Last Call Review of draft-ietf-hip-rfc5205-bis-08
review-ietf-hip-rfc5205-bis-08-secdir-lc-tsou-2016-01-07-00

Dear all,

Happy New Year 2016!

I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

** Technical **

* Section 8:

You refer to IPSECKEY RR [RFC4025] to note some of the possible threats
for HIP RRs. I think you should spell these out, and discuss them
explicitly.

** Editorial **

* Section 3, page 4:
>  In the following, we assume that the Initiator first queries for HIP
>  resource records at the Responder FQDN.

s/at/for/

* Section 3, page 4:
> and further queries for the same owner name SHOULD NOT be
>  made.

What's an "owner name"? Maybe this should be "domain name", instead?

* Section 3, page 5:
>  Note that storing HIP RR information in the DNS at an FQDN that is
>  assigned to a non-HIP node might have ill effects on its reachability
>  by HIP nodes.

s/a/an/

* Section 4.2, page 9:
> The RVS
>  information may be copied and aligned across multiple RRs, or may be
>  different for each one; a host MUST check that the RVS used is
>  associated with the HI being used, when multiple choices are
>  present."

There's no matching quote sign for this one.

Thank you,
Tina