[secdir] secdir review of draft-ietf-6man-lineid

"Dan Harkins" <dharkins@lounge.org> Sat, 30 June 2012 17:49 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC6C121F85B6; Sat, 30 Jun 2012 10:49:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.406
X-Spam-Level:
X-Spam-Status: No, score=-4.406 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g6RZJ2OBpPIC; Sat, 30 Jun 2012 10:49:02 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 091B821F84FE; Sat, 30 Jun 2012 10:49:02 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id C75AB1022400A; Sat, 30 Jun 2012 10:49:02 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Sat, 30 Jun 2012 10:49:02 -0700 (PDT)
Message-ID: <3f40470e03a3da0a21dcf09e26f1a723.squirrel@www.trepanning.net>
Date: Sat, 30 Jun 2012 10:49:02 -0700 (PDT)
From: "Dan Harkins" <dharkins@lounge.org>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-6man-lineid.all@tools.ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: [secdir] secdir review of draft-ietf-6man-lineid
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jun 2012 17:49:02 -0000

  Hello,

  I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

  This draft defines a new destination option for IPv6 datagrams that
tunnel router solicitation and router advertisement messages. The
purpose of the option is to allow an edge router in a broadband
subscriber network to identify a particular subscriber that comes up.

  I found the draft a bit confusing. Terms are referred to before they
are defined and once defined are not consistently used. There were
several paragraphs that I had to re-read a couple times to figure out
what was being intended. I would suggest the following editorial
changes:
  - in section 1.1, move definition of GPON and RG up before they
    are referred to (AN, and Edge Router, respectively)
  - in section 5.3, pick either AN or "access node" and stick to it.
     By sometimes referring to the entity by acronym and sometimes
     by full name, the casual reader (me) does not immediately
     tie them together and creates 2 entities in his mind as he's
     putting the described behavior together.
  - in section 6.2 it talks about creating a new IPv6 datagram, then
     about adding the option to it and how to determine the contents
     of this datagram, and then it says a new IPv6 datagram is created.
     Wait, so there's 2 IPv6 datagrams or is this the same one? I had to
     read this a few times to figure out what's going on.

  There is an apparent technical problem in section 7 where the new
option is laid out. The option type is an octet and the option length
is also an octet (whose length does not include the option type or
itself). Then follows the a field for the length of the lineID and the
lineID itself. But the length of the lineID is 2 octets implying that
a lineID can be more than 255 octets long. How does this work? If
the lineID itself is greater than 253 octets then the length required
to be encoded in the option length would be greater than 255
which cannot be described with a single octet.

  Either there is the possibility of a valid but unparsable option
that would likely make the rest of the packet unparsable too
(which is bad) or the lineID can never be greater than 253 octets
which then makes me ask why the field to encode its length has to
be 2 octets?

  The other option is, of course, that I'm completely missing something.
If that's the case, forgive my ignorance but please do enlighten me.

  I found no security issues with the draft that require the attention
of the ADs. The Security Considerations mention that this is all
unauthenticated and should only be used on a network where the
communicating entities are already trusted, which seems reasonable
for the way this will be deployed.

  regards,

  Dan.