[secdir] review of draft-arkko-dual-stack-extra-lite-03

Stephen Kent <kent@bbn.com> Thu, 27 January 2011 16:26 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 196EB3A690D for <secdir@core3.amsl.com>; Thu, 27 Jan 2011 08:26:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.412
X-Spam-Status: No, score=-102.412 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id LETj-lZyPB4b for <secdir@core3.amsl.com>; Thu, 27 Jan 2011 08:26:44 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com []) by core3.amsl.com (Postfix) with ESMTP id E873C3A690A for <secdir@ietf.org>; Thu, 27 Jan 2011 08:26:43 -0800 (PST)
Received: from [] (port=49192) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1PiUjD-000Gpj-KS; Thu, 27 Jan 2011 11:29:47 -0500
Mime-Version: 1.0
Message-Id: <p06240809c9674d216edd@[]>
Date: Thu, 27 Jan 2011 11:29:43 -0500
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-915976709==_ma============"
Cc: ars.eggert@nokia.com, jari.arkko@piuha.net, Ralph Droms <rdroms.ietf@gmail.com>
Subject: [secdir] review of draft-arkko-dual-stack-extra-lite-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jan 2011 16:26:46 -0000

I reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This is a very brief (8-page) document. It defines how to employ 
address translation (NAT) to serve a large (> 2^24) user population 
without making use of a large private address space. Thus the focus 
here is a bit different from the usual NAT context, where one uses a 
large-enough private address space behind a NAT, and maps that space 
into a smaller (typically IPV4) address space on the other side of a 

The authors review several other approaches to dealing with the 
problem, as a prelude to presenting the proposed solution. The 
solution put forth here is applicable to nets where each endpoint has 
a point-to-point link to a NAT (vs. a broadcast net). The authors 
note that if tunneling is already being used to connect endpoints to 
a gateway/NAT, this technique also is applicable. In either case the 
NAT maintains a map between the overlapping private address spaces 
and the public space by associating a network interface ID (as well 
as the private IP address) with each endpoint.

The authors recommend employing their solution for dealing with the 
IPv4 addresses that need to be associated with endpoints in the dual 
stack [RFC 4213] deployment model for IPv6. They also note that their 
proposal could be used in another IPv6 deployment model 
[I-D.ietf-behave-v6v4-xlate-stateful], but that it probably is not 
necessary there, because of the abundance of IPv6 address space.

The security considerations section is but one sentence: "This 
practices outlined in this document do not affect the security 
properties of address translation." I think this needs to be expanded 
upon :. The authors should cite at least one RFC that deals with NAT 
and has sustentative security considerations section. If they can't 
find a suitable RFC (2993 is the obvious candidate, but it is 
outdated in several of its references and comments) then they at 
least describe why they believe that this proposal introduces no new 
security implications.