700 (PDT)
Received: from omfedm07.si.francetelecom.fr (unknown [xx.xx.xx.3]) by omfedm11.si.francetelecom.fr (ESMTP service) with ESMTP id A1B683B4156; Tue, 5 Jun 2012 08:29:31 +0200 (CEST)
Received: from PUEXCH61.nanterre.francetelecom.fr (unknown [10.101.44.32]) by omfedm07.si.francetelecom.fr (ESMTP service) with ESMTP id 841584C017; Tue, 5 Jun 2012 08:29:31 +0200 (CEST)
Received: from PUEXCB1B.nanterre.francetelecom.fr ([10.101.44.9]) by PUEXCH61.nanterre.francetelecom.fr ([10.101.44.32]) with mapi; Tue, 5 Jun 2012 08:29:31 +0200
From: mohamed.boucadair@orange.com
To: Matt Lepinski <mlepinski@bbn.com>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-mboned-64-multicast-address-format.all@tools.ietf.org" <draft-ietf-mboned-64-multicast-address-format.all@tools.ietf.org>
Date: Tue, 05 Jun 2012 08:29:30 +0200
Thread-Topic: Secdir review of draft-ietf-mboned-64-multicast-address-format-01
Thread-Index: Ac1CzkENTLr/Xj4dTACCUYehRpgE3QAE5RQw
Message-ID: <94C682931C08B048B7A8645303FDC9F36E32ED1577@PUEXCB1B.nanterre.francetelecom.fr>
References: <4FCD81E7.7050001@bbn.com>
In-Reply-To: <4FCD81E7.7050001@bbn.com>
Accept-Language: fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: fr-FR
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2012.6.5.55415
Subject: Re: [secdir] Secdir review of draft-ietf-mboned-64-multicast-address-format-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2012 06:29:34 -0000
Dear Matt, Thank you for the review. Please see inline. Cheers, Med >-----Message d'origine----- >De : Matt Lepinski [mailto:mlepinski@bbn.com] >Envoyé : mardi 5 juin 2012 05:50 >À : secdir@ietf.org; iesg@ietf.org; >draft-ietf-mboned-64-multicast-address-format.all@tools.ietf.org >Objet : Secdir review of >draft-ietf-mboned-64-multicast-address-format-01 > >I have reviewed this document as part of the security >directorate's ongoing effort to review all IETF documents >being processed by the IESG. These comments were written >primarily for the benefit of the security area directors. >Document editors and WG chairs should treat these comments >just like any other last call comments. > >This document specifies an embedding (for use by IPv4 to IPv6 >translation devices) as an IPv4 multicast address within an >IPv6 address. (This is a companion document to RFC 6052, which >specifies an embedding for IPv4 unicast addresses.) > >The Security Considerations section claims that the relevant >security considerations are identical to those in RFC 6052. >(That is, the security considerations for translating IPv4 >multicast addresses are the same as those for translating >unicast addresses.) I believe this is essentially true. > >However, the first security consideration discussed in RFC >6052 is source address spoofing. Although quite relevant for >unicast address translation, source address spoofing does not >seem (to me) to be an issue for multicast addresses >translation because multicast addresses are typically not used >as source addresses for IP datagrams. Med: address spoofing may also be harmful in multicast context (e.g., send illegitimate PIM register messages). In situations such as >this where the authors wish to incorporate security >considerations by reference, I think it is helpful to the >reader to add a couple sentences explaining which >considerations in the referenced document (i.e., RFC 6052) are >relevant to the current draft. Med: I personally think all items discussed in RFC6052 are still valid for this draft. Do you think there is a need to modify the text? > >Minor editorial note: >It would be helpful if you define the acronyms ASM and SSM in >the terminology section. (As someone who doesn't frequently >think about multicast, it wasn't immediately obvious to what >these two acronyms referred.) Med: I fixed it in -02. See the diff available at: http://tools.ietf.org/rfcdiff?url2=draft-ietf-mboned-64-multicast-address-format-02.txt
- [secdir] Secdir review of draft-ietf-mboned-64-mu… Matt Lepinski
- Re: [secdir] Secdir review of draft-ietf-mboned-6… mohamed.boucadair