[secdir] Secdir last call review of draft-ietf-capport-rfc7710bis-04
Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org> Fri, 01 May 2020 12:10 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EFBE43A1125; Fri, 1 May 2020 05:10:19 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: captive-portals@ietf.org, draft-ietf-capport-rfc7710bis.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.128.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <158833501993.21190.4904257765699741589@ietfa.amsl.com>
Reply-To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Fri, 01 May 2020 05:10:19 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/kHOP21ffwd-HSKZ2tb-brTthReA>
Subject: [secdir] Secdir last call review of draft-ietf-capport-rfc7710bis-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2020 12:10:20 -0000
Reviewer: Rifaat Shekh-Yusef Review result: Has Issues Since the use of IP address literal is not forbidden by this document, what if an attacker with the ability to inject DHCP messages or RAs uses this option to force the user to contact an IP address of his choosing? In this case, the use of TLS and presenting the identity in the certificate might not be of much help. I think this case should be discussed in the security consideration section.
- [secdir] Secdir last call review of draft-ietf-ca… Rifaat Shekh-Yusef via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Erik Kline
- Re: [secdir] Fwd: [Last-Call] Secdir last call re… Benjamin Kaduk
- Re: [secdir] Fwd: [Last-Call] Secdir last call re… Erik Kline
- Re: [secdir] Fwd: [Last-Call] Secdir last call re… Erik Kline
- Re: [secdir] Fwd: [Last-Call] Secdir last call re… Barry Leiba
- Re: [secdir] Fwd: [Last-Call] Secdir last call re… Erik Kline
- Re: [secdir] Fwd: [Last-Call] Secdir last call re… Erik Kline
- Re: [secdir] Fwd: [Last-Call] Secdir last call re… Barry Leiba
- Re: [secdir] Secdir last call review of draft-iet… Benjamin Kaduk