[secdir] secdir review of draft-ietf-babel-applicability-06

"Scott G. Kelly" <scott@hyperthought.com> Tue, 09 July 2019 20:39 UTC

Return-Path: <scott@hyperthought.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6332312004F for <secdir@ietfa.amsl.com>; Tue, 9 Jul 2019 13:39:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zkkdeQUqDba2 for <secdir@ietfa.amsl.com>; Tue, 9 Jul 2019 13:39:49 -0700 (PDT)
Received: from smtp82.iad3a.emailsrvr.com (smtp82.iad3a.emailsrvr.com [173.203.187.82]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7E08120025 for <secdir@ietf.org>; Tue, 9 Jul 2019 13:39:48 -0700 (PDT)
Received: from app65.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by smtp11.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id CC6F75705; Tue, 9 Jul 2019 16:39:47 -0400 (EDT)
X-Sender-Id: scott@hyperthought.com
Received: from app65.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by 0.0.0.0:25 (trex/5.7.12); Tue, 09 Jul 2019 16:39:47 -0400
Received: from hyperthought.com (localhost.localdomain [127.0.0.1]) by app65.wa-webapps.iad3a (Postfix) with ESMTP id B79FAE0046; Tue, 9 Jul 2019 16:39:47 -0400 (EDT)
Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com) with HTTP; Tue, 9 Jul 2019 13:39:47 -0700 (PDT)
X-Auth-ID: scott@hyperthought.com
Date: Tue, 09 Jul 2019 13:39:47 -0700
From: "Scott G. Kelly" <scott@hyperthought.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-babel-applicability.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-Type: plain
Message-ID: <1562704787.749713969@apps.rackspace.com>
X-Mailer: webmail/16.4.5-RC
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/SRhcKWZ2ocBBX3dPlId-CCIkjYk>
Subject: [secdir] secdir review of draft-ietf-babel-applicability-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 20:39:51 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

The summary of the review is ready.

This informational document describes applicability of the Babel routing protocol in terms of existing deployments. It recommends using one of two security mechanisms defined for Babel (HMAC vs. DTLS). I did not review the referenced docs for HMAC/DTLS, but assuming there are no issues with those docs, I see no security issues with this document.