[secdir] review of draft-arkko-dual-stack-extra-lite-03
Stephen Kent <kent@bbn.com> Thu, 27 January 2011 16:26 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 196EB3A690D for <secdir@core3.amsl.com>; Thu, 27 Jan 2011 08:26:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.412
X-Spam-Level:
X-Spam-Status: No, score=-102.412 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LETj-lZyPB4b for <secdir@core3.amsl.com>; Thu, 27 Jan 2011 08:26:44 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id E873C3A690A for <secdir@ietf.org>; Thu, 27 Jan 2011 08:26:43 -0800 (PST)
Received: from [192.1.255.194] (port=49192) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1PiUjD-000Gpj-KS; Thu, 27 Jan 2011 11:29:47 -0500
Mime-Version: 1.0
Message-Id: <p06240809c9674d216edd@[192.1.255.194]>
Date: Thu, 27 Jan 2011 11:29:43 -0500
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-915976709==_ma============"
Cc: ars.eggert@nokia.com, jari.arkko@piuha.net, Ralph Droms <rdroms.ietf@gmail.com>
Subject: [secdir] review of draft-arkko-dual-stack-extra-lite-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jan 2011 16:26:46 -0000
I reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This is a very brief (8-page) document. It defines how to employ address translation (NAT) to serve a large (> 2^24) user population without making use of a large private address space. Thus the focus here is a bit different from the usual NAT context, where one uses a large-enough private address space behind a NAT, and maps that space into a smaller (typically IPV4) address space on the other side of a NAT. The authors review several other approaches to dealing with the problem, as a prelude to presenting the proposed solution. The solution put forth here is applicable to nets where each endpoint has a point-to-point link to a NAT (vs. a broadcast net). The authors note that if tunneling is already being used to connect endpoints to a gateway/NAT, this technique also is applicable. In either case the NAT maintains a map between the overlapping private address spaces and the public space by associating a network interface ID (as well as the private IP address) with each endpoint. The authors recommend employing their solution for dealing with the IPv4 addresses that need to be associated with endpoints in the dual stack [RFC 4213] deployment model for IPv6. They also note that their proposal could be used in another IPv6 deployment model [I-D.ietf-behave-v6v4-xlate-stateful], but that it probably is not necessary there, because of the abundance of IPv6 address space. The security considerations section is but one sentence: "This practices outlined in this document do not affect the security properties of address translation." I think this needs to be expanded upon :. The authors should cite at least one RFC that deals with NAT and has sustentative security considerations section. If they can't find a suitable RFC (2993 is the obvious candidate, but it is outdated in several of its references and comments) then they at least describe why they believe that this proposal introduces no new security implications.
- [secdir] review of draft-arkko-dual-stack-extra-l… Stephen Kent
- Re: [secdir] review of draft-arkko-dual-stack-ext… Jari Arkko