[secdir] Secdir last call review of draft-ietf-opsec-ipv6-eh-filtering-06

Nancy Cam-Winget <ncamwing@cisco.com> Wed, 05 December 2018 02:29 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 479DE130E0A; Tue, 4 Dec 2018 18:29:44 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Nancy Cam-Winget <ncamwing@cisco.com>
To: <secdir@ietf.org>
Cc: opsec@ietf.org, ietf@ietf.org, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.89.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154397698424.4865.5720014731238210447@ietfa.amsl.com>
Date: Tue, 04 Dec 2018 18:29:44 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ozYWuqlOZJoczVtvUARy1dErD-A>
Subject: [secdir] Secdir last call review of draft-ietf-opsec-ipv6-eh-filtering-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 02:29:44 -0000

Reviewer: Nancy Cam-Winget
Review result: Has Nits

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

Significant nits:

This document provides recommendations that do include security considerations;
but it is missing privacy considerations.  While there may be no (or little
impact), there should at least be some mention of privacy considerations in
Section 6 (or create a new section).

The document also references two drafts that are expired.

General: it would be useful to reference the “EH Types” (RFC7045?) so that it
is clearly distinct from the general “Option types” defined in RFC8200 (and
also include the RFC8200 as reference on the first occurrence of “option types”)

Section 2.1: the Terminology needs to be updated to comply with the latest
BCP14 and RFC8174

Section 2.3: given the expressed terminology, I believe the “is *not*” is
better stated as “SHOULD NOT” to be consistent with IETF guidelines in RFC8174.

Section 2.3: this section not about “Conventions” but is really more about
“Assumptions” with some recommendations already sprinkled, so the section
should fall more in the “General Discussion” section

Section 3.1: Not sure this is correct:  “[RFC7045] identifies
   which of the currently assigned Internet Protocol numbers identify
   IPv6 EHs vs. upper-layer protocols. ”
Reading RFC7045: it seems to be focused on how to process the extensions
appropriately not sure it really does the identification of protocol layering
or distinction?

Simple Editorial nits:
Section 2.3: redundant reference.  Suggest to update
from: “in [RFC7045].  Namely (from [RFC7045]),”
to: “namely from [RFC7045]:”

Section 3.1: the following sentence or perhaps the last clause (“they contain”)
is not needed:
 “ This document discusses the
   filtering of packets based on the IPv6 EHs (as specified by
   [RFC7045]) they contain.”