[secdir] Secdir telechat review of draft-ietf-6man-rfc6874bis-09
Leif Johansson via Datatracker <noreply@ietf.org> Mon, 21 August 2023 11:04 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E14D3C15155B; Mon, 21 Aug 2023 04:04:48 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Leif Johansson via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-6man-rfc6874bis.all@ietf.org, ipv6@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 11.8.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <169261588891.19774.3726927789512125878@ietfa.amsl.com>
Reply-To: Leif Johansson <leifj@sunet.se>
Date: Mon, 21 Aug 2023 04:04:48 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/rSudEJEL3KA-SwAgzHi5x_PsM3s>
Subject: [secdir] Secdir telechat review of draft-ietf-6man-rfc6874bis-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Aug 2023 11:04:49 -0000
Reviewer: Leif Johansson Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready (with one question below) The only question I have is on this paragraph in the Security Considerations section: "In the case that a zone identifier contains the hexadecimal MAC address of a network interface, it will be revealed to the HTTP recipient and to any observer on the link. Since the MAC address will also be visible in the underlying layer 2 frame, this is not a new exposure. Nevertheless, this method of naming interfaces might be considered to be a privacy issue." Modern operating systems have the ability to randomize MAC addresses for privacy reasons. The Security considerations section doesn't mention this practice and I'm wondering if it should and in particular if the section above is impacted by this practice. Other than that I find the document well written and a good attempt to describe the various challenges in this space. Well done!
- [secdir] Secdir telechat review of draft-ietf-6ma… Leif Johansson via Datatracker
- Re: [secdir] Secdir telechat review of draft-ietf… Brian E Carpenter