Last Call Review of draft-ietf-hip-via-
review-ietf-hip-via-secdir-lc-meadows-2010-06-09-00

Request Review of draft-ietf-hip-via
Requested rev. no specific revision (document currently at 03)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-06-15
Requested 2010-06-03
Other Reviews
Review State Completed
Reviewer Catherine Meadows
Review review-ietf-hip-via-secdir-lc-meadows-2010-06-09
Posted at http://www.ietf.org/mail-archive/web/secdir/current/msg01743.html
Draft last updated 2010-06-09
Review completed: 2010-06-09

Review
review-ietf-hip-via-secdir-lc-meadows-2010-06-09

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document concerns extensions to the Host Identity Protocol (HIP) to provide multi-hop routing.

The first is that a host sending a HIP packet can define a set of hosts the packet should traverse.

The other allows a HIP packet to carry and record the list of hosts that forwarded it.

The only security concern mentioned is the possibility of malicious hosts creating forwarding loops.

However, it appears to me that their are also the usual problems of malicious hosts tampering

with and spoofing packets.  

It's not clear to me though why issues such as malicious hosts spoofing or tampering with routing

lists is not addressed, especially since HIP is a security protocol.  Are there features of HIP or other

HIP documents where this is addressed?  If so, they should be pointed to here.  If not, this should be pointed out,

and if possible, other recommendations made.




Catherine Meadows

Naval Research Laboratory

Code 5543

4555 Overlook Ave., S.W.

Washington DC, 20375

phone: 202-767-3490

fax: 202-404-7942

email: 

catherine.meadows at nrl.navy.mil