Re: [secdir] review of draft-arkko-dual-stack-extra-lite-03

Jari Arkko <jari.arkko@piuha.net> Fri, 04 February 2011 12:22 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BEE643A6956 for <secdir@core3.amsl.com>; Fri, 4 Feb 2011 04:22:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.511
X-Spam-Level:
X-Spam-Status: No, score=-102.511 tagged_above=-999 required=5 tests=[AWL=0.088, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VTMxS1XS0ubb for <secdir@core3.amsl.com>; Fri, 4 Feb 2011 04:22:01 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2001:14b8:400::130]) by core3.amsl.com (Postfix) with ESMTP id 22D773A6916 for <secdir@ietf.org>; Fri, 4 Feb 2011 04:22:01 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 679972CC3C; Fri, 4 Feb 2011 14:25:25 +0200 (EET)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V7+zi-aLk7W2; Fri, 4 Feb 2011 14:25:25 +0200 (EET)
Received: from [IPv6:::1] (unknown [IPv6:2001:14b8:400::130]) by p130.piuha.net (Postfix) with ESMTP id 07A232CC2D; Fri, 4 Feb 2011 14:25:25 +0200 (EET)
Message-ID: <4D4BF034.9020901@piuha.net>
Date: Fri, 04 Feb 2011 14:25:24 +0200
From: Jari Arkko <jari.arkko@piuha.net>
User-Agent: Thunderbird 2.0.0.24 (X11/20101027)
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>
References: <p06240809c9674d216edd@[192.1.255.194]>
In-Reply-To: <p06240809c9674d216edd@[192.1.255.194]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Ralph Droms <rdroms.ietf@gmail.com>, lars.eggert@nokia.com, secdir@ietf.org
Subject: Re: [secdir] review of draft-arkko-dual-stack-extra-lite-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Feb 2011 12:22:03 -0000

Stephen,

Thank you for your review.

> The security considerations section is but one sentence: "This 
> practices outlined in this document do not affect the security 
> properties of address translation." I think this needs to be expanded 
> upon :. The authors should cite at least one RFC that deals with NAT 
> and has sustentative security considerations section. If they can't 
> find a suitable RFC (2993 is the obvious candidate, but it is outdated 
> in several of its references and comments) then they at least describe 
> why they believe that this proposal introduces no new security 
> implications.

I have updated the Internet Draft today, and added some material on this 
as well. Look at 
http://tools.ietf.org/html/draft-arkko-dual-stack-extra-lite for the diffs.

Jari