Last Call Review of draft-ietf-dhc-relay-server-security-03
review-ietf-dhc-relay-server-security-03-secdir-lc-meadows-2017-03-23-00
Request | Review of | draft-ietf-dhc-relay-server-security |
---|---|---|
Requested revision | No specific revision (document currently at 05) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2017-03-13 | |
Requested | 2017-02-27 | |
Authors | Bernie Volz , Yogendra Pal | |
I-D last updated | 2017-03-23 | |
Completed reviews |
Intdir Early review of -02
by Jouni Korhonen
(diff)
Secdir Last Call review of -03 by Catherine Meadows (diff) Genart Last Call review of -03 by Francis Dupont (diff) Genart Telechat review of -03 by Francis Dupont (diff) |
|
Assignment | Reviewer | Catherine Meadows |
State | Completed | |
Request | Last Call review on draft-ietf-dhc-relay-server-security by Security Area Directorate Assigned | |
Reviewed revision | 03 (document currently at 05) | |
Result | Ready | |
Completed | 2017-03-23 |
review-ietf-dhc-relay-server-security-03-secdir-lc-meadows-2017-03-23-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This brief draft gives requirements for securing relay to really and relay to server communication for DHCPv6 and relay to server communication for DHCPv4. Previously no such guidance existed. The new guidance is that in both cases the draft REQUIRES that communication be IPSec encrypted. The security considerations section points out the limitations of this document , e.g. it does not address communications between the client and the server or first hop relay agent. This section gives some recommendations for security in this case. It also points out the limitations of some practices that are allowed by the document but not encouraged, e.g. use of manual keys. I believe this is a good use of the Security Considerations section for a document of this kind, which recommends a specific solution to one part of the security problem, but does not attempt to propose a complete security solution. I think this document is Ready. Cathy Meadows Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil <mailto:catherine.meadows@nrl.navy.mil>