Re: [secdir] draft-ietf-6man-multi-homed-host-07 security review

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 15 August 2016 02:50 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 550E312D60F; Sun, 14 Aug 2016 19:50:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jkEKs3efjzHa; Sun, 14 Aug 2016 19:50:02 -0700 (PDT)
Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 443E612D5D3; Sun, 14 Aug 2016 19:50:02 -0700 (PDT)
Received: by mail-pf0-x234.google.com with SMTP id h186so13148525pfg.3; Sun, 14 Aug 2016 19:50:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=qfs5J22ihnXBiRJQwLRnXdTPm4wmz0xEBkCE0m+km9E=; b=H6VLHanxEOvw7vQSH/BnRCKRZYqcxTOqQKHSFt1S9Ct3jVE49Hczk97+38Z7uIqB+8 v1c+uat2bTIHqcIkyZE1cj6iS+AjZ/q3ugB0BJOMz6owLiX/MTT7Umq0p0VlqBE7rvMF q/5hQif5n8gCEhCRux041K/idF3uqtFvC4yFo+ZMfR5URdseF7sGi/eQgFRB0VqvOjE0 a/T3CAuxHlbwDnhvnh6auvWvUOpiutXtY0qzLVVwhyGoNZng80neFKCbalFEHwq+QCtQ 6jHiaprwPKYa9hEHQVrIiW2PVWGV3H3XT0DG8f1xrSEK8HLAw4mXuAVoWqnKkrwP7TZH 5Dvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=qfs5J22ihnXBiRJQwLRnXdTPm4wmz0xEBkCE0m+km9E=; b=MK7ZBpfStjKcDvUpg6Ud97CLCtCngGFDOMC4QoZN0qcXkZKSH6OsupvbOa3Zyuxbue WNbwOFrJ4B2wtgZWJWdr7CHC0aCRnzXc5W+hh68BT6GQ9KELxeiISqBD9CUZE18iMIpg ddJKP5PWLJMTJ/Ghqs3yJfwJ68a7683X69l6AUGbh3mmabyQBOGR+dsMqy7l0P2fuUsi rIVqiM7ZK5m3savmIckAabZo0/eR5Nm+YLD5p2yvLYUu5E47E3dBlyFdhDv7/isSMBDH 7egZPb3A7TcYXFY1t6y7XkybI4KZsdi6jgSDX8wnFSjo1oVKE8ln5Oc03aX35Lz4eOQE 7NOw==
X-Gm-Message-State: AEkoouv91AyDkekn9Df1a/O7oy7zjADH+oAl/5DzbO5xvuAoL7/C9pACUDgL1zdvN332rA==
X-Received: by 10.98.56.207 with SMTP id f198mr50130962pfa.83.1471229401289; Sun, 14 Aug 2016 19:50:01 -0700 (PDT)
Received: from ?IPv6:2406:e007:7af7:1:28cc:dc4c:9703:6781? ([2406:e007:7af7:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id k66sm28624668pfc.30.2016.08.14.19.49.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 14 Aug 2016 19:50:00 -0700 (PDT)
To: Ben Laurie <benl@google.com>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-6man-multi-homed-host.all@ietf.org
References: <CABrd9SSG533PFFjkX4kbp=81gqs+3nN1DLrT797PsRVGsERitQ@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <62415758-095c-b133-25f7-e922d0c50653@gmail.com>
Date: Mon, 15 Aug 2016 14:49:57 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CABrd9SSG533PFFjkX4kbp=81gqs+3nN1DLrT797PsRVGsERitQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/TU2ycJ_NmyBYrkr5YS1JIYogeOk>
Subject: Re: [secdir] draft-ietf-6man-multi-homed-host-07 security review
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2016 02:50:03 -0000

Sorry, we didn't reply to this promptly due to bigger issues coming
up, but thanks, and we will cover this point in the next version.

Regards
   Brian Carpenter

On 04/08/2016 22:45, Ben Laurie wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> Status: ready with nits.
> 
> The document claims to introduce no new security exposure, but it
> seems to me that it is designed to ensure routing occurs correctly in
> situations where it previously didn't - this may result in unexpected
> exposure of networks that previously were unreachable.
> 
> I think this is a nit, because clearly such networks were poorly
> designed in the first place, but perhaps a mention should be made?
>