Last Call Review of draft-ietf-dhc-dhcpv4-active-leasequery-05
review-ietf-dhc-dhcpv4-active-leasequery-05-secdir-lc-yu-2015-10-01-00
| Request | Review of | draft-ietf-dhc-dhcpv4-active-leasequery |
|---|---|---|
| Requested revision | No specific revision (document currently at 07) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2015-09-29 | |
| Requested | 2015-08-27 | |
| Authors | Kim Kinnear , Mark Stapp , Bernie Volz , Neil Russell | |
| I-D last updated | 2015-10-01 | |
| Completed reviews |
Genart Last Call review of -05
by Christer Holmberg
(diff)
Genart Telechat review of -06 by Christer Holmberg (diff) Secdir Last Call review of -05 by Taylor Yu (diff) |
|
| Assignment | Reviewer | Taylor Yu |
| State | Completed | |
| Request | Last Call review on draft-ietf-dhc-dhcpv4-active-leasequery by Security Area Directorate Assigned | |
| Reviewed revision | 05 (document currently at 07) | |
| Result | Has nits | |
| Completed | 2015-10-01 |
review-ietf-dhc-dhcpv4-active-leasequery-05-secdir-lc-yu-2015-10-01-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: ready with nits The Security Considerations of the draft seem reasonably complete. There could be a minor traffic analysis risk in some environments due to the real-time nature of Active Leasequery -- if the connection between an authorized requester and the DHCP server traverses network paths monitored by an adversary, the adversary could learn about the timing of DHCP events, and might be able distinguish among different types of events by the relative sizes of the messages. This could be true even if TLS is in use. I suspect that the risk is minimal in typical deployments. -Tom