[secdir] Secdir review of draft-ietf-v6ops-cidr-prefix-01

Paul Wouters <paul@nohats.ca> Sun, 19 April 2015 21:32 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50C381A87C7; Sun, 19 Apr 2015 14:32:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1jBU2BeRp2fQ; Sun, 19 Apr 2015 14:32:34 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 788061A87C3; Sun, 19 Apr 2015 14:32:34 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3lVPWf3Qg8z1Dv; Sun, 19 Apr 2015 23:32:30 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=QUy0P1k3
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id Xz3coS_LH2V2; Sun, 19 Apr 2015 23:32:29 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Sun, 19 Apr 2015 23:32:29 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 681F0803E0; Sun, 19 Apr 2015 17:32:28 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1429479148; bh=unssnrDPvoHh4hw1bmQiQ2Uyx6NAgtugsqKdQjstEdE=; h=Date:From:To:Subject; b=QUy0P1k3YLBRAQcvfluikjoiYVAIhCD2ttJ7DrbJyQPPN76yih/UJzL1lhDyA2zZ4 tzlqxDlBtSROJ8p+3pNZxuU6t5FSWZsvrxXYeZLCOEKyc9kyoM2brK3GKTvjIlOwjH h8IKR7UZoIYp2iTkniiTHNBA2ju9oT9GUhtg3q4Q=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id t3JLWQWJ004902; Sun, 19 Apr 2015 17:32:26 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Sun, 19 Apr 2015 17:32:26 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-v6ops-cidr-prefix.all@tools.ietf.org
Message-ID: <alpine.LFD.2.10.1504191727430.2956@bofh.nohats.ca>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/p-mqNzcVTuerhuzlc_LEqNFBG-4>
Subject: [secdir] Secdir review of draft-ietf-v6ops-cidr-prefix-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Apr 2015 21:32:36 -0000

Secdir review of draft-ietf-v6ops-cidr-prefix-01

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document clarifies IPv6 forwarders should support all IPv6 prefix
lengths and use longest-match-first on prefixes of any valid length.

This document does not introduce security issues in addition to what
is discussed in [RFC4291], which it references in its Security
Considerations section.

I think this draft is Ready.

Paul