[secdir] SecDir review of draft-ietf-v6ops-64share-09
Yaron Sheffer <yaronf.ietf@gmail.com> Wed, 19 February 2014 15:49 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA8C91A040F; Wed, 19 Feb 2014 07:49:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nFb4yDpd4SA7; Wed, 19 Feb 2014 07:49:52 -0800 (PST)
Received: from mail-ee0-x230.google.com (mail-ee0-x230.google.com [IPv6:2a00:1450:4013:c00::230]) by ietfa.amsl.com (Postfix) with ESMTP id D4E9D1A032A; Wed, 19 Feb 2014 07:49:51 -0800 (PST)
Received: by mail-ee0-f48.google.com with SMTP id t10so322976eei.7 for <multiple recipients>; Wed, 19 Feb 2014 07:49:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=DQegKVzEXDuHj3SXDd/z9Yh2r/o1snbJTEgSrtRxS88=; b=Tty3X94HF2HQDbNuLTgMHwf2QLl82nTzGaqx9gH+l4EujzkGvZ21d56yp4UapNMCs5 JmfEnlDFCGkyLsBsfSf84jxdc4Om8BLPz0vcnVIm8zAmlSa+BxZ4h0nyfr/66ANFoVwY Fz66nbHJTDq73FuPrcxJmqXOqCEZHTh21Pay/sPIyJ8k5kuCvuSnDTFeIlN0+W9p6iTB CJFxm43SWrdr+Vfv1h99LpGHoXeH9IxT8OQQ8WfBSbMGVe5g8kfBcrrNffUcXzgLCRxN YSy0xTfLB/81ARPgZzex7ZTMhatC8Kj35MoEwWF7u8ROqhrz4TiJuxVQnFbe3+pWoY2m th0w==
X-Received: by 10.15.75.193 with SMTP id l41mr1781787eey.114.1392824987751; Wed, 19 Feb 2014 07:49:47 -0800 (PST)
Received: from [10.2.0.16] (89-139-136-195.bb.netvision.net.il. [89.139.136.195]) by mx.google.com with ESMTPSA id m9sm2141715eeh.3.2014.02.19.07.49.45 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 19 Feb 2014 07:49:46 -0800 (PST)
Message-ID: <5304D298.7050101@gmail.com>
Date: Wed, 19 Feb 2014 17:49:44 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: secdir@ietf.org, draft-ietf-v6ops-64share.all@tools.ietf.org, iesg@ietf.org
References: <4FBFAE5F.8010305@gmail.com>
In-Reply-To: <4FBFAE5F.8010305@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/qMyzETpAItcL7OiSvCEx9sXOYc4
Subject: [secdir] SecDir review of draft-ietf-v6ops-64share-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2014 15:49:57 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes two options of providing hosts behind a 3GPP UE (e.g., cellular router) with an IPv6 network prefix, in networks that do not support IPv6 prefix delegation. The document is explicitly non-normative. Summary The document is ready to progress. Details - I don't understand why the first scenario (sec. 4.2) is even useful, i.e. why allocate the /64 to the LAN (and not just settle for a link-local prefix) when the UE does not have an address on the 3GPP link, and so cannot route traffic to the Internet? - Despite the non-normative status of the document, I think the security considerations deserve stronger wording. I suggest to replace "shall be considered" by "SHOULD be applied". - I would suggest that the security considerations also mention the privacy implications of having a (typically) small number of devices, all within a single unchanging network prefix. I *believe* this is behind the discussion of RFC 4941 is Sec. 4.3, but I would rather have the threat spelled out. Thanks, Yaron
- [secdir] SecDir review of draft-camarillo-rai-med… Yaron Sheffer
- Re: [secdir] SecDir review of draft-camarillo-rai… Gonzalo Camarillo
- Re: [secdir] SecDir review of draft-camarillo-rai… Gonzalo Camarillo
- [secdir] SecDir review of draft-yegin-pana-encr-a… Yaron Sheffer
- [secdir] SecDir review of draft-ietf-krb-wg-kerbe… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-krb-wg-k… Sean Turner
- Re: [secdir] SecDir review of draft-ietf-krb-wg-k… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-krb-wg-k… Stephen Farrell
- Re: [secdir] SecDir review of draft-ietf-krb-wg-k… Sam Hartman
- Re: [secdir] SecDir review of draft-ietf-krb-wg-k… Tom Yu
- [secdir] SecDir and AppsDir review of draft-ietf-… Alexey Melnikov
- Re: [secdir] SecDir and AppsDir review of draft-i… Alexey Melnikov
- [secdir] Use of StringPrep/Unicode (was Re: SecDi… Alexey Melnikov
- Re: [secdir] Use of StringPrep/Unicode (was Re: S… Alexey Melnikov
- Re: [secdir] SecDir and AppsDir review of draft-i… Mallikarjun Chadalapaka
- Re: [secdir] SecDir and AppsDir review of draft-i… Mallikarjun Chadalapaka
- Re: [secdir] Use of StringPrep/Unicode (was Re: S… Black, David
- Re: [secdir] Use of StringPrep/Unicode (was Re: S… Black, David
- Re: [secdir] SecDir and AppsDir review of draft-i… Black, David
- Re: [secdir] SecDir and AppsDir review of draft-i… Alexey Melnikov
- Re: [secdir] SecDir and AppsDir review of draft-i… Mallikarjun Chadalapaka
- Re: [secdir] SecDir and AppsDir review of draft-i… Alexey Melnikov
- [secdir] SecDir review of draft-ietf-6renum-enter… Yaron Sheffer
- [secdir] SecDir repeat review of draft-ietf-6renu… Yaron Sheffer
- [secdir] SecDir review of draft-ietf-rtgwg-ipfrr-… Yaron Sheffer
- [secdir] SecDir review of draft-ietf-clue-telepre… Yaron Sheffer
- [secdir] SecDir review of draft-ietf-v6ops-64shar… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-v6ops-64… Vízdal Aleš
- Re: [secdir] SecDir review of draft-ietf-v6ops-64… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-v6ops-64… Vízdal Aleš