Last Call Review of draft-gont-numeric-ids-sec-considerations-06
review-gont-numeric-ids-sec-considerations-06-genart-lc-mishra-2021-01-06-00
Request | Review of | draft-gont-numeric-ids-sec-considerations |
---|---|---|
Requested revision | No specific revision (document currently at 11) | |
Type | Last Call Review | |
Team | General Area Review Team (Gen-ART) (genart) | |
Deadline | 2021-01-04 | |
Requested | 2020-12-07 | |
Authors | Fernando Gont , Ivan Arce | |
I-D last updated | 2021-01-06 | |
Completed reviews |
Tsvart Last Call review of -06
by Dr. Bernard D. Aboba
(diff)
Genart Last Call review of -06 by Gyan Mishra (diff) Secdir Last Call review of -06 by Charlie Kaufman (diff) Dnsdir Last Call review of -10 by Nicolai Leymann (diff) Tsvart Last Call review of -09 by Michael Tüxen (diff) |
|
Assignment | Reviewer | Gyan Mishra |
State | Completed | |
Request | Last Call review on draft-gont-numeric-ids-sec-considerations by General Area Review Team (Gen-ART) Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/gen-art/sQeXJs6ZU4ga80XkFYFCGKo_u0w | |
Reviewed revision | 06 (document currently at 11) | |
Result | Ready w/issues | |
Completed | 2021-01-06 |
review-gont-numeric-ids-sec-considerations-06-genart-lc-mishra-2021-01-06-00
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-gont-numeric-ids-sec-considerations-?? Reviewer: Gyan Mishra Review Date: 2021-01-06 IETF LC End Date: 2021-01-04 IESG Telechat date: Not scheduled for a telechat Summary: This document updates RFC 3552 Security Considerations for Transient numeric identifiers employed in network protocols. Currently RFC 3552 does not address transient network identifiers exploitation by pervasive monitoring. Major issues: None Minor issues: My suggestion is to maybe have examples section similar to RFC 3552 that gives examples of the security implications of the various types of transient numeric identifiers. An example for IPv6 IID would be using modified EUI64 versus RFC 4941 privacy extension or even RFC 7217 / RFC 8064 stable IID. Nits/editorial comments: None