[secdir] Re: Secdir last call review of draft-ietf-6man-vpn-dest-opt-01
Erik Kline <ek.ietf@gmail.com> Sun, 09 February 2025 22:28 UTC
Return-Path: <ek.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA72FC18DB95; Sun, 9 Feb 2025 14:28:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UvBYeo9RzIeY; Sun, 9 Feb 2025 14:28:48 -0800 (PST)
Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B138C1840C4; Sun, 9 Feb 2025 14:28:48 -0800 (PST)
Received: by mail-pj1-x1031.google.com with SMTP id 98e67ed59e1d1-2fa3fe04dd2so2193125a91.0; Sun, 09 Feb 2025 14:28:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739140128; x=1739744928; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=7GOILkAbAILkEKIJczJNtD/5YLLVGFRJF7ULAvtb3DY=; b=Tgp68Ut5dV68yjFsd5O4uN4RXfQwpewgP9dHDI9OUCUEn5C8qmgXwfmVSnHwUvKayh 6fHCAtgiK44M/1imjOP1zB9obLQXvWsPDfNithnRb244OjDZzFpru+FGpXjgKGQIrU1d E3QZfKAcj1igh8do1h5exrGOqTfqjCGiynx429YTjmoHy5FoQzgEUSkM9nzz5SPImXvy m3hWBES2XKdqO+OxoP28X7sYVWv2guUEO+T4cdV73ogIBtRQJ1cGUSo8KQVLBBsJMh4G pt3Gsg8Gz+myAxsZpbC35Zrvs0faxFfLXWeQpV5TJ87yCBYxjgi5aJFyM8Vq2VXd/HE7 QOOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739140128; x=1739744928; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7GOILkAbAILkEKIJczJNtD/5YLLVGFRJF7ULAvtb3DY=; b=l9c+A1+1YzjHA7vTGTa6nkXL3ryfIo0XjN6CDNYCAg2UCX15+MtSbVRnHyTkM3B5If ieiE4B5bvR6MOuY1tJ5XuaC5X2MCdChVbTadQOKDOk13iWv6l7McfVvEr0jP/ySQVY6+ wLfDBXcAlCYZNgPCdjIu4twn2w2fsFvSCBL5jpKTQQaR99Q8WscSxKkOCx24gVM6a7fp 2s8bO2Ww4IaRt51jYIvJ9ODl/HhWgNFB+8zwJDhQhJenr4B1w3tQuGmGRJUEQ0/yhucC SjteRyzishuvMK54nVVwiR89GH1vT4dqo7ZtwVgsjfnn4rP3lXGzsKG2+zUv3l+niqsq FXUg==
X-Forwarded-Encrypted: i=1; AJvYcCWYx2dGnevjrgGZ66qMv2X6FAn0803/WuSH71QDJSnu6kgvyiFFMOA9i2tTLwEAtukXZ01tiWQ9oAb0c9YeIlZ+xdEJczyzi8NEQOE1K5aTXQ==@ietf.org, AJvYcCXW5m6WuCl33+KnI6j8uF04McoYDHP1dxTWYiqLIb1YAnHkZ1yMeDKerPsAHlC8nCPGhfJjWA==@ietf.org
X-Gm-Message-State: AOJu0YyFalwbp7gyrIG4gOSYpb53RzqADIIK4/xQX7IlOMUESDp+PEXu 4lz8PlEWLdfUc22IeGNUHd39EYH6fe6bzrt+2B62smgArUbzNOKtjaRpbWXK1/Hu3kSnvBckW8B E8xEUcmkEG7mZWvIlHKh2TWMezzI=
X-Gm-Gg: ASbGncvMnnW7KW7jtWXOhg4thwrl+CdFr3UjR2Du6CgVSs7b3QzhMA4CbQVF4lkOy+J gL6VYDMflx8FJl+K85zs9hFCaNfXJ7S8vUJdTdGTZTnBzUhE6hCD5T6+mSMtdj1+bB9wckIbZ
X-Google-Smtp-Source: AGHT+IEfsijhxMOHkywJpJwoxCJeTR80kEiptnc3TG3zGSFp/kbiHQSwpLbszypJupMpbFg8RldH0X2LKiEDKeZ1Ss4=
X-Received: by 2002:a17:90b:4b8c:b0:2fa:20f4:d27a with SMTP id 98e67ed59e1d1-2fa23f5330dmr17772269a91.7.1739140127617; Sun, 09 Feb 2025 14:28:47 -0800 (PST)
MIME-Version: 1.0
References: <173907991646.272530.9290814010942471540@dt-datatracker-75c44cbbdf-pxnd6>
In-Reply-To: <173907991646.272530.9290814010942471540@dt-datatracker-75c44cbbdf-pxnd6>
From: Erik Kline <ek.ietf@gmail.com>
Date: Sun, 09 Feb 2025 14:28:36 -0800
X-Gm-Features: AWEUYZn4Vl6SWYaU56WUGxihlFpUqD9vwLy-DuwZM_h-ce-wRNwavOJD6UMbc_M
Message-ID: <CAMGpriWF90_jwpbv_e_JqbL+ChgTHEWz9zsfuYCMo4i4pr+k3w@mail.gmail.com>
To: Peter Yee <peter@akayla.com>
Content-Type: multipart/alternative; boundary="0000000000008579dd062dbd1d30"
Message-ID-Hash: SEW4Z6M4R2GOMU3QYDYKZRQVUSTCAFMB
X-Message-ID-Hash: SEW4Z6M4R2GOMU3QYDYKZRQVUSTCAFMB
X-MailFrom: ek.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: secdir@ietf.org, draft-ietf-6man-vpn-dest-opt.all@ietf.org, ipv6@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [secdir] Re: Secdir last call review of draft-ietf-6man-vpn-dest-opt-01
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/SgL-gFud0nbP54IYveBbgqz89zI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Peter, Thank you for the review. Ron, Hopefully there is enough time between now at the 2025.04.17 telechat date to produce a -02 with relevant changes. -Erik On Sat, Feb 8, 2025 at 9:45 PM Peter Yee via Datatracker <noreply@ietf.org> wrote: > Reviewer: Peter Yee > Review result: Has Nits > > Reviewer: Peter Yee > Review result: Has Nits > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments > were written primarily for the benefit of the security area directors. > Document > editors and WG chairs should treat these comments just like any other last > call > comments. > > Summary: This document defines an experimental IPv6 Destination Option for > use > with non-MPLS VPNs. While this option specification doesn’t give a whole > lot of > detail on the operational use of the option, it does give security > considerations that seem reasonable if not highly specified. > > The summary of the review is Has Nits. > > Major issues: None > > Minor issues: > > Page 3, last paragraph, 2nd sentence: I’m not entirely sure what is meant > by > this sentence. Is it trying to say, “Another purpose is to demonstrate > that the > security considerations are sufficient to protect use of the VPN Service > Option”? I’m not sure how either that objective or my reading of the one > in the > document is demonstrated. Security considerations are something that stand > a > test of time, but I’m not sure one can ever be fully certain that they are > sufficient. > > Page 4, section 3, 3rd bullet item, 2nd sub-bullet item: does anything more > need to be said about these 20 bits are used to identify and differentiate > interfaces from each other or is that not germane to the experiment? > > Page 8, 2nd paragraph, 4th sentence: Is 2^12 really highly unlikely? In > cryptographic algorithm contexts, it likely wouldn’t be. I have no basis to > judge whether two experiments running simultaneously might collide, so I’m > just > raising the question. > > Nits: > > Page 4, section 3, 3rd bullet item: change “32-bits” to “32 bits”. > > Page 4, section 3, 3rd bullet item, 1st sub-bullet: change “12 bit” to > “12-bit”. > > Page 4, section 3, 1st paragraph after the bullet list, 3rd sentence: > delete > the duplicated “appears in”. > > Page 4, section 3, 2nd paragraph after the bullet list: delete the space > between “NOTE” and “:”. > > Page 5, section 4, 1st paragraph, 1st sentence: insert “the” before > “customer”. > > Page 7, section 7, 2nd bullet list, 1st bullet item: change “option” to > “Option”. > > Page 7, section 7, 1st paragraph after 2nd bullet list, 2nd sentence: > change > “fo” to “of”. > > Page 7, section 7, 2nd paragraph after 2nd bullet list, 1st sentence: > consider > inserting “capable of” before the first occurrence of “modifying”. > > Page 8, 1st paragraph, 2nd sentence: change “imediment” to “impediment”. > Change > “deplyment” to “deployment”. > > Page 8, section 9, 5th bullet item, 1st sub-bullet item: change > “inter-operable” to “interoperable”. If you can use “interoperability” in > the > following sentence, I don’t see why the adjective needs to be hyphenated > in the > first. > > >
- [secdir] Secdir last call review of draft-ietf-6m… Peter Yee via Datatracker
- [secdir] Re: Secdir last call review of draft-iet… Erik Kline
- [secdir] Re: Secdir last call review of draft-iet… Ron Bonica
- [secdir] Re: Secdir last call review of draft-iet… Ron Bonica
- [secdir] Re: Secdir last call review of draft-iet… Peter Yee