Re: [secdir] SECDIR Review of draft-ietf-6lo-rfc6775-update-11

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Mon, 19 February 2018 09:30 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B374F12706D; Mon, 19 Feb 2018 01:30:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level:
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K9IT_jkO4YKm; Mon, 19 Feb 2018 01:30:17 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D982612426E; Mon, 19 Feb 2018 01:30:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9462; q=dns/txt; s=iport; t=1519032617; x=1520242217; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=B+lKThF2lLfxPHQXmLjU7kSoccb8VmHGQ9amOiTJZqI=; b=ILc6KEeG83e5F0nVJHnz1AslGygIdG3VD1IxOLw6IyKvzPn2PHPjtB+W jmcI2mPlHepg4nLHAhU5bFoaFTw7mDG2UmrLtawPPf7FrWHh4UbkgHVTr bedUZmtPHEAvK9JlDPHNZT32sOj9UG387E1MpOZ3VdK4UMuDFHAGykZyf 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DZAACSmIpa/4sNJK1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYJadWZwKAqDXYoljgOCAoEXh3+IboVcghYKhTsCGoI1VBgBAgE?= =?us-ascii?q?BAQEBAQJrKIUjAQEBBCMKXAIBCBEEAQEoAwICAh8RFAkIAgQBEgiJNkwDFapvg?= =?us-ascii?q?icmhw4NgTKCEwEBAQEBAQEBAQEBAQEBAQEBAQEBAR2FC4IogVeBaIMugmyCbYJ?= =?us-ascii?q?hgmUFinSZDDUJApB9hQKCKYIFkCKLFoM4iSQCERkBgTsBHzmBUXAVgn2CVByCB?= =?us-ascii?q?ngRjSiBGQEBAQ?=
X-IronPort-AV: E=Sophos; i="5.46,534,1511827200"; d="scan'208,217"; a="72141794"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Feb 2018 09:30:16 +0000
Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id w1J9UFNR005981 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 19 Feb 2018 09:30:16 GMT
Received: from xch-rcd-001.cisco.com (173.37.102.11) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 19 Feb 2018 03:30:15 -0600
Received: from xch-rcd-001.cisco.com ([173.37.102.11]) by XCH-RCD-001.cisco.com ([173.37.102.11]) with mapi id 15.00.1320.000; Mon, 19 Feb 2018 03:30:15 -0600
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Chris Lonvick <lonvick.ietf@gmail.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-6lo-rfc6775-update.all@ietf.org" <draft-ietf-6lo-rfc6775-update.all@ietf.org>
Thread-Topic: SECDIR Review of draft-ietf-6lo-rfc6775-update-11
Thread-Index: AQHTqM6rcOWuXcDXhEm3Q2Hv6eXNxqOrdkHg
Date: Mon, 19 Feb 2018 09:29:54 +0000
Deferred-Delivery: Mon, 19 Feb 2018 09:29:34 +0000
Message-ID: <bd3ee6f5c7ed48c0ba5b86efd7bc0bf7@XCH-RCD-001.cisco.com>
References: <5A899DF0.7050607@gmail.com>
In-Reply-To: <5A899DF0.7050607@gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.228.216.13]
Content-Type: multipart/alternative; boundary="_000_bd3ee6f5c7ed48c0ba5b86efd7bc0bf7XCHRCD001ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/_qZJmxmV_9XoIT2hUitg0HOlCrw>
Subject: Re: [secdir] SECDIR Review of draft-ietf-6lo-rfc6775-update-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2018 09:30:19 -0000

Thanks a bunch Chris :

I applied the recommended changes. They will appear in the next publication.

Take care,

Pascal

From: Chris Lonvick [mailto:lonvick.ietf@gmail.com]
Sent: dimanche 18 février 2018 16:38
To: iesg@ietf.org; secdir@ietf.org; draft-ietf-6lo-rfc6775-update.all@ietf.org
Subject: SECDIR Review of draft-ietf-6lo-rfc6775-update-11

Hello,

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

The summary of the review is Ready with Nits.

I skimmed through the document, which appears thorough and well laid out.

The Security Considerations section is appropriate.

Below are some nits that I found in the Security Considerations section:

Current:
Backbone Router in a way that prevents tempering with or replaying
Suggested:
s/tempering/tampering/

Current:
This specification recommends to using privacy techniques (see
Suggested:
s/to using/the use of/

Section B.5 is a section on Requirements Related to Security. This is an appropriate threat model.

Also, just because I'm a bit late in doing this, I reviewed the Privacy Considerations section of this document. This is also well written and provides guidance to implementers in the way of pointers to other RFCs.

Regards,
Chris