Last Call Review of draft-ietf-16ng-ip-over-ethernet-over-802-dot-16-
review-ietf-16ng-ip-over-ethernet-over-802-dot-16-secdir-lc-meadows-2009-08-27-00
| Request | Review of | draft-ietf-16ng-ip-over-ethernet-over-802-dot-16 |
|---|---|---|
| Requested revision | No specific revision (document currently at 12) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2009-09-08 | |
| Requested | 2009-08-22 | |
| Authors | Max Riegel , Sangjin Jeong , HongSeok Jeon | |
| I-D last updated | 2009-08-27 | |
| Completed reviews |
Secdir Last Call review of -??
by Catherine Meadows
|
|
| Assignment | Reviewer | Catherine Meadows |
| State | Completed | |
| Request | Last Call review on draft-ietf-16ng-ip-over-ethernet-over-802-dot-16 by Security Area Directorate Assigned | |
| Completed | 2009-08-27 |
review-ietf-16ng-ip-over-ethernet-over-802-dot-16-secdir-lc-meadows-2009-08-27-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This ID describes the transmission of IP4/IP6 over Ethernet in an access network deploying IEEE 802.16. Security is mentioned only in the Security Considerations section, which reads This document does not introduce any new vulnerabilities to IPv4 and IPv6 specifications or operations. The security of the IEEE 802.16 air interface between SSs and BS is the subject of [ 802.16 ] and the security issues of Ethernet bridging are the subjects of [ 802.1D ]. The generic IP over Ethernet network using IEEE 802.16 emulates Ethernet link, since existing IPv4 and IPv6 security mechanisms over Ethernet can be still used. While the public access network ensures secure isolation of each of upstream link between hosts and AR, it still adopts SEcure Neighbor Discovery (SEND) [ RFC3971 ] for securing neighbor discovery processes and it does not introduce any new vulnerabilities over those of Ethernet bridging. This I found very hard to draw any conclusions from, although that may be partly because I don't have access to 802.16 or 802.1D. However, I would like to see a little more than just a blanket statement that this document does not introduce any new vulnerabilities, e.g. some supporting information. How are the security mechanisms of IPv4 and IPv6 supposed to work together with those of 802.16? How do the security issues of Ethernet bridging as described in 802.1D impact the security of IPv4 and IPv6? I don't think you need to go into a whole lot of detail here, since this is not the main focus of the document, but I would like to see more evidence than this. If there are other documents that address those issues you can just point to them. Cathy Meadows Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows at nrl.navy.mil