[secdir] secdir review of draft-ietf-dhc-dhcpv6-reconfigure-rebind-09

Tobias Gondrom <tobias.gondrom@gondrom.org> Tue, 03 April 2012 17:50 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 7CC0811E8085 for <secdir@ietfa.amsl.com>; Tue, 3 Apr 2012 10:50:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.158
X-Spam-Status: No, score=-96.158 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, HTML_MESSAGE=0.001, RCVD_IN_SORBS_WEB=0.619, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id JJPgKorE3q9m for <secdir@ietfa.amsl.com>; Tue, 3 Apr 2012 10:50:20 -0700 (PDT)
Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org []) by ietfa.amsl.com (Postfix) with ESMTP id F010011E8075 for <secdir@ietf.org>; Tue, 3 Apr 2012 10:50:19 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=aCoRBHJo/VPAVfbFasZnH9YGWqDfyzuZRRLFLsSfHkGClhDJi5BMacuPP3UtmYxYJ6APqjqQrkudO654XtdSBr2JIfns9bEiKayovJsP/1WmRgAAVCvJAFIchCUFxIkW; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:Content-Type;
Received: (qmail 24176 invoked from network); 3 Apr 2012 19:50:17 +0200
Received: from 94-175-239-226.static.virginmedia.net (HELO ? ( by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 3 Apr 2012 19:50:17 +0200
Message-ID: <4F7B3859.4020902@gondrom.org>
Date: Tue, 03 Apr 2012 18:50:17 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120310 Thunderbird/11.0
MIME-Version: 1.0
To: iesg@ietf.org, secdir@ietf.org
Content-Type: multipart/alternative; boundary="------------090904000802070508090902"
Cc: draft-ietf-dhc-dhcpv6-reconfigure-rebind.all@tools.ietf.org
Subject: [secdir] secdir review of draft-ietf-dhc-dhcpv6-reconfigure-rebind-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Apr 2012 17:50:21 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The I-D updates RFC 3315 to allow the Rebind message type to appear in 
the Reconfigure Message option of a Reconfigure message; and clarifies 
how a DHCPv6 client responds to a received Reconfigure message.

The existing Security Considerations section is a bit soft/vague.
It speaks correctly of the possible risk of an attacker induced 
disconnect and relink. And it states these attacks may be prevented by 
using the AUTH option or Secure DHCPv6.
However it is vague in the overall system risks / preconditions under 
which the risks arise and should also be more clear about when these 
mitigation strategies should/SHOULD be used (instead of "may").

Best regards, Tobias