[secdir] SECDIR review of draft-ietf-netext-pmip6-qos-11
Donald Eastlake <d3e3e3@gmail.com> Wed, 26 March 2014 04:15 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B13221A00A9; Tue, 25 Mar 2014 21:15:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id izqils48BIt8; Tue, 25 Mar 2014 21:15:47 -0700 (PDT)
Received: from mail-oa0-x22e.google.com (mail-oa0-x22e.google.com [IPv6:2607:f8b0:4003:c02::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 9195E1A0083; Tue, 25 Mar 2014 21:15:47 -0700 (PDT)
Received: by mail-oa0-f46.google.com with SMTP id i7so1841844oag.33 for <multiple recipients>; Tue, 25 Mar 2014 21:15:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc:content-type; bh=WKE4EzcF9FpcOqGO089ejH5reLiXEQfQhp5yT9zTy9U=; b=i52DP0Lx3ytr+a/RCmLWCwvqgKeO1bPRKWKNiKxFzcOWTAeMEyd/Aj9w4RMuz90K4l zLaOXJQABAeZpwy5GCCa8CQCWtZFtJ0ZlE869uLViithmscc5w8y3pIThjyu0lM+R+1P TB990Ma9wACIxgvasPtd63Qal06sfrxekQotxGOTaXUq8kuvBf3AzgUpdcNRAFW5TsL7 q7zZG6RBB9P7bAuP+GZV8h6P+12AYCA50B4764Dwxdsg+zQnNieepL563cc2hOmpIevT XdVc2TVleR9afRkgxAjuTWFlKmxpTvI0qeeU4qhzKYqhOjHGV1InKymL8yDCjPlsg/1D JvvQ==
X-Received: by 10.182.220.7 with SMTP id ps7mr35536983obc.23.1395807346210; Tue, 25 Mar 2014 21:15:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.23.138 with HTTP; Tue, 25 Mar 2014 21:15:26 -0700 (PDT)
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Wed, 26 Mar 2014 00:15:26 -0400
Message-ID: <CAF4+nEFH=KK_aOGfm_SLfhGOu+DjG10npCremtqQDC=SLvz4GA@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-netext-pmip6-qos@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/QVHv0xTvTL_4mCobXMZmpOxgoOk
Cc: "secdir@ietf.org" <secdir@ietf.org>
Subject: [secdir] SECDIR review of draft-ietf-netext-pmip6-qos-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Mar 2014 04:15:49 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. This draft specifies Quality of Service options for Proxy Mobile IPv6 along with appropriate new status codes and other protocol considerations. These options are carried in Proxy Binding Update messages to which a Proxy Binding Acknowledgement is sent in response. The Security Considerations section refers to earlier RFCs (5213 and 7077). There earlier RFCs do appear to provide adequate security for the messages involved. And, on thinking about it, I tend to agree with the assertion that "The quality of service option when included in these signaling messages does not require additional security considerations." If it were me, I would add a few words about how, if the Proxy Binding Update/Acknowledgement protocol is not secured, you can do worse things than change the quality of service. However, while the Security Considerations section feels quite minimal, it does appear to be adequate. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com
- [secdir] SECDIR review of draft-ietf-netext-pmip6… Donald Eastlake
- Re: [secdir] SECDIR review of draft-ietf-netext-p… Jouni Korhonen