Telechat Review of draft-ietf-6man-rfc2460bis-09

Request Review of draft-ietf-6man-rfc2460bis
Requested rev. no specific revision (document currently at 13)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2017-04-11
Requested 2017-03-17
Authors Steve Deering, Bob Hinden
Draft last updated 2017-04-13
Completed reviews Rtgdir Last Call review of -08 by Papadimitriou Dimitri (diff)
Intdir Early review of -08 by Bob Halley (diff)
Genart Last Call review of -08 by Peter Yee (diff)
Tsvart Telechat review of -09 by Martin Stiemerling (diff)
Secdir Telechat review of -09 by Hilarie Orman (diff)
Opsdir Early review of -09 by Linda Dunbar (diff)
Assignment Reviewer Hilarie Orman
State Completed
Review review-ietf-6man-rfc2460bis-09-secdir-telechat-orman-2017-04-13
Reviewed rev. 09 (document currently at 13)
Review result Has Issues
Review completed: 2017-04-13


                    Security review of
       Internet Protocol, Version 6 (IPv6) Specification

Do not be alarmed.  I have reviewed this document as part of the
security directorate’s ongoing effort to review all IETF documents
being processed by the IESG. These comments were written primarily for
the benefit of the security area directors.  Document editors and WG
chairs should treat these comments just like any other last call

This document is the IPv6 specification.  Recent modifications have
clarified how to process extension headers.

The security considerations are brief and have not changed:

    IPv6 ... has security properties similar to IPv4.  Risks of
    corruption, forgery, and interception of packets, resulting in the
    exposure of private information, may be mitigated by use of the
    Security Architecture for the Internet Protocol [RFC4301] or
    encryption at higher layers of the protocol stack.
I wonder if the only security consideration for IP is the risk of
exposure of private information?  Of course not.  But, I suppose
that's not in scope of this review.

One thing worth mentioning about the changes re header processing
is that is contributes to security by reducing complexity and
reducing the attack surface.