[secdir] Secdir review of draft-ietf-v6ops-ipv6-roaming-analysis-05
"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Tue, 30 September 2014 04:37 UTC
Return-Path: <jsalowey@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B10801A0143; Mon, 29 Sep 2014 21:37:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.287
X-Spam-Level:
X-Spam-Status: No, score=-15.287 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kz-pr4QFRaUs; Mon, 29 Sep 2014 21:37:37 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37A321A013B; Mon, 29 Sep 2014 21:37:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1332; q=dns/txt; s=iport; t=1412051857; x=1413261457; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=ADHsrXyZ5gQZJqmxLDRFbNd3oMDR5q/DiyYjZX8Z08s=; b=Uh3Zr9k3GFUv7P26Ub7K1N2dE8ff1bn6x8QxI0NDmkuT6jejjMkNgowp GJjbYqG9knCxMx1nHw8mJEx/pw8qnLWtML00SaX7NDpKFFcnGJLM9909l hx47g339XD+IOgfJesEjIbf9R+x4WVH87vZTzlcHqLTuAz1Ybk+DGx6IS 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFAIUyKlStJA2M/2dsb2JhbABggw6BLtJ8FgF7hAo6UQE+QicEAYhQvx0BF5NTgR0FkWWLQ5Vdg2OCNIECAQEB
X-IronPort-AV: E=Sophos;i="5.04,625,1406592000"; d="scan'208";a="359377880"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-3.cisco.com with ESMTP; 30 Sep 2014 04:37:36 +0000
Received: from xhc-rcd-x11.cisco.com (xhc-rcd-x11.cisco.com [173.37.183.85]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id s8U4baAf000515 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 30 Sep 2014 04:37:36 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.15]) by xhc-rcd-x11.cisco.com ([173.37.183.85]) with mapi id 14.03.0195.001; Mon, 29 Sep 2014 23:37:36 -0500
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: "<secdir@ietf.org>" <secdir@ietf.org>, IESG <iesg@ietf.org>, "draft-ietf-v6ops-ipv6-roaming-analysis.all@tools.ietf.org" <draft-ietf-v6ops-ipv6-roaming-analysis.all@tools.ietf.org>
Thread-Topic: Secdir review of draft-ietf-v6ops-ipv6-roaming-analysis-05
Thread-Index: AQHP3GhBohIc8wrfpUCez5hY9Fj7Gg==
Date: Tue, 30 Sep 2014 04:37:35 +0000
Message-ID: <B2954418-6743-4AF4-92F3-6798D09C48C1@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.33.248.136]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <65AD15DBFA20FF4D85A805F111C7B5DF@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/UmqqpALyRYGQc0K6UgZowrYQlJI
Subject: [secdir] Secdir review of draft-ietf-v6ops-ipv6-roaming-analysis-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2014 04:37:38 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. In summary I believe the document is ready. It does make reference to security considerations IPV6-3GPP RFC 6459 which is appropriate. I have a few observations below. 1) There is a brief discussion of home routed an local breakout modes which determine how the user's traffic is routed. This could potentially have privacy implications, however I do not think this is the subject of the document so I don't think additional privacy considerations are needed. The one exception may be if an attacker can force the selection of one of these options. This did not appear to be the case from the document, but I did not follow all the 3GPP specifics. 2) Some of the failure modes consume more network resources. If these modes can be externally manipulated then it may be possible for a denial of service attack. This did not appear to be the case from the document, but I did not follow all the 3GPP specifics. Cheers, Joe
- [secdir] Secdir review of draft-ietf-v6ops-ipv6-r… Joseph Salowey (jsalowey)
- Re: [secdir] Secdir review of draft-ietf-v6ops-ip… Jouni Korhonen