[secdir] secdir review of draft-ietf-dhc-dhcpv6-stateful-issues=11

"Dan Harkins" <dharkins@lounge.org> Mon, 16 March 2015 20:41 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 563401A90E0; Mon, 16 Mar 2015 13:41:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RBAtxX9MMALM; Mon, 16 Mar 2015 13:40:59 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 4AFA31A90D8; Mon, 16 Mar 2015 13:40:59 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 2EC0E1FE01EA; Mon, 16 Mar 2015 13:40:59 -0700 (PDT)
Received: from 104.36.248.10 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Mon, 16 Mar 2015 13:40:59 -0700 (PDT)
Message-ID: <a41ff499c457164a84675d250aa8b1e7.squirrel@www.trepanning.net>
Date: Mon, 16 Mar 2015 13:40:59 -0700 (PDT)
From: "Dan Harkins" <dharkins@lounge.org>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-dhc-dhcpv6-stateful-issues.all@tools.ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/xuyx-3HI0x093kwrV5F46I8IIks>
Subject: [secdir] secdir review of draft-ietf-dhc-dhcpv6-stateful-issues=11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2015 20:41:00 -0000

  First of all, sorry for the tardiness of this review….

  I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

  This draft provides quite a few updates to RFC 3315 to deal with
an issue that was not anticipated when that RFC was developed:
additional stateful DHCPv6 options. The problematic option that
has been added is for DHCPv6 prefix delegation (IA_PD) and some
interop issues have been observed when the non-temporary
addresses option (IA_NA) and the prefix delegation option are used
together. The draft specifies new normative behavior to address
coexistence problems with IA_NA and IA_PD.

  I believe the draft is "Ready with nits". Actually ready with nit and
that nit is that the Security Considerations should point back to
RFC 3315 (which has nice Security Considerations). Currently it
only says, "There are no new security considerations pertaining to
this document." and it might be a good idea to say something more
like "This document adds no new security considerations to those
described in [RFC 3315]." or something like that.

  regards,

  Dan.