[secdir] secdir review of draft-ietf-v6ops-464xlat-08

Stephen Hanna <shanna@juniper.net> Sat, 22 December 2012 01:41 UTC

Return-Path: <shanna@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 9FF4B21E804B; Fri, 21 Dec 2012 17:41:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.467
X-Spam-Status: No, score=-102.467 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_RAND_6=2, UNRESOLVED_TEMPLATE=3.132, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id dAjGi4glHDEo; Fri, 21 Dec 2012 17:41:55 -0800 (PST)
Received: from exprod7og109.obsmtp.com (exprod7og109.obsmtp.com []) by ietfa.amsl.com (Postfix) with ESMTP id C495121E803A; Fri, 21 Dec 2012 17:41:51 -0800 (PST)
Received: from P-EMHUB01-HQ.jnpr.net ([]) (using TLSv1) by exprod7ob109.postini.com ([]) with SMTP ID DSNKUNUP3itrLx2v4MkGnuTZdb7n6OOW7dtJ@postini.com; Fri, 21 Dec 2012 17:41:51 PST
Received: from P-CLDFE02-HQ.jnpr.net ( by P-EMHUB01-HQ.jnpr.net ( with Microsoft SMTP Server (TLS) id; Fri, 21 Dec 2012 17:39:23 -0800
Received: from o365mail.juniper.net ( by o365mail.juniper.net ( with Microsoft SMTP Server id 14.1.355.2; Fri, 21 Dec 2012 17:39:23 -0800
Received: from CO9EHSOBE042.bigfish.com ( by o365mail.juniper.net ( with Microsoft SMTP Server (TLS) id 14.1.355.2; Fri, 21 Dec 2012 17:42:13 -0800
Received: from mail192-co9-R.bigfish.com ( by CO9EHSOBE042.bigfish.com ( with Microsoft SMTP Server id; Sat, 22 Dec 2012 01:39:22 +0000
Received: from mail192-co9 (localhost []) by mail192-co9-R.bigfish.com (Postfix) with ESMTP id 42F414C01D4; Sat, 22 Dec 2012 01:39:22 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:; KIP:(null); UIP:(null); (null); H:SN2PRD0510HT001.namprd05.prod.outlook.com; R:internal; EFV:INT
X-SpamScore: 0
X-BigFish: PS0(zzzz1de0h1202h1e76h1d1ah1d2ahzzz2dh2a8h668h839h944hd25hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh15d0h162dh1631h1758h1155h)
Received: from mail192-co9 (localhost.localdomain []) by mail192-co9 (MessageSwitch) id 1356140360445682_2968; Sat, 22 Dec 2012 01:39:20 +0000 (UTC)
Received: from CO9EHSMHS014.bigfish.com (unknown []) by mail192-co9.bigfish.com (Postfix) with ESMTP id 6A47332004C; Sat, 22 Dec 2012 01:39:20 +0000 (UTC)
Received: from SN2PRD0510HT001.namprd05.prod.outlook.com ( by CO9EHSMHS014.bigfish.com ( with Microsoft SMTP Server (TLS) id; Sat, 22 Dec 2012 01:39:17 +0000
Received: from SN2PRD0510MB372.namprd05.prod.outlook.com ([]) by SN2PRD0510HT001.namprd05.prod.outlook.com ([]) with mapi id 14.16.0245.002; Sat, 22 Dec 2012 01:39:00 +0000
From: Stephen Hanna <shanna@juniper.net>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-v6ops-464xlat.all@tools.ietf.org" <draft-ietf-v6ops-464xlat.all@tools.ietf.org>
Thread-Topic: secdir review of draft-ietf-v6ops-464xlat-08
Thread-Index: AQHN3+UdOvamVaV7306lbsOJnuymOQ==
Date: Sat, 22 Dec 2012 01:38:58 +0000
Message-ID: <F1DFC16DCAA7D3468651A5A776D5796E068FAB13@SN2PRD0510MB372.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-FOPE-CONNECTOR: Id%12219$Dn%IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net
X-FOPE-CONNECTOR: Id%12219$Dn%TOOLS.IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net
Subject: [secdir] secdir review of draft-ietf-v6ops-464xlat-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Dec 2012 01:41:56 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments
just like any other last call comments.

This document describes an architecture for providing IPv4 connectivity
across an IPv6-only network. I'm not a fan of documents where the
Security Considerations section just says "See these other two specs
for the Security Considerations" but in this case it seems that this
is adequate. This document is effectively recommends a concatenation
stateless v4/v6 translation on the customer side and stateful v6/v4
translation in the provider so it does make sense that the combination
of the RFC 6145 and RFC 6146 Security Considerations would do it. And
a review of those documents shows that their Security Considerations
are thoughtful and well-considered.

I did find a few minor typos in section 8.2. In the first paragraph:

"a explanation" should be "an explanation"
"using combination" should be "using a combination"
"is delegated IPv6 prefix" should be "is delegated an IPv6 prefix"

Those were the only typos or errors that I found.

Note that I am not an expert in address translation or IPv6 operations
so there could be hidden security issues here that I didn't find.