Re: [secdir] Secdir review of draft-ietf-mboned-64-multicast-address-format-01

<> Tue, 05 June 2012 06:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D425E21F86D6; Mon, 4 Jun 2012 23:29:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_FR=0.35, UNPARSEABLE_RELAY=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6++5P5O5VyRn; Mon, 4 Jun 2012 23:29:33 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 204AF21F86D5; Mon, 4 Jun 2012 23:29:32 -0700 (PDT)
Received: from (unknown [xx.xx.xx.3]) by (ESMTP service) with ESMTP id A1B683B4156; Tue, 5 Jun 2012 08:29:31 +0200 (CEST)
Received: from (unknown []) by (ESMTP service) with ESMTP id 841584C017; Tue, 5 Jun 2012 08:29:31 +0200 (CEST)
Received: from ([]) by ([]) with mapi; Tue, 5 Jun 2012 08:29:31 +0200
From: <>
To: Matt Lepinski <>, "" <>, "" <>, "" <>
Date: Tue, 5 Jun 2012 08:29:30 +0200
Thread-Topic: Secdir review of draft-ietf-mboned-64-multicast-address-format-01
Thread-Index: Ac1CzkENTLr/Xj4dTACCUYehRpgE3QAE5RQw
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: fr-FR
Content-Language: fr-FR
acceptlanguage: fr-FR
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version:, Antispam-Engine:, Antispam-Data: 2012.6.5.55415
Subject: Re: [secdir] Secdir review of draft-ietf-mboned-64-multicast-address-format-01
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 05 Jun 2012 06:29:34 -0000

Dear Matt,

Thank you for the review. 

Please see inline.


>-----Message d'origine-----
>De : Matt Lepinski [] 
>Envoyé : mardi 5 juin 2012 05:50
>À :;; 
>Objet : Secdir review of 
>I have reviewed this document as part of the security 
>directorate's ongoing effort to review all IETF documents 
>being processed by the IESG. These comments were written 
>primarily for the benefit of the security area directors. 
>Document editors and WG chairs should treat these comments 
>just like any other last call comments.
>This document specifies an embedding (for use by IPv4 to IPv6 
>translation devices) as an IPv4 multicast address within an 
>IPv6 address. (This is a companion document to RFC 6052, which 
>specifies an embedding for IPv4 unicast addresses.)
>The Security Considerations section claims that the relevant 
>security considerations are identical to those in RFC 6052. 
>(That is, the security considerations for translating IPv4 
>multicast addresses are the same as those for translating 
>unicast addresses.) I believe this is essentially true.
>However, the first security consideration discussed in RFC 
>6052 is source address spoofing. Although quite relevant for 
>unicast address translation, source address spoofing does not 
>seem (to me) to be an issue for multicast addresses 
>translation because multicast addresses are typically not used 
>as source addresses for IP datagrams. 

Med: address spoofing may also be harmful in multicast context (e.g., send illegitimate PIM register messages).

In situations such as 
>this where the authors wish to incorporate security 
>considerations by reference, I think it is helpful to the 
>reader to add a couple sentences explaining which 
>considerations in the referenced document (i.e., RFC 6052) are 
>relevant to the current draft.

Med: I personally think all items discussed in RFC6052 are still valid for this draft. Do you think there is a need to modify the text? 

>Minor editorial note:
>It would be helpful if you define the acronyms ASM and SSM in 
>the terminology section. (As someone who doesn't frequently 
>think about multicast, it wasn't immediately obvious to what 
>these two acronyms referred.)

Med: I fixed it in -02. See the diff available at: