Last Call Review of draft-ietf-dhc-leasequery-by-remote-id-
review-ietf-dhc-leasequery-by-remote-id-secdir-lc-weiler-2010-12-03-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

Sorry for getting this out so late.



I'm a bit confused by this doc -- in particular, I'm not understanding 


how the Remote ID field is being set so that querying based on it 


gives a complete set of relevant leases.






I'm also wondering if the use case envisioned (filtering spoofed 


source addresses based on the assumption that you can collect a 


complete list of leases using this method) is dangerous -- at the very 


least, it suggests that authentication of the queries here is every 


more important than in 4388.  Furthermore, what risks are there if 


answers to these queries are spoofed away?  In this model, could a 


relay agent be induced to filter out a legitimate client for want of 


an answer to a DHCPLEASEQUERY?






Also, I'm not a fan of referral Security Considerations sections -- 


I'd rather see a repeat of the text than a reference.




-- Sam