Last Call Review of draft-ietf-conex-destopt-09
review-ietf-conex-destopt-09-secdir-lc-sparks-2015-08-27-00

Request Review of draft-ietf-conex-destopt
Requested rev. no specific revision (document currently at 12)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-08-31
Requested 2015-08-20
Authors Suresh Krishnan, Mirja K├╝hlewind, Bob Briscoe, Carlos Ucendo
Draft last updated 2015-08-27
Completed reviews Genart Last Call review of -09 by Robert Sparks (diff)
Genart Last Call review of -09 by Robert Sparks (diff)
Secdir Last Call review of -09 by Robert Sparks (diff)
Opsdir Last Call review of -09 by Scott Bradner (diff)
Assignment Reviewer Robert Sparks 
State Completed
Review review-ietf-conex-destopt-09-secdir-lc-sparks-2015-08-27
Reviewed rev. 09 (document currently at 12)
Review result Has Issues
Review completed: 2015-08-27

Review
review-ietf-conex-destopt-09-secdir-lc-sparks-2015-08-27

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Summary: On the right track with open issues

I was also the Gen-Art reviewer for this draft
My Gen-Art Review can be found here:
<

http://mailarchive.ietf.org/arch/msg/gen-art/kxvhQcl3d2fS5aX_4nXUqGRBy0w

>
Please skim that review if you have not already seen it for context.



This document defines a new IPv6 Destination Option. It relies on AH to 


detect any tampering (particularly removal) with the option.






The document is currently formulated to simply define the option, and 


leaves it to other documents to describe when to use the option and how 


audit mechanisms in protocols that use the option can protect themselves 


from likely attacks. If the document clarifies that the option must not 


be used except by a protocol that has defined these things, I believe 


sufficient effort has been put into the security considerations. If the 


group intends for this option to be usable without such an additional 


protocol definition, this document needs to contain more discussion.