Skip to main content

Last Call Review of draft-ietf-hip-rfc5205-bis-08
review-ietf-hip-rfc5205-bis-08-secdir-lc-tsou-2016-01-07-00

Request Review of draft-ietf-hip-rfc5205-bis
Requested revision No specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-12-28
Requested 2015-12-17
Authors Julien Laganier
Draft last updated 2016-01-07
Completed reviews Genart Last Call review of -08 by Jouni Korhonen (diff)
Genart Telechat review of -09 by Jouni Korhonen (diff)
Secdir Last Call review of -08 by Tina Tsou (Ting ZOU) (diff)
Intdir Early review of -07 by Sheng Jiang (diff)
Intdir Early review of -07 by Zhen Cao (diff)
Opsdir Last Call review of -08 by Stefan Winter (diff)
Assignment Reviewer Tina Tsou (Ting ZOU)
State Completed
Review review-ietf-hip-rfc5205-bis-08-secdir-lc-tsou-2016-01-07
Reviewed revision 08 (document currently at 10)
Result Has Nits
Completed 2016-01-07
review-ietf-hip-rfc5205-bis-08-secdir-lc-tsou-2016-01-07-00
Dear all,

Happy New Year 2016!

I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

** Technical **

* Section 8:

You refer to IPSECKEY RR [RFC4025] to note some of the possible threats
for HIP RRs. I think you should spell these out, and discuss them
explicitly.

** Editorial **

* Section 3, page 4:
>  In the following, we assume that the Initiator first queries for HIP
>  resource records at the Responder FQDN.

s/at/for/

* Section 3, page 4:
> and further queries for the same owner name SHOULD NOT be
>  made.

What's an "owner name"? Maybe this should be "domain name", instead?

* Section 3, page 5:
>  Note that storing HIP RR information in the DNS at an FQDN that is
>  assigned to a non-HIP node might have ill effects on its reachability
>  by HIP nodes.

s/a/an/

* Section 4.2, page 9:
> The RVS
>  information may be copied and aligned across multiple RRs, or may be
>  different for each one; a host MUST check that the RVS used is
>  associated with the HI being used, when multiple choices are
>  present."

There's no matching quote sign for this one.

Thank you,
Tina