Last Call Review of draft-ietf-netext-pmip6-qos-11
review-ietf-netext-pmip6-qos-11-secdir-lc-eastlake-2014-03-27-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This draft specifies Quality of Service options for Proxy Mobile IPv6
along with appropriate new status codes and other protocol
considerations. These options are carried in Proxy Binding Update
messages to which a Proxy Binding Acknowledgement is sent in response.

The Security Considerations section refers to earlier RFCs (5213 and
7077). There earlier RFCs do appear to provide adequate security for
the messages involved. And, on thinking about it, I tend to agree with
the assertion that "The quality of service option when included in
these signaling messages does not require additional security
considerations." If it were me, I would add a few words about how, if
the Proxy Binding Update/Acknowledgement protocol is not secured, you
can do worse things than change the quality of service. However, while
the Security Considerations section feels quite minimal, it does
appear to be adequate.

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3 at gmail.com