Re: [secdir] draft-ietf-6man-multi-homed-host-07 security review

Brian E Carpenter <> Mon, 15 August 2016 02:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 550E312D60F; Sun, 14 Aug 2016 19:50:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jkEKs3efjzHa; Sun, 14 Aug 2016 19:50:02 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 443E612D5D3; Sun, 14 Aug 2016 19:50:02 -0700 (PDT)
Received: by with SMTP id h186so13148525pfg.3; Sun, 14 Aug 2016 19:50:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=qfs5J22ihnXBiRJQwLRnXdTPm4wmz0xEBkCE0m+km9E=; b=H6VLHanxEOvw7vQSH/BnRCKRZYqcxTOqQKHSFt1S9Ct3jVE49Hczk97+38Z7uIqB+8 v1c+uat2bTIHqcIkyZE1cj6iS+AjZ/q3ugB0BJOMz6owLiX/MTT7Umq0p0VlqBE7rvMF q/5hQif5n8gCEhCRux041K/idF3uqtFvC4yFo+ZMfR5URdseF7sGi/eQgFRB0VqvOjE0 a/T3CAuxHlbwDnhvnh6auvWvUOpiutXtY0qzLVVwhyGoNZng80neFKCbalFEHwq+QCtQ 6jHiaprwPKYa9hEHQVrIiW2PVWGV3H3XT0DG8f1xrSEK8HLAw4mXuAVoWqnKkrwP7TZH 5Dvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=qfs5J22ihnXBiRJQwLRnXdTPm4wmz0xEBkCE0m+km9E=; b=MK7ZBpfStjKcDvUpg6Ud97CLCtCngGFDOMC4QoZN0qcXkZKSH6OsupvbOa3Zyuxbue WNbwOFrJ4B2wtgZWJWdr7CHC0aCRnzXc5W+hh68BT6GQ9KELxeiISqBD9CUZE18iMIpg ddJKP5PWLJMTJ/Ghqs3yJfwJ68a7683X69l6AUGbh3mmabyQBOGR+dsMqy7l0P2fuUsi rIVqiM7ZK5m3savmIckAabZo0/eR5Nm+YLD5p2yvLYUu5E47E3dBlyFdhDv7/isSMBDH 7egZPb3A7TcYXFY1t6y7XkybI4KZsdi6jgSDX8wnFSjo1oVKE8ln5Oc03aX35Lz4eOQE 7NOw==
X-Gm-Message-State: AEkoouv91AyDkekn9Df1a/O7oy7zjADH+oAl/5DzbO5xvuAoL7/C9pACUDgL1zdvN332rA==
X-Received: by with SMTP id f198mr50130962pfa.83.1471229401289; Sun, 14 Aug 2016 19:50:01 -0700 (PDT)
Received: from ?IPv6:2406:e007:7af7:1:28cc:dc4c:9703:6781? ([2406:e007:7af7:1:28cc:dc4c:9703:6781]) by with ESMTPSA id k66sm28624668pfc.30.2016. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 14 Aug 2016 19:50:00 -0700 (PDT)
To: Ben Laurie <>, "" <>,
References: <>
From: Brian E Carpenter <>
Organization: University of Auckland
Message-ID: <>
Date: Mon, 15 Aug 2016 14:49:57 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [secdir] draft-ietf-6man-multi-homed-host-07 security review
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 15 Aug 2016 02:50:03 -0000

Sorry, we didn't reply to this promptly due to bigger issues coming
up, but thanks, and we will cover this point in the next version.

   Brian Carpenter

On 04/08/2016 22:45, Ben Laurie wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> Status: ready with nits.
> The document claims to introduce no new security exposure, but it
> seems to me that it is designed to ensure routing occurs correctly in
> situations where it previously didn't - this may result in unexpected
> exposure of networks that previously were unreachable.
> I think this is a nit, because clearly such networks were poorly
> designed in the first place, but perhaps a mention should be made?