Last Call Review of draft-ietf-6lo-dect-ule-08
review-ietf-6lo-dect-ule-08-secdir-lc-josefsson-2016-12-08-00

Request Review of draft-ietf-6lo-dect-ule
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-12-02
Requested 2016-11-17
Draft last updated 2016-12-08
Completed reviews Genart Last Call review of -08 by Robert Sparks (diff)
Secdir Last Call review of -08 by Simon Josefsson (diff)
Intdir Early review of -05 by Pascal Thubert (diff)
Intdir Early review of -05 by Tatuya Jinmei (diff)
Assignment Reviewer Simon Josefsson
State Completed
Review review-ietf-6lo-dect-ule-08-secdir-lc-josefsson-2016-12-08
Reviewed rev. 08 (document currently at 09)
Review result Has Issues
Review completed: 2016-12-08

Review
review-ietf-6lo-dect-ule-08-secdir-lc-josefsson-2016-12-08

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

The draft describes how to transmit IPv6 packets over DECT ULE using
6LoWPAN.  The document contains a good introduction to DECT, which is
particulary helpful to the IETF community.  The security consideration
already mentions the privacy concern related to link-level MAC
addresses, which is something that would otherwise would be easy to
criticize.  The document uses acronyms which makes it difficult to read
but the document strikes me as well written and well thought out anyway.

I believe the document is Ready with Nits.

Major nits:

1) Security Considerations.  I believe the document should state that
IPv6 traffic transmitted over DECT ULE should be protected using normal
IETF protocols (e.g., IPSEC or TLS) when there is a need for security.
The text says DECT ULE is secured using AES-CCM keyed from the DECT ULE
pairing, implying that this offers some security.  The document does not
explain (or inspire confidence) that the pairing process of DECT ULE has
sufficient entropy as input to provide good link-level security, nor
that it is based on any well established protocol.  A word or two about
this would be informative, but not really required.  The process may be
completely secure, but it may also not be.  I don't recall any link
layer security protocol that haven't had a significant security problem
in the past.  Regardless, I believe it is warranted to safeguard readers
that they should not consider DECT ULE transport a secure transport for
protecting data at the transport and/or application level.  Implementers
need to employ transport and/or application-level security like
IPSEC/TLS/CMS/OpenPGP as well.  To address my concern, I suggest to add
the following after the third paragraph:

   While DECT ULE offer some link-layer security properties, the
   transport of data over DECT ULE may require additional transport
   protocol, or application protocol, security guarantees.  When there
   is a need, the use of IPSEC [RFC XXXX], TLS [RFC YYYY], CMS [RFC
   ZZZZ], OpenPGP [RFC QQQQ] or similar security protocols, are
   recommended.

Minor nits:

A) Spell out DECT in the abstract and title.  In the introduction
section, change 'DECT (Digital Enhanced Cordless Telecommunications)'
into 'Digital Enhanced Cordless Telecommunications (DECT)'.

Cheers,
/Simon