Last Call Review of draft-ietf-hip-rfc5205-bis-08

Request Review of draft-ietf-hip-rfc5205-bis
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-12-28
Requested 2015-12-17
Authors Julien Laganier
Draft last updated 2016-01-07
Completed reviews Genart Last Call review of -08 by Jouni Korhonen (diff)
Genart Telechat review of -09 by Jouni Korhonen (diff)
Secdir Last Call review of -08 by Tina Tsou (diff)
Intdir Early review of -07 by Sheng Jiang (diff)
Intdir Early review of -07 by Zhen Cao (diff)
Opsdir Last Call review of -08 by Stefan Winter (diff)
Assignment Reviewer Tina Tsou 
State Completed
Review review-ietf-hip-rfc5205-bis-08-secdir-lc-tsou-2016-01-07
Reviewed rev. 08 (document currently at 10)
Review result Has Nits
Review completed: 2016-01-07


Dear all,

Happy New Year 2016!

I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just like any other last call comments.

** Technical **

* Section 8:

You refer to IPSECKEY RR [RFC4025] to note some of the possible threats
for HIP RRs. I think you should spell these out, and discuss them

** Editorial **

* Section 3, page 4:
>  In the following, we assume that the Initiator first queries for HIP
>  resource records at the Responder FQDN.


* Section 3, page 4:
> and further queries for the same owner name SHOULD NOT be
>  made.

What's an "owner name"? Maybe this should be "domain name", instead?

* Section 3, page 5:
>  Note that storing HIP RR information in the DNS at an FQDN that is
>  assigned to a non-HIP node might have ill effects on its reachability
>  by HIP nodes.


* Section 4.2, page 9:
> The RVS
>  information may be copied and aligned across multiple RRs, or may be
>  different for each one; a host MUST check that the RVS used is
>  associated with the HI being used, when multiple choices are
>  present."

There's no matching quote sign for this one.

Thank you,