Last Call Review of draft-ietf-6man-text-addr-representation-
review-ietf-6man-text-addr-representation-secdir-lc-yu-2010-01-31-00
| Request | Review of | draft-ietf-6man-text-addr-representation |
|---|---|---|
| Requested revision | No specific revision (document currently at 07) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2010-02-02 | |
| Requested | 2010-01-21 | |
| Authors | Seiichi Kawamura , Masanobu Kawashima | |
| I-D last updated | 2010-01-31 | |
| Completed reviews |
Secdir Last Call review of -??
by Taylor Yu
|
|
| Assignment | Reviewer | Taylor Yu |
| State | Completed | |
| Request | Last Call review on draft-ietf-6man-text-addr-representation by Security Area Directorate Assigned | |
| Completed | 2010-01-31 |
review-ietf-6man-text-addr-representation-secdir-lc-yu-2010-01-31-00
This draft indicates that it has no security considerations. I think that conflicts with Section 3.2.5, which gives an example of inappropriate (textual) verification of IPv6 addresses in an X.509 certificate. Although (in my understanding) IPv6 addresses in X.509 certificates are in binary form and probably should be compared as such, if the authors feel the need to explicitly call out an example of inappropriate textual verification of addresses, which could have security consequences if the address values in question are used for access control. The text in Section 3.3.3 about network abuse reporting would also appear to have some operational (but probably not protocol) security consequences, especially if a network operator would need to respond rapidly to an ongoing attack. Editorial: In Section 3.3.2, I believe the claim that IPv4 addresses cannot be abbreviated is false. Historically, BSD implementations of textual IPv4 address parsing have accepted a number of variant abbreviated notations. I think they have generally output canonical dotted-quad IPv4 addresses though.