Last Call Review of draft-ietf-hip-via-
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.
This document concerns extensions to the Host Identity Protocol (HIP) to provide multi-hop routing.
The first is that a host sending a HIP packet can define a set of hosts the packet should traverse.
The other allows a HIP packet to carry and record the list of hosts that forwarded it.
The only security concern mentioned is the possibility of malicious hosts creating forwarding loops.
However, it appears to me that their are also the usual problems of malicious hosts tampering
with and spoofing packets.
It's not clear to me though why issues such as malicious hosts spoofing or tampering with routing
lists is not addressed, especially since HIP is a security protocol. Are there features of HIP or other
HIP documents where this is addressed? If so, they should be pointed to here. If not, this should be pointed out,
and if possible, other recommendations made.
Naval Research Laboratory
4555 Overlook Ave., S.W.
Washington DC, 20375
catherine.meadows at nrl.navy.mil