Last Call Review of draft-ietf-babel-dtls-06
review-ietf-babel-dtls-06-rtgdir-lc-rogge-2019-07-05-00
| Request | Review of | draft-ietf-babel-dtls |
|---|---|---|
| Requested revision | No specific revision (document currently at 10) | |
| Type | Last Call Review | |
| Team | Routing Area Directorate (rtgdir) | |
| Deadline | 2019-07-05 | |
| Requested | 2019-06-20 | |
| Requested by | Martin Vigoureux | |
| Authors | Antonin Décimo , David Schinazi , Juliusz Chroboczek | |
| I-D last updated | 2019-07-05 | |
| Completed reviews |
Rtgdir Early review of -00
by Tony Przygienda
(diff)
Secdir Early review of -03 by Sean Turner (diff) Rtgdir Last Call review of -06 by Henning Rogge (diff) Genart Last Call review of -05 by Dan Romascanu (diff) Secdir Last Call review of -07 by Sean Turner (diff) |
|
| Assignment | Reviewer | Henning Rogge |
| State | Completed | |
| Request | Last Call review on draft-ietf-babel-dtls by Routing Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/rtg-dir/fuvl_TQmvfqxbtq5Qv12qB_ok4M | |
| Reviewed revision | 06 (document currently at 10) | |
| Result | Has issues | |
| Completed | 2019-07-05 |
review-ietf-babel-dtls-06-rtgdir-lc-rogge-2019-07-05-00
//resend to RTG DIR list Hi, I was asked by the Routing Directorate to do a last call review of draft-ietf-babel-dtls-06. I like that the draft is quite short, which is a good thing for a security draft. I have found a few question you can consider to address in the final document. Chapter 2.3: I wonder if using DTLS protected unicast Hellos should be mandatory... using unprotected multicast to determine bidirectional reachability looks like a good way to do a cheap denial of service attack. Chapter 2.5: What happens when a node starts a new DTLS connection and there is already one in the neighbor table? This could both be an attempt to attack Babel, a reboot of a node or just a matter of misconfiguration of two nodes. Chapter 3: Different pairs of nodes could select different ciphers, resulting in different MTUs. I assume this is no problem for Babel (could be mentioned in the chapter). Some of the design decisions of regarding the three questions could be mentioned in chapter 5 (Security Implications). Henning Rogge