Last Call Review of draft-ietf-dhc-dhcpv6-client-link-layer-addr-opt-04

Request Review of draft-ietf-dhc-dhcpv6-client-link-layer-addr-opt
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-02-18
Requested 2013-02-07
Authors Gaurav Halwasia, Shwetha Bhandari, Wojciech Dec
Draft last updated 2013-02-21
Completed reviews Genart Last Call review of -04 by Ben Campbell (diff)
Secdir Last Call review of -04 by Shawn Emery (diff)
Assignment Reviewer Shawn Emery
State Completed
Review review-ietf-dhc-dhcpv6-client-link-layer-addr-opt-04-secdir-lc-emery-2013-02-21
Reviewed rev. 04 (document currently at 05)
Review result Ready
Review completed: 2013-02-21


I have reviewed this document as part of the security directorate's 

ongoing effort to review all IETF documents being processed by the IESG. 

These comments were written primarily for the benefit of the security 

area directors. Document editors and WG chairs should treat these 

comments just like any other last call comments.

This internet-draft describes a way to provide a client link-layer 

addresses in DHCPv6 Relay-Forward messages..

The security considerations section does exist and discusses an attack 

scenario involving rogue relay agents and clients where a DHCPv6 node 

could spoof the address of a separate DHCPv4 node.  Subsequently if a 

Dynamic DNS update is made then a dual-stack node could be made to 

connect to the DHCPv6 client instead of the DHCPv4 client.  To thwart 

such an attack the draft recommends that administrators configure IPsec 

between the DHCP server(s) and the relay agents.  Besides the security 

considerations of DHCP in general, I think that this document adequately 

covers the feature being introduced.

General comments:


Editorial comments:

s/will help above mentioned scenarios/will help with the scenarios 

mentioned above/

s/used in wide/used in a wide/