Skip to main content

Last Call Review of draft-ietf-dmm-pmipv6-dlif-04

Request Review of draft-ietf-dmm-pmipv6-dlif
Requested revision No specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-10-14
Requested 2019-09-30
Authors Carlos J. Bernardos , Antonio de la Oliva , Fabio Giust , Juan-Carlos Zúñiga , Alain Mourad
I-D last updated 2019-10-21
Completed reviews Tsvart Last Call review of -04 by Joerg Ott (diff)
Secdir Last Call review of -04 by Vincent Roca (diff)
Genart Last Call review of -04 by Ines Robles (diff)
Intdir Telechat review of -05 by Carlos Pignataro (diff)
Secdir Telechat review of -05 by Vincent Roca (diff)
Assignment Reviewer Vincent Roca
State Completed
Request Last Call review on draft-ietf-dmm-pmipv6-dlif by Security Area Directorate Assigned
Posted at
Reviewed revision 04 (document currently at 06)
Result Has nits
Completed 2019-10-21

I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

Summary: Almost ready / has nits

RFC4832 is a nice document that explains in detail security threats for the
class of mobility management protocol PMIPv6 belongs to. It is referenced by
RFC5213 which itself is referenced by the current document. Therefore I think
that an interested reader can find the requiered information.

However, the small text of section 6 that refers to RFC5213 and updates a few
sentences to apply RFC5213 recommendations to MAARs, is misleading in my
opinion. It suggests there is a single threat, the impersonation of a MAAR, and
since using IPsec eliminates this threat, a reader can easily conclude there's
nothing else.

But what about the other benefits of using IPsec? Is the use of IPsec only for
endpoint authentication (what I understand)? What about anti-replay, integrity,
confidentiality? Is it meaningless in the present context? By the way, what is
the attacker model?

The subject is too complex, the risks are too varied, and I don't like this way
of presenting things that overly simplifies the problems.

Clarification on a different topic:
This is a detail, but the document refers to the S-MAAR's global address or
P-MAAR's global address as if there was a necessarily a single address. What
happens if a MAAR has multiple global addresses? It may happen with a router
that is multiply connected to the Internet.

Cheers.  Vincent