Skip to main content

Last Call Review of draft-hollenbeck-rfc4932bis-

Request Review of draft-hollenbeck-rfc4932bis
Requested revision No specific revision (document currently at 01)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-05-28
Requested 2009-05-19
Authors Scott Hollenbeck
Draft last updated 2009-06-05
Completed reviews Secdir Last Call review of -?? by Chris M. Lonvick
Assignment Reviewer Chris M. Lonvick
State Completed
Review review-hollenbeck-rfc4932bis-secdir-lc-lonvick-2009-06-05
Completed 2009-06-05
On Mon, 1 Jun 2009, Chris Lonvick wrote:


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

I found security-related problems in my review of the document.

That's supposed to be:
I found _no_ security-related problems in my review of the document.

Apologies for the confusion, and thanks Richard for pointing that out.


I did see, however, that the Security Considerations, which point back to ID 

4930.bis, are very similar to the security considerations in RFC 4930.  They 

hint that a secure transport is needed to thwart common mitm attacks but the 

section does not give any specific guidance.

It has been two years since RFC 4930 was published.  Have any secure 

transports been used?  If so, I think it would be a good idea to state which 

one(s) and how its attributes do thwart the threats.

Best regards,