[secdir] review of draft-ietf-dhc-relay-id-suboption-07
"Dan Harkins" <dharkins@lounge.org> Sat, 10 October 2009 18:11 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5C9463A67B6; Sat, 10 Oct 2009 11:11:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.023
X-Spam-Level:
X-Spam-Status: No, score=-6.023 tagged_above=-999 required=5 tests=[AWL=0.242, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gPHouxqVc2Bn; Sat, 10 Oct 2009 11:11:17 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by core3.amsl.com (Postfix) with ESMTP id A973D3A6778; Sat, 10 Oct 2009 11:11:17 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 8A7C7A888116; Sat, 10 Oct 2009 11:13:04 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Sat, 10 Oct 2009 11:13:04 -0700 (PDT)
Message-ID: <ceb102c1a0af5465cf8b83720a3d8d85.squirrel@www.trepanning.net>
Date: Sat, 10 Oct 2009 11:13:04 -0700
From: Dan Harkins <dharkins@lounge.org>
To: secdir@ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: dhc-chairs@tools.ietf.org, john_brzozowski@cable.comcast.com, iesg@ietf.org, mjs@cisco.com
Subject: [secdir] review of draft-ietf-dhc-relay-id-suboption-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Oct 2009 18:11:18 -0000
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft defines a sub-option of DHCP's Relay Information Option to identify relay agents. It is straightforward, easy to read, and provides good use cases to justify the need for this sub-option. I think it is ready for publication modulo a couple of minor issues. The Security Considerations mentions that security issues with the Relay Information Option are discussed in RFC 3046 and RFC 4030 but I think it might be a good idea to be a bit more specific and mention the security considerations of the draft in question, even if all it did was say something like, "This memo defines a sub-option of the Relay Information Option and therefore is subject to the security considerations of RFC 3046 and RFC 4030...." The draft defines two types of identifiers to populate this new sub-option, one uses the DHCP Unique Identifier (DUID) and the other is a simple ASCII string. For interoperability purposes, I think one of those should be mandatory-to-implement (I suggest DUID). regards, Dan.