[secdir] Secdir last call review of draft-ietf-capport-rfc7710bis-04

Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org> Fri, 01 May 2020 12:10 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: captive-portals@ietf.org, draft-ietf-capport-rfc7710bis.all@ietf.org, last-call@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <158833501993.21190.4904257765699741589@ietfa.amsl.com>
Reply-To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Fri, 01 May 2020 05:10:19 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/kHOP21ffwd-HSKZ2tb-brTthReA>
Subject: [secdir] Secdir last call review of draft-ietf-capport-rfc7710bis-04

Reviewer: Rifaat Shekh-Yusef
Review result: Has Issues

Since the use of IP address literal is not forbidden by this document, what if 
an attacker with the ability to inject DHCP messages or RAs uses this option 
to force the user to contact an IP address of his choosing? In this case, the use 
of TLS and presenting the identity in the certificate might not be of much help.

I think this case should be discussed in the security consideration section.

[secdir] Secdir last call review of draft-ietf-ca… Rifaat Shekh-Yusef via Datatracker
Re: [secdir] Secdir last call review of draft-iet… Erik Kline
Re: [secdir] Fwd: [Last-Call] Secdir last call re… Benjamin Kaduk
Re: [secdir] Fwd: [Last-Call] Secdir last call re… Erik Kline
Re: [secdir] Fwd: [Last-Call] Secdir last call re… Erik Kline
Re: [secdir] Fwd: [Last-Call] Secdir last call re… Barry Leiba
Re: [secdir] Fwd: [Last-Call] Secdir last call re… Erik Kline
Re: [secdir] Fwd: [Last-Call] Secdir last call re… Erik Kline
Re: [secdir] Fwd: [Last-Call] Secdir last call re… Barry Leiba
Re: [secdir] Secdir last call review of draft-iet… Benjamin Kaduk