Re: [secdir] SECDIR Review of draft-ietf-6lo-rfc6775-update-11

"Pascal Thubert (pthubert)" <> Mon, 19 February 2018 09:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B374F12706D; Mon, 19 Feb 2018 01:30:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id K9IT_jkO4YKm; Mon, 19 Feb 2018 01:30:17 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D982612426E; Mon, 19 Feb 2018 01:30:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=9462; q=dns/txt; s=iport; t=1519032617; x=1520242217; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=B+lKThF2lLfxPHQXmLjU7kSoccb8VmHGQ9amOiTJZqI=; b=ILc6KEeG83e5F0nVJHnz1AslGygIdG3VD1IxOLw6IyKvzPn2PHPjtB+W jmcI2mPlHepg4nLHAhU5bFoaFTw7mDG2UmrLtawPPf7FrWHh4UbkgHVTr bedUZmtPHEAvK9JlDPHNZT32sOj9UG387E1MpOZ3VdK4UMuDFHAGykZyf 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DZAACSmIpa/4sNJK1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYJadWZwKAqDXYoljgOCAoEXh3+IboVcghYKhTsCGoI1VBgBAgE?= =?us-ascii?q?BAQEBAQJrKIUjAQEBBCMKXAIBCBEEAQEoAwICAh8RFAkIAgQBEgiJNkwDFapvg?= =?us-ascii?q?icmhw4NgTKCEwEBAQEBAQEBAQEBAQEBAQEBAQEBAR2FC4IogVeBaIMugmyCbYJ?= =?us-ascii?q?hgmUFinSZDDUJApB9hQKCKYIFkCKLFoM4iSQCERkBgTsBHzmBUXAVgn2CVByCB?= =?us-ascii?q?ngRjSiBGQEBAQ?=
X-IronPort-AV: E=Sophos; i="5.46,534,1511827200"; d="scan'208,217"; a="72141794"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Feb 2018 09:30:16 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id w1J9UFNR005981 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 19 Feb 2018 09:30:16 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 19 Feb 2018 03:30:15 -0600
Received: from ([]) by ([]) with mapi id 15.00.1320.000; Mon, 19 Feb 2018 03:30:15 -0600
From: "Pascal Thubert (pthubert)" <>
To: Chris Lonvick <>, "" <>, "" <>, "" <>
Thread-Topic: SECDIR Review of draft-ietf-6lo-rfc6775-update-11
Thread-Index: AQHTqM6rcOWuXcDXhEm3Q2Hv6eXNxqOrdkHg
Date: Mon, 19 Feb 2018 09:29:54 +0000
Deferred-Delivery: Mon, 19 Feb 2018 09:29:34 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: fr-FR, en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_bd3ee6f5c7ed48c0ba5b86efd7bc0bf7XCHRCD001ciscocom_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [secdir] SECDIR Review of draft-ietf-6lo-rfc6775-update-11
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 19 Feb 2018 09:30:19 -0000

Thanks a bunch Chris :

I applied the recommended changes. They will appear in the next publication.

Take care,


From: Chris Lonvick []
Sent: dimanche 18 février 2018 16:38
Subject: SECDIR Review of draft-ietf-6lo-rfc6775-update-11


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

The summary of the review is Ready with Nits.

I skimmed through the document, which appears thorough and well laid out.

The Security Considerations section is appropriate.

Below are some nits that I found in the Security Considerations section:

Backbone Router in a way that prevents tempering with or replaying

This specification recommends to using privacy techniques (see
s/to using/the use of/

Section B.5 is a section on Requirements Related to Security. This is an appropriate threat model.

Also, just because I'm a bit late in doing this, I reviewed the Privacy Considerations section of this document. This is also well written and provides guidance to implementers in the way of pointers to other RFCs.