Telechat Review of draft-ietf-hip-native-nat-traversal-30
review-ietf-hip-native-nat-traversal-30-secdir-telechat-wallace-2020-03-17-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.


This is an update to a review performed for -28 draft to cover text in
current -30 version. The primary differences since that draft is the
addition of clarifying text, mostly regarding differences with Legacy
ICE-HIP and rationale for current draft. The new language is helpful. The
draft is ready for publication.


On 3/8/18, 8:26 PM, "Carl Wallace" <carl@redhoundsoftware.com> wrote:

>I have reviewed this document as part of the security directorate's
>ongoing effort to review all IETF documents being processed by the IESG.
>These comments were written primarily for the benefit of the security area
>directors. Document editors and WG chairs should treat these comments just
>like any other last call comments.
>
>This document specifies a new Network Address Translator (NAT) traversal
>mode for the Host Identity Protocol (HIP). While I am not a HIP guy, it
>seems ready for publication. It's well-written and the security
>considerations section is thorough. The only bit that raised a question
>was in section 4, which states "it should be noted that HIP version 2
>[RFC7401 <https://tools.ietf.org/html/rfc7401>] instead of HIPv1 is
>expected to be used with this NAT traversal mode". Earlier in the
>document, it states the draft is based on HIPv2. Are there any
>considerations worth noting in the cases where HIPv1 is used or should
>section 4 be revised to require v2?
>
>