Last Call Review of draft-ietf-dhc-dhcpv6-client-link-layer-addr-opt-04
review-ietf-dhc-dhcpv6-client-link-layer-addr-opt-04-secdir-lc-emery-2013-02-21-00

Request Review of draft-ietf-dhc-dhcpv6-client-link-layer-addr-opt
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-02-18
Requested 2013-02-07
Authors Gaurav Halwasia, Shwetha Bhandari, Wojciech Dec
Draft last updated 2013-02-21
Completed reviews Genart Last Call review of -04 by Ben Campbell (diff)
Secdir Last Call review of -04 by Shawn Emery (diff)
Assignment Reviewer Shawn Emery
State Completed
Review review-ietf-dhc-dhcpv6-client-link-layer-addr-opt-04-secdir-lc-emery-2013-02-21
Reviewed rev. 04 (document currently at 05)
Review result Ready
Review completed: 2013-02-21

Review
review-ietf-dhc-dhcpv6-client-link-layer-addr-opt-04-secdir-lc-emery-2013-02-21

I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the IESG. 


These comments were written primarily for the benefit of the security 


area directors. Document editors and WG chairs should treat these 


comments just like any other last call comments.






This internet-draft describes a way to provide a client link-layer 


addresses in DHCPv6 Relay-Forward messages..






The security considerations section does exist and discusses an attack 


scenario involving rogue relay agents and clients where a DHCPv6 node 


could spoof the address of a separate DHCPv4 node.  Subsequently if a 


Dynamic DNS update is made then a dual-stack node could be made to 


connect to the DHCPv6 client instead of the DHCPv4 client.  To thwart 


such an attack the draft recommends that administrators configure IPsec 


between the DHCP server(s) and the relay agents.  Besides the security 


considerations of DHCP in general, I think that this document adequately 


covers the feature being introduced.




General comments:

None.

Editorial comments:



s/will help above mentioned scenarios/will help with the scenarios 


mentioned above/



s/used in wide/used in a wide/

Shawn.
--