Skip to main content

Last Call Review of draft-ietf-dhc-dhcpv6-reconfigure-rebind-
review-ietf-dhc-dhcpv6-reconfigure-rebind-secdir-lc-gondrom-2012-04-11-00

Request Review of draft-ietf-dhc-dhcpv6-reconfigure-rebind
Requested revision No specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2012-04-10
Requested 2012-04-03
Authors D. R. Evans , Ralph Droms , Sheng Jiang
Draft last updated 2012-04-11
Completed reviews Genart Last Call review of -?? by Francis Dupont
Genart Last Call review of -?? by Francis Dupont
Secdir Last Call review of -?? by Tobias Gondrom
Assignment Reviewer Tobias Gondrom
State Completed
Review review-ietf-dhc-dhcpv6-reconfigure-rebind-secdir-lc-gondrom-2012-04-11
Completed 2012-04-11
review-ietf-dhc-dhcpv6-reconfigure-rebind-secdir-lc-gondrom-2012-04-11-00


I have reviewed this document as part of the
      security directorate's ongoing effort to review all IETF documents
      being processed by the IESG.  These comments were written
      primarily for the benefit of the security area directors. 
      Document editors and WG chairs should treat these comments just
      like any other last call comments.





      The I-D updates RFC 3315 to allow the Rebind message type to
      appear in the Reconfigure Message option of a Reconfigure message;
      and clarifies how a DHCPv6 client responds to a received
      Reconfigure message.


       


      The existing Security Considerations section is a bit soft/vague.
      


      It speaks correctly of the possible risk of an attacker induced
      disconnect and relink. And it states these attacks may be
      prevented by using the AUTH option or Secure DHCPv6. 


      However it is vague in the overall system risks / preconditions
      under which the risks arise and should also be more clear about
      when these mitigation strategies should/SHOULD be used (instead of
      "may"). 





      Best regards, Tobias