Last Call Review of draft-hollenbeck-rfc4932bis-
review-hollenbeck-rfc4932bis-secdir-lc-lonvick-2009-06-05-00
| Request | Review of | draft-hollenbeck-rfc4932bis |
|---|---|---|
| Requested revision | No specific revision (document currently at 01) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2009-05-28 | |
| Requested | 2009-05-19 | |
| Authors | Scott Hollenbeck | |
| I-D last updated | 2009-06-05 | |
| Completed reviews |
Secdir Last Call review of -??
by Chris M. Lonvick
|
|
| Assignment | Reviewer | Chris M. Lonvick |
| State | Completed | |
| Request | Last Call review on draft-hollenbeck-rfc4932bis by Security Area Directorate Assigned | |
| Completed | 2009-06-05 |
review-hollenbeck-rfc4932bis-secdir-lc-lonvick-2009-06-05-00
On Mon, 1 Jun 2009, Chris Lonvick wrote: Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I found security-related problems in my review of the document. That's supposed to be: I found _no_ security-related problems in my review of the document. Apologies for the confusion, and thanks Richard for pointing that out. Regards, Chris I did see, however, that the Security Considerations, which point back to ID 4930.bis, are very similar to the security considerations in RFC 4930. They hint that a secure transport is needed to thwart common mitm attacks but the section does not give any specific guidance. It has been two years since RFC 4930 was published. Have any secure transports been used? If so, I think it would be a good idea to state which one(s) and how its attributes do thwart the threats. Best regards, Chris