Last Call Review of draft-ietf-dime-mip6-split-
review-ietf-dime-mip6-split-secdir-lc-eastlake-2009-04-09-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. Document editors and WG chairs should treat these comments just
like any other last call comments.

This document primarily specifies the interaction between a Mobile IP
Home Agent and a Diameter server when an IPv6 Mobile Mode wants to
bootstrap its operations dynamically through interaction between its
Home Agent and the Diameter server of a Mobile Service Provider.

General: I'm always a bit suspicious of draft that include several
options and alternatives. These at least make the document more
complex and increase the probability that some security flaw in one of
the options/alternatives will be overlooked.

Security: The Security Considerations section of this draft is pretty
short and primarily refers to the Security Considerations of three
other RFCs. It appears that the referenced documents, particularly RFC
5026 and the RFCs referenced by the Securities Considerations section
of RFC 5026, are adequate.

Nits:

Given that the first two messages in the Figure 2 message flow diagram
are annotated "(1)" and "(2)", it would seem like a good idea to add
those annotations at an appropriate place in the subsequent text.

"a IKEv2" -> "an IKEv2".

First paragraph of 5.1: "a number AVPs" -> "a number of AVPs".

Second paragraph of 5.2.1: "with a replay protection related
information" -> "with replay protection related information".

9.5: "values" -> "value".

10: "in in" -> "in".

Thanks,
Donald

=============================
 Donald E. Eastlake 3rd   +1-508-634-2066 (home)
 155 Beaver Street
 Milford, MA 01757 USA
 d3e3e3 at gmail.com