[secdir] Secdir review of draft-ietf-netext-pmipv6-sipto-option-07
Vincent Roca <vincent.roca@inria.fr> Wed, 28 November 2012 14:34 UTC
Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6921421F880F; Wed, 28 Nov 2012 06:34:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.249
X-Spam-Level:
X-Spam-Status: No, score=-110.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1oxsQjAs2dZA; Wed, 28 Nov 2012 06:34:32 -0800 (PST)
Received: from mail4-relais-sop.national.inria.fr (mail4-relais-sop.national.inria.fr [192.134.164.105]) by ietfa.amsl.com (Postfix) with ESMTP id 6CBC621F8802; Wed, 28 Nov 2012 06:34:30 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.84,179,1355094000"; d="scan'208";a="164091057"
Received: from geve.inrialpes.fr ([194.199.24.116]) by mail4-relais-sop.national.inria.fr with ESMTP/TLS/AES128-SHA; 28 Nov 2012 15:34:29 +0100
From: Vincent Roca <vincent.roca@inria.fr>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Date: Wed, 28 Nov 2012 15:34:29 +0100
Message-Id: <6AF80A4F-EA0A-4E09-B304-043066124E4E@inria.fr>
To: IESG IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-netext-pmipv6-sipto-option.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1085)
X-Mailer: Apple Mail (2.1085)
Subject: [secdir] Secdir review of draft-ietf-netext-pmipv6-sipto-option-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2012 14:34:35 -0000
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. -- This is a small document that describes PMIPv6 options to handle traffic offloading. Taken alone, the "security considerations" section would not be sufficient. However the RFC5213 (PMIPv6) provides the required security guidelines. In particular it clarifies that the use of IPsec is recommended between the MAG and LMA for signaling messages. The present document therefore inherits from these recommendations. I therefore agree with the authors. A remark. It is said: "This option is carried like any other mobility header option as specified in [RFC5213] and does not require any special security considerations." It's misleading IMHO. This option does require security considerations since an attacker, by sending fake signaling messages, may prevent a mobile network from offloading traffic which may lead to a DoS. You'd better say something like: "This option is carried like any other mobility header option as specified in [RFC5213]. Therefore it inherits from [RFC5213] its security guidelines and does not require any additional security considerations." Typos: Section 1: s/its only about IPv4/it is only about IPv4/ Cheers, Vincent
- [secdir] Secdir review of draft-ietf-netext-pmipv… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-netext-p… Sri Gundavelli (sgundave)