[secdir] secdir review of draft-ietf-6man-addr-select-opt

"Dan Harkins" <dharkins@lounge.org> Tue, 21 May 2013 19:22 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 94E1611E80D9; Tue, 21 May 2013 12:22:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id dsFG1OW0vFmb; Tue, 21 May 2013 12:22:48 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net []) by ietfa.amsl.com (Postfix) with ESMTP id 60B3511E80D2; Tue, 21 May 2013 12:22:47 -0700 (PDT)
Received: from www.trepanning.net (localhost []) by colo.trepanning.net (Postfix) with ESMTP id 03AB9A888004; Tue, 21 May 2013 12:22:47 -0700 (PDT)
Received: from (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Tue, 21 May 2013 12:22:47 -0700 (PDT)
Message-ID: <3dc2e7cf8e11e1928d71c08895be5c68.squirrel@www.trepanning.net>
Date: Tue, 21 May 2013 12:22:47 -0700 (PDT)
From: "Dan Harkins" <dharkins@lounge.org>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-6man-addr-select-opt.all@tools.ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: [secdir] secdir review of draft-ietf-6man-addr-select-opt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2013 19:22:54 -0000


  I have reviewed draft-ietf-6man-addr-select-opt as part of the
security directorate's  ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the  security area directors.  Document editors and
WG chairs should treat these comments just like any other last call

  draft-ietf-6man-addr-select-opt defines address selection options
for DHCPv6 that allow a network administrator to effect some
control over address selection behavior of nodes on their sites.

  This sounds like a reasonably straightforward problem but as I
read the draft it seemed like it might be have interoperability issues.
I don't believe this draft is ready for advancement until these issues
are resolved.

  For instance, while I think I understand the policy override of RFC
6724, having the Automatic Row Additions Flag be part of the address
selection options seems problematic. If it is set to zero, then what are
the semantics of such a message? "Here's an address selection option
but don't you dare use it!"? What is the point? Me, as a node, can have
this as part of my policy state which would allow me to ignore such
an update but to have the bit be part of the option to update does
not seem to make much sense. The semantics of the message needs
to be explained much more clearly, or the bit needs to be removed
from the message.

  Section 3.3 says, "Even if the received policy from one source is
merged with one from another source, the effect of both policy are
more or less changed." I don't understand how both policies are
changed. And what does "more or less" mean? 3.3 also says,
"It also should be noted that absence of the distributed policy from a
certain network interface should not be treated as absence of policy
itself, because it may mean preference for the default address
selection policy." So I use the default address selection policy then,
is that it? This whole section (3.3) screams out for some normative
language since it sounds like it refers to behavioral changes on the

  There is an "Implementation Consideration" mentioning that the
label is passed as an unsigned integer. But it then goes on to say,
"DHCPv6 clients SHOULD convert this label to a representation
appropriate for the local implementation (e.g., string)." This has
interoperability implications because it is not solely a local matter.
The node may represent these things differently than the network
administrator and the preference will not be done properly. RFC 6724
does not really define what the label is from what I can tell. It's
used to just allow for policies to prefer a particular source address,
S, with a particular destination address, D, if "Label(S) = Label(D)".
But to pass a value over a network, and have it be used by the
recipient, means that a canonical representation of "label" has to
be defined.

  An appendix with examples would be most helpful!

  Spelling nit: section 3.1 "The choice a SHOULD be default, as far as
the policy table is not configured by the user." There's an extra
word in there somewhere, or maybe there's some words missing,
it's hard to understand what is being implied.