[secdir] secdir review of draft-ietf-v6ops-464xlat-08
Stephen Hanna <shanna@juniper.net> Sat, 22 December 2012 01:41 UTC
Return-Path: <shanna@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FF4B21E804B; Fri, 21 Dec 2012 17:41:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.467
X-Spam-Level:
X-Spam-Status: No, score=-102.467 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_RAND_6=2, UNRESOLVED_TEMPLATE=3.132, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dAjGi4glHDEo; Fri, 21 Dec 2012 17:41:55 -0800 (PST)
Received: from exprod7og109.obsmtp.com (exprod7og109.obsmtp.com [64.18.2.171]) by ietfa.amsl.com (Postfix) with ESMTP id C495121E803A; Fri, 21 Dec 2012 17:41:51 -0800 (PST)
Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob109.postini.com ([64.18.6.12]) with SMTP ID DSNKUNUP3itrLx2v4MkGnuTZdb7n6OOW7dtJ@postini.com; Fri, 21 Dec 2012 17:41:51 PST
Received: from P-CLDFE02-HQ.jnpr.net (172.24.192.60) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Fri, 21 Dec 2012 17:39:23 -0800
Received: from o365mail.juniper.net (207.17.137.149) by o365mail.juniper.net (172.24.192.60) with Microsoft SMTP Server id 14.1.355.2; Fri, 21 Dec 2012 17:39:23 -0800
Received: from CO9EHSOBE042.bigfish.com (207.46.163.25) by o365mail.juniper.net (207.17.137.149) with Microsoft SMTP Server (TLS) id 14.1.355.2; Fri, 21 Dec 2012 17:42:13 -0800
Received: from mail192-co9-R.bigfish.com (10.236.132.252) by CO9EHSOBE042.bigfish.com (10.236.130.105) with Microsoft SMTP Server id 14.1.225.23; Sat, 22 Dec 2012 01:39:22 +0000
Received: from mail192-co9 (localhost [127.0.0.1]) by mail192-co9-R.bigfish.com (Postfix) with ESMTP id 42F414C01D4; Sat, 22 Dec 2012 01:39:22 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.234.117; KIP:(null); UIP:(null); (null); H:SN2PRD0510HT001.namprd05.prod.outlook.com; R:internal; EFV:INT
X-SpamScore: 0
X-BigFish: PS0(zzzz1de0h1202h1e76h1d1ah1d2ahzzz2dh2a8h668h839h944hd25hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh15d0h162dh1631h1758h1155h)
Received: from mail192-co9 (localhost.localdomain [127.0.0.1]) by mail192-co9 (MessageSwitch) id 1356140360445682_2968; Sat, 22 Dec 2012 01:39:20 +0000 (UTC)
Received: from CO9EHSMHS014.bigfish.com (unknown [10.236.132.229]) by mail192-co9.bigfish.com (Postfix) with ESMTP id 6A47332004C; Sat, 22 Dec 2012 01:39:20 +0000 (UTC)
Received: from SN2PRD0510HT001.namprd05.prod.outlook.com (157.56.234.117) by CO9EHSMHS014.bigfish.com (10.236.130.24) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sat, 22 Dec 2012 01:39:17 +0000
Received: from SN2PRD0510MB372.namprd05.prod.outlook.com ([169.254.9.132]) by SN2PRD0510HT001.namprd05.prod.outlook.com ([10.255.116.36]) with mapi id 14.16.0245.002; Sat, 22 Dec 2012 01:39:00 +0000
From: Stephen Hanna <shanna@juniper.net>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-v6ops-464xlat.all@tools.ietf.org" <draft-ietf-v6ops-464xlat.all@tools.ietf.org>
Thread-Topic: secdir review of draft-ietf-v6ops-464xlat-08
Thread-Index: AQHN3+UdOvamVaV7306lbsOJnuymOQ==
Date: Sat, 22 Dec 2012 01:38:58 +0000
Message-ID: <F1DFC16DCAA7D3468651A5A776D5796E068FAB13@SN2PRD0510MB372.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.232.2]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%12219$Dn%IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net
X-FOPE-CONNECTOR: Id%12219$Dn%TOOLS.IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net
Subject: [secdir] secdir review of draft-ietf-v6ops-464xlat-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Dec 2012 01:41:56 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes an architecture for providing IPv4 connectivity across an IPv6-only network. I'm not a fan of documents where the Security Considerations section just says "See these other two specs for the Security Considerations" but in this case it seems that this is adequate. This document is effectively recommends a concatenation stateless v4/v6 translation on the customer side and stateful v6/v4 translation in the provider so it does make sense that the combination of the RFC 6145 and RFC 6146 Security Considerations would do it. And a review of those documents shows that their Security Considerations are thoughtful and well-considered. I did find a few minor typos in section 8.2. In the first paragraph: "a explanation" should be "an explanation" "using combination" should be "using a combination" "is delegated IPv6 prefix" should be "is delegated an IPv6 prefix" Those were the only typos or errors that I found. Note that I am not an expert in address translation or IPv6 operations so there could be hidden security issues here that I didn't find.
- [secdir] secdir review of draft-ietf-v6ops-464xla… Stephen Hanna
- Re: [secdir] secdir review of draft-ietf-v6ops-46… joel jaeggli