Last Call Review of draft-ietf-dhc-dhcpv4-active-leasequery-05
review-ietf-dhc-dhcpv4-active-leasequery-05-secdir-lc-yu-2015-10-01-00

Request Review of draft-ietf-dhc-dhcpv4-active-leasequery
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-09-29
Requested 2015-08-27
Draft last updated 2015-10-01
Completed reviews Genart Last Call review of -05 by Christer Holmberg (diff)
Genart Telechat review of -06 by Christer Holmberg (diff)
Secdir Last Call review of -05 by Taylor Yu (diff)
Assignment Reviewer Taylor Yu
State Completed
Review review-ietf-dhc-dhcpv4-active-leasequery-05-secdir-lc-yu-2015-10-01
Reviewed rev. 05 (document currently at 07)
Review result Has Nits
Review completed: 2015-10-01

Review
review-ietf-dhc-dhcpv4-active-leasequery-05-secdir-lc-yu-2015-10-01

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

Summary: ready with nits

The Security Considerations of the draft seem reasonably complete.
There could be a minor traffic analysis risk in some environments due to
the real-time nature of Active Leasequery -- if the connection between
an authorized requester and the DHCP server traverses network paths
monitored by an adversary, the adversary could learn about the timing of
DHCP events, and might be able distinguish among different types of
events by the relative sizes of the messages.  This could be true even
if TLS is in use.  I suspect that the risk is minimal in typical
deployments.

-Tom