[secdir] Secdir review of draft-wkumari-dhc-capport-13

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 07 July 2015 07:47 UTC

Return-Path: <hannes.tschofenig@arm.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 036751A1A33 for <secdir@ietfa.amsl.com>; Tue, 7 Jul 2015 00:47:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Level:
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oTEMWVLcQ5cr for <secdir@ietfa.amsl.com>; Tue, 7 Jul 2015 00:47:46 -0700 (PDT)
Received: from eu-smtp-delivery-143.mimecast.com (eu-smtp-delivery-143.mimecast.com [207.82.80.143]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE5111A1A31 for <secdir@ietf.org>; Tue, 7 Jul 2015 00:47:45 -0700 (PDT)
Received: from emea-cam-gw2.Emea.Arm.com (fw-tnat.cambridge.arm.com [217.140.96.140]) (Using TLS) by eu-smtp-1.mimecast.com with ESMTP id uk-mta-34-ci01NyRYRPezvuIzYJoRaQ-2
Received: from george.Emea.Arm.com ([fe80::4c19:a8f:5c9a:76df]) by emea-cam-gw2.Emea.Arm.com ([::1]) with mapi; Tue, 7 Jul 2015 08:47:42 +0100
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-wkumari-dhc-capport.all@tools.ietf.org" <draft-wkumari-dhc-capport.all@tools.ietf.org>
Date: Tue, 7 Jul 2015 08:47:41 +0100
Thread-Topic: Secdir review of draft-wkumari-dhc-capport-13
Thread-Index: AdC4h4BNZm0gzjebRZ6h7hBcyjl2vw==
Message-ID: <F01D8B85CFF58440B2A13965FBA90CA4013459D8EC0F@GEORGE.Emea.Arm.com>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
MIME-Version: 1.0
X-MC-Unique: ci01NyRYRPezvuIzYJoRaQ-2
Content-Type: multipart/alternative; boundary="_000_F01D8B85CFF58440B2A13965FBA90CA4013459D8EC0FGEORGEEmeaA_"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/gNl45Dqe1KX04Sf2ryfS4AYu-ng>
Subject: [secdir] Secdir review of draft-wkumari-dhc-capport-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2015 07:47:49 -0000

I have reviewed this document as part of the security directorate's effort to review all IETF documents being processed by the IESG.

These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comment.



This document communicates the presence of a captive portal in a WiFi network using DHCP and RAs.



Recommendation:  Ready



The motivation of the document makes sense, namely to avoid interception of traffic, and the document is an easy extension to already available mechanisms (RA/DHCP). I was expecting to see a reference to Hotspot 2.0, which aims to make the interaction between hotspot providers and end devices more intelligent (but covers a much larger scope).


Minor nit:

In Section 4 you write:


"This document defines two DHCP Captive-Portal options, one for IPv6

   and one for IPv6."



It should of course read "..., one for IPv4 and one for IPv6."



Ciao

Hannes



-- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Registered in England & Wales, Company No: 2557590
ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Registered in England & Wales, Company No: 2548782