Telechat Review of draft-ietf-6man-rfc2460bis-09
review-ietf-6man-rfc2460bis-09-secdir-telechat-orman-2017-04-13-00
| Request | Review of | draft-ietf-6man-rfc2460bis |
|---|---|---|
| Requested revision | No specific revision (document currently at 13) | |
| Type | Telechat Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2017-04-11 | |
| Requested | 2017-03-17 | |
| Authors | Dr. Steve E. Deering , Bob Hinden | |
| Draft last updated | 2017-04-13 | |
| Completed reviews |
Rtgdir Last Call review of -08
by
Papadimitriou Dimitri
(diff)
Intdir Early review of -08 by Bob Halley (diff) Genart Last Call review of -08 by Peter E. Yee (diff) Tsvart Telechat review of -09 by Martin Stiemerling (diff) Secdir Telechat review of -09 by Hilarie Orman (diff) Opsdir Early review of -09 by Linda Dunbar (diff) |
|
| Assignment | Reviewer | Hilarie Orman |
| State | Completed | |
| Review |
review-ietf-6man-rfc2460bis-09-secdir-telechat-orman-2017-04-13
|
|
| Reviewed revision | 09 (document currently at 13) | |
| Result | Has Issues | |
| Completed | 2017-04-13 |
review-ietf-6man-rfc2460bis-09-secdir-telechat-orman-2017-04-13-00
Security review of
Internet Protocol, Version 6 (IPv6) Specification
draft-ietf-6man-rfc2460bis-09
Do not be alarmed. I have reviewed this document as part of the
security directorate’s ongoing effort to review all IETF documents
being processed by the IESG. These comments were written primarily for
the benefit of the security area directors. Document editors and WG
chairs should treat these comments just like any other last call
comments.
This document is the IPv6 specification. Recent modifications have
clarified how to process extension headers.
The security considerations are brief and have not changed:
IPv6 ... has security properties similar to IPv4. Risks of
corruption, forgery, and interception of packets, resulting in the
exposure of private information, may be mitigated by use of the
Security Architecture for the Internet Protocol [RFC4301] or
encryption at higher layers of the protocol stack.
I wonder if the only security consideration for IP is the risk of
exposure of private information? Of course not. But, I suppose
that's not in scope of this review.
One thing worth mentioning about the changes re header processing
is that is contributes to security by reducing complexity and
reducing the attack surface.
Hilarie