Last Call Review of draft-ietf-6lo-blemesh-08
review-ietf-6lo-blemesh-08-secdir-lc-meadows-2020-11-18-00

Request Review of draft-ietf-6lo-blemesh
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2020-10-21
Requested 2020-10-07
Authors Carles Gomez, Seyed Darroudi, Teemu Savolainen, Michael Spoerk
Draft last updated 2020-11-18
Completed reviews Rtgdir Last Call review of -08 by Acee Lindem (diff)
Secdir Last Call review of -08 by Catherine Meadows (diff)
Genart Last Call review of -08 by Pete Resnick (diff)
Iotdir Last Call review of -08 by Dominique Barthel (diff)
Assignment Reviewer Catherine Meadows 
State Completed
Review review-ietf-6lo-blemesh-08-secdir-lc-meadows-2020-11-18
Posted at https://mailarchive.ietf.org/arch/msg/secdir/SfxASLhZzfL4xm_iZNkJMgw9q4Q
Reviewed rev. 08 (document currently at 09)
Review result Ready
Review completed: 2020-11-18

Review
review-ietf-6lo-blemesh-08-secdir-lc-meadows-2020-11-18

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments. This document specifies mechanisms that are needed to enable IPv6 mesh topologies over Bluetooth Low Energy Links established using the Bluetooth Internet Protocol Support Profile.  It does not specify the routing protocol to be used in an IPv6, and it does not specify security mechanisms. 

In the Security Considerations Section the document directs the reader to the relevant documents.
For most security issues, it points the reader to RFC 7668, “IPv6 over BLUETOOTH(R) Low Energy.”  For security issues produced by the routing protocol, the reader is directed to RFC 7416, “ A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)”, and it is noted that the issues addressed in that RFC are useful for other low energy routing protocols as well.  Finally it is noted that the Registration Ownership Verifier (ROVR) field can be derived from the Bluetooth address, and that this field is also subject to impersonation and spoofing.  For this the document refers the reader the Internet Draft on "Address Protected Neighbor Discovery for Low-power and Lossy Networks.”

I think that this document does an excellent job of identifying the relevant security issues to related to its topic, and of directing the reader to the relevant documents.

I consider this document Ready.