Last Call Review of draft-ietf-hip-rfc4423-bis-19
review-ietf-hip-rfc4423-bis-19-secdir-lc-turner-2018-02-27-00

Request Review of draft-ietf-hip-rfc4423-bis
Requested rev. no specific revision (document currently at 20)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-02-26
Requested 2018-02-12
Other Reviews Rtgdir Telechat review of -19 by Dan Frost (diff)
Opsdir Last Call review of -19 by Will LIU (diff)
Genart Last Call review of -18 by Joel Halpern (diff)
Genart Telechat review of -19 by Joel Halpern (diff)
Review State Completed
Reviewer Sean Turner
Review review-ietf-hip-rfc4423-bis-19-secdir-lc-turner-2018-02-27
Posted at https://mailarchive.ietf.org/arch/msg/secdir/dKak0Kt2c2ALx9JxVE2pLAYPX7Q
Reviewed rev. 19 (document currently at 20)
Review result Has Nits
Draft last updated 2018-02-27
Review completed: 2018-02-27

Review
review-ietf-hip-rfc4423-bis-19-secdir-lc-turner-2018-02-27

This is a bis draft of the HIP (Host Identity Protocol) Architecture and because of that I focused on what’s changed (i.e., I reviewed the diffs from https://www.ietf.org/rfcdiff?url1=rfc4423&url2=draft-ietf-hip-rfc4423-bis-18).  It’s still HIP but with a slightly expanded scope; it’s still Informational.

1. s4: The one place where I’ll step out from not looking at the old is a similar-ish recommendation that was in the RF4423:

   In this document, the non-cryptographic forms of HI and HIP are
   presented to complete the theory of HI, but they should not be
   implemented as they could produce worse denial-of-service attacks
   than the Internet has without Host Identity.

Should the should not be a SHOULD NOT?

2. (none security) s4.4: Is the paragraph about IPv4 vs IPv6 vs LSI really necessary?  I.e., is this yet another thing that folks are going to use to not transition to IPv6?

3. s11.2: Isn’t an additional drawback the need to have a HIP-aware firewall?