Last Call Review of draft-ietf-hip-via-
review-ietf-hip-via-secdir-lc-meadows-2010-06-09-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

This document concerns extensions to the Host Identity Protocol (HIP) to
provide multi-hop routing.

The first is that a host sending a HIP packet can define a set of hosts the
packet should traverse.

The other allows a HIP packet to carry and record the list of hosts that
forwarded it.

The only security concern mentioned is the possibility of malicious hosts
creating forwarding loops.

However, it appears to me that their are also the usual problems of malicious
hosts tampering

with and spoofing packets.

It's not clear to me though why issues such as malicious hosts spoofing or
tampering with routing

lists is not addressed, especially since HIP is a security protocol.  Are there
features of HIP or other

HIP documents where this is addressed?  If so, they should be pointed to here.
 If not, this should be pointed out,

and if possible, other recommendations made.

Catherine Meadows

Naval Research Laboratory

Code 5543

4555 Overlook Ave., S.W.

Washington DC, 20375

phone: 202-767-3490

fax: 202-404-7942

email:

catherine.meadows at nrl.navy.mil