Early Review of draft-ietf-hip-rfc5206-bis-12
review-ietf-hip-rfc5206-bis-12-intdir-early-combes-2016-12-07-00
| Request | Review of | draft-ietf-hip-rfc5206-bis |
|---|---|---|
| Requested revision | No specific revision (document currently at 14) | |
| Type | Early Review | |
| Team | Internet Area Directorate (intdir) | |
| Deadline | 2016-09-13 | |
| Requested | 2016-06-21 | |
| Authors | Thomas R. Henderson , Christian Vogt , Jari Arkko | |
| I-D last updated | 2016-12-07 | |
| Completed reviews |
Genart Last Call review of -12
by Orit Levin
(diff)
Intdir Early review of -12 by Jean-Michel Combes (diff) Opsdir Last Call review of -12 by Mehmet Ersue (diff) |
|
| Assignment | Reviewer | Jean-Michel Combes |
| State | Completed | |
| Request | Early review on draft-ietf-hip-rfc5206-bis by Internet Area Directorate Assigned | |
| Reviewed revision | 12 (document currently at 14) | |
| Result | Ready w/nits | |
| Completed | 2016-12-07 |
review-ietf-hip-rfc5206-bis-12-intdir-early-combes-2016-12-07-00
I am an assigned INT directorate reviewer for draft-ietf-hip-rfc5206-bis-12. These comments were written primarily for the benefit of the Internet Area Directors. Document editors and shepherd(s) should treat these comments just like they would treat comments from any other IETF contributors and resolve them along with any other Last Call comments that have been received. For more details on the INT Directorate, see http://www.ietf.org/iesg/directorate.html o Mobile IP(v6) v.s. HIP At first, I prefer to be frank: I must admit that I am not pro-HIP ... HIP, IMHO, looks like Mobile IP(v6) (modulo some parameters) with many drawbacks ... Now, please, trust me, my review has been done with a _neutral_ point of view. o HIP Security I didn't review HIP basis RFCs/drafts, meaning that my review is based on the fact that security reviews have already been done. o draft-ietf-hip-rfc5206-bis-12 My main concern is the use of an Informative RFC to provide security to the protocol described inside this document: Section 5,6, "To prevent redirection-based flooding attacks, the use of a Credit-Based Authorization (CBA) approach MUST be used when a host sends data to an UNVERIFIED locator." Hope that helps, Best regards, JMC.