Early Review of draft-ietf-homenet-babel-profile-02
review-ietf-homenet-babel-profile-02-secdir-early-johansson-2017-08-10-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This is an early review requested by Ray Bellis and so it is to
be expected that the document isn't quite ready.

The document is clearly written and although I'm not an expert
on routing I can follow the requirements with little difficulty.

I have primarily reviewed the document with a security focus
and I have not gone looking for "nits" to fix.

My main problem with the document is the trust model which is
based on the notion of "internal" links. In general I think this
will turn out to be harder to do in practice. As home networks
grow in complexity I suspect this "binary" trust model will fail
to accurately map to reality.

In fact, RFC7788 lists several other categories (eg Hybrid) and
although I suspect this is still a simplistic model, these other
categories should be covered in this document.

Finally REQ6 sais that implementations SHOULD distinguish
between wired and wireless links. It seems to me that this
should be a MUST given how important link classification is
to the security model and also given that border classification
defaults to the internal category.

	Cheers Leif