Re: [secdir] Secdir review of draft-ietf-softwire-dslite-deployment

"Lee, Yiu" <Yiu_Lee@Cable.Comcast.com> Sun, 14 October 2012 21:27 UTC

Return-Path: <yiu_lee@cable.comcast.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4222A21F84F3; Sun, 14 Oct 2012 14:27:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.365
X-Spam-Level:
X-Spam-Status: No, score=-102.365 tagged_above=-999 required=5 tests=[AWL=-2.865, BAYES_00=-2.599, HOST_EQ_MODEMCABLE=1.368, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, MIME_QP_LONG_LINE=1.396, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dAhgJD3dSLuf; Sun, 14 Oct 2012 14:27:33 -0700 (PDT)
Received: from cable.comcast.com (pacdcavout01.cable.comcast.com [69.241.43.119]) by ietfa.amsl.com (Postfix) with ESMTP id BDFE821F8417; Sun, 14 Oct 2012 14:27:32 -0700 (PDT)
Received: from ([24.40.56.115]) by pacdcavout01.cable.comcast.com with ESMTP id 97wm3m1.30377001; Sun, 14 Oct 2012 17:20:32 -0400
Received: from PACDCEXMB05.cable.comcast.com ([169.254.7.147]) by PACDCEXHUB02.cable.comcast.com ([fe80::492e:3fa1:c2ad:e04e%13]) with mapi id 14.02.0318.001; Sun, 14 Oct 2012 17:27:29 -0400
From: "Lee, Yiu" <Yiu_Lee@Cable.Comcast.com>
To: Tobias Gondrom <tobias.gondrom@gondrom.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-softwire-dslite-deployment.all@tools.ietf.org." <draft-ietf-softwire-dslite-deployment.all@tools.ietf.org>
Thread-Topic: Secdir review of draft-ietf-softwire-dslite-deployment
Thread-Index: AQHNqkiVs05vQDP67EWEpjdbieLpVJe5UNmA
Date: Sun, 14 Oct 2012 21:27:28 +0000
Message-ID: <E3FAB1F4F41F3A45B287E8D9C53522FD37A78150@PACDCEXMB05.cable.comcast.com>
In-Reply-To: <507B16CA.3090405@gondrom.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.4.120824
x-originating-ip: [24.40.55.70]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="B_3433080448_4008840"
MIME-Version: 1.0
X-Mailman-Approved-At: Sun, 14 Oct 2012 14:28:55 -0700
Subject: Re: [secdir] Secdir review of draft-ietf-softwire-dslite-deployment
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Oct 2012 21:27:34 -0000

Hi Tobias,

Thanks for reviewing the draft. Comments inline:

Thanks,
Yiu

From:  Tobias Gondrom <tobias.gondrom@gondrom.org>
Date:  Sunday, October 14, 2012 3:47 PM
To:  "iesg@ietf.org" <iesg@ietf.org>rg>, "secdir@ietf.org" <secdir@ietf.org>rg>,
"draft-ietf-softwire-dslite-deployment.all@tools.ietf.org."
<draft-ietf-softwire-dslite-deployment.all@tools.ietf.org.>
Subject:  Secdir review of draft-ietf-softwire-dslite-deployment
Resent-To:  <carlw@mcsr-labs.org>rg>, <christian.jacquenet@orange.com>om>,
<cuiyong@tsinghua.edu.cn>cn>, <mohamed.boucadair@orange.com>om>,
<roberta.maglione@telecomitalia.it>it>, <suresh.krishnan@ericsson.com>om>, "Yiu L.
LEE" <yiu_lee@cable.comcast.com>

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.


I believe this document (draft-ietf-softwire-dslite-deployment) has an
adequate security considerations section and the main security risks are
sufficiently described for an informational "deployment considerations" RFC.

COMMENTS: 
section 2.6: 
"Internet hosts such as servers must no longer rely solely on IP address to
identify an abused user."
Don't you mean here: "... an abusive user."
and again in the next sentence "...to identify an abused user..." should be
"...to identify an abusive user".

[YL] Fixed.

Nits: 
- section 1: Overview
third sentence: first mention of "softwire" may require a reference

[YL] Fixed.

- section 2.5, last paragraph:
s/Depedning on the rate of NAT table changes/Depending on the rate of NAT
table changes

[YL] Fixed.


Best regards, Tobias