Re: [secdir] Secdir review of draft-ietf-mboned-64-multicast-address-format-01

<mohamed.boucadair@orange.com> Tue, 05 June 2012 06:29 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D425E21F86D6; Mon, 4 Jun 2012 23:29:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level:
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_FR=0.35, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6++5P5O5VyRn; Mon, 4 Jun 2012 23:29:33 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias91.francetelecom.com [193.251.215.91]) by ietfa.amsl.com (Postfix) with ESMTP id 204AF21F86D5; Mon, 4 Jun 2012 23:29:32 -0700 (PDT)
Received: from omfedm07.si.francetelecom.fr (unknown [xx.xx.xx.3]) by omfedm11.si.francetelecom.fr (ESMTP service) with ESMTP id A1B683B4156; Tue, 5 Jun 2012 08:29:31 +0200 (CEST)
Received: from PUEXCH61.nanterre.francetelecom.fr (unknown [10.101.44.32]) by omfedm07.si.francetelecom.fr (ESMTP service) with ESMTP id 841584C017; Tue, 5 Jun 2012 08:29:31 +0200 (CEST)
Received: from PUEXCB1B.nanterre.francetelecom.fr ([10.101.44.9]) by PUEXCH61.nanterre.francetelecom.fr ([10.101.44.32]) with mapi; Tue, 5 Jun 2012 08:29:31 +0200
From: <mohamed.boucadair@orange.com>
To: Matt Lepinski <mlepinski@bbn.com>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-mboned-64-multicast-address-format.all@tools.ietf.org" <draft-ietf-mboned-64-multicast-address-format.all@tools.ietf.org>
Date: Tue, 5 Jun 2012 08:29:30 +0200
Thread-Topic: Secdir review of draft-ietf-mboned-64-multicast-address-format-01
Thread-Index: Ac1CzkENTLr/Xj4dTACCUYehRpgE3QAE5RQw
Message-ID: <94C682931C08B048B7A8645303FDC9F36E32ED1577@PUEXCB1B.nanterre.francetelecom.fr>
References: <4FCD81E7.7050001@bbn.com>
In-Reply-To: <4FCD81E7.7050001@bbn.com>
Accept-Language: fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: fr-FR
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2012.6.5.55415
Subject: Re: [secdir] Secdir review of draft-ietf-mboned-64-multicast-address-format-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2012 06:29:34 -0000

Dear Matt,

Thank you for the review. 

Please see inline.

Cheers,
Med 

>-----Message d'origine-----
>De : Matt Lepinski [mailto:mlepinski@bbn.com] 
>Envoyé : mardi 5 juin 2012 05:50
>À : secdir@ietf.org; iesg@ietf.org; 
>draft-ietf-mboned-64-multicast-address-format.all@tools.ietf.org
>Objet : Secdir review of 
>draft-ietf-mboned-64-multicast-address-format-01
>
>I have reviewed this document as part of the security 
>directorate's ongoing effort to review all IETF documents 
>being processed by the IESG. These comments were written 
>primarily for the benefit of the security area directors. 
>Document editors and WG chairs should treat these comments 
>just like any other last call comments.
>
>This document specifies an embedding (for use by IPv4 to IPv6 
>translation devices) as an IPv4 multicast address within an 
>IPv6 address. (This is a companion document to RFC 6052, which 
>specifies an embedding for IPv4 unicast addresses.)
>
>The Security Considerations section claims that the relevant 
>security considerations are identical to those in RFC 6052. 
>(That is, the security considerations for translating IPv4 
>multicast addresses are the same as those for translating 
>unicast addresses.) I believe this is essentially true.
>
>However, the first security consideration discussed in RFC 
>6052 is source address spoofing. Although quite relevant for 
>unicast address translation, source address spoofing does not 
>seem (to me) to be an issue for multicast addresses 
>translation because multicast addresses are typically not used 
>as source addresses for IP datagrams. 

Med: address spoofing may also be harmful in multicast context (e.g., send illegitimate PIM register messages).

In situations such as 
>this where the authors wish to incorporate security 
>considerations by reference, I think it is helpful to the 
>reader to add a couple sentences explaining which 
>considerations in the referenced document (i.e., RFC 6052) are 
>relevant to the current draft.

Med: I personally think all items discussed in RFC6052 are still valid for this draft. Do you think there is a need to modify the text? 

>
>Minor editorial note:
>It would be helpful if you define the acronyms ASM and SSM in 
>the terminology section. (As someone who doesn't frequently 
>think about multicast, it wasn't immediately obvious to what 
>these two acronyms referred.)

Med: I fixed it in -02. See the diff available at: http://tools.ietf.org/rfcdiff?url2=draft-ietf-mboned-64-multicast-address-format-02.txt