IETF Last Call Review of draft-ietf-6man-icmpv6-reflection-11
review-ietf-6man-icmpv6-reflection-11-secdir-lc-sparks-2025-10-21-00
| Request | Review of | draft-ietf-6man-icmpv6-reflection |
|---|---|---|
| Requested revision | No specific revision (document currently at 19) | |
| Type | IETF Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2025-10-26 | |
| Requested | 2025-10-12 | |
| Authors | Tal Mizrahi , hexiaoming , Tianran Zhou , Ron Bonica , Xiao Min | |
| I-D last updated | 2026-01-05 (Latest revision 2025-12-15) | |
| Completed reviews |
Genart IETF Last Call review of -12
by Thomas Fossati
(diff)
Secdir IETF Last Call review of -11 by Robert Sparks (diff) Opsdir IETF Last Call review of -12 by Niclas Comstedt (diff) Tsvart IETF Last Call review of -11 by Kyle Rose (diff) Intdir Telechat review of -12 by Suresh Krishnan (diff) |
|
| Assignment | Reviewer | Robert Sparks |
| State | Completed | |
| Request | IETF Last Call review on draft-ietf-6man-icmpv6-reflection by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/S7sNeLExCCaYI0sPsLBpUvEV2QU | |
| Reviewed revision | 11 (document currently at 19) | |
| Result | Has issues | |
| Completed | 2025-10-21 |
review-ietf-6man-icmpv6-reflection-11-secdir-lc-sparks-2025-10-21-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other review comments. This document is basically ready, but has issues to consider before publication as a Proposed Standard RFC. Primary Issues: The figure makes it clear what a responder is intended to do, but the text does not. At the bottom of page 6, the statement "it MUST copy the request message into the object payload" is not what's intended. The intent is to only copy the part of the request message the figure describes (headers up to a certain point). The document claims that "middle boxes are not intended to modify the Reflect All object" and "Middle boxes must not modify the Reflect All extension object." The use of lower case must not here is a warning sign. I think all you can say in both cases is "If a middle box modifies the Reflect All extension object, this mechanism does not work." and "There's no way to detect if a middle box modifies the Reflect All extension object" (Unless there _is_, in which case, the document should _definitely_ talk more about that.) Consider discussing whether there's risk involved if a responder intentionally misrepresents what it received in the Reflect All response. At least note the possibility. Consider also discussing if there's any reason a responder and a middlebox would collaborate to tell the requester something other than what actually appeared at the responder. I think it would be worth noting that a requester and responder could collaborate to use this new payload space as a tunnel for arbitrary communication (even using other extensions to make sure there was enough _space_ needed for that collaboration) possibly circumventing security mechanisms at, say, enterprise edges. Security ADs - note here that the doc calls out the possibility of using this space for enabling round-trip time calculations, for example. Nits: Page 3 2nd paragraph: s/as was when/as it was when/ Section 3 "Use Cases" doesn't look like use cases. It calls out some other extensions and notes that the sender might be interested in what's received when those extensions are used. Consider naming the section "Motivation". Consider explicitly saying _why_ the Reflect All object MUST be the first object in the Extension Structure.