Skip to main content

Last Call Review of draft-ietf-dhc-relay-server-security-03
review-ietf-dhc-relay-server-security-03-secdir-lc-meadows-2017-03-23-00

Request Review of draft-ietf-dhc-relay-server-security
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-03-13
Requested 2017-02-27
Authors Bernie Volz , Yogendra Pal
I-D last updated 2017-03-23
Completed reviews Intdir Early review of -02 by Jouni Korhonen (diff)
Secdir Last Call review of -03 by Catherine Meadows (diff)
Genart Last Call review of -03 by Francis Dupont (diff)
Genart Telechat review of -03 by Francis Dupont (diff)
Assignment Reviewer Catherine Meadows
State Completed
Request Last Call review on draft-ietf-dhc-relay-server-security by Security Area Directorate Assigned
Reviewed revision 03 (document currently at 05)
Result Ready
Completed 2017-03-23
review-ietf-dhc-relay-server-security-03-secdir-lc-meadows-2017-03-23-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This brief draft gives requirements for securing relay to really and relay to
server communication for DHCPv6 and relay to server communication for DHCPv4.
Previously no  such guidance existed.  The new guidance is that in both cases
the draft REQUIRES that communication be IPSec encrypted.

The security considerations section points out the limitations of this document
, e.g. it does not address communications between the client and the server or
first hop relay agent.  This section gives some recommendations for security in
this case.  It also points out the limitations of some practices that are
allowed by the document but not encouraged, e.g. use of manual keys.  I believe
this is a good use of the Security Considerations section for a document of
this kind, which recommends a specific solution to one part of the security
problem, but does not attempt to propose a complete security solution.

I think this document is Ready.

Cathy Meadows

Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil <mailto:catherine.meadows@nrl.navy.mil>