Last Call Review of draft-ietf-netext-pmipv6-sipto-option-07
review-ietf-netext-pmipv6-sipto-option-07-secdir-lc-roca-2012-11-29-00

Hello,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

--

This is a small document that describes PMIPv6 options to handle
traffic offloading. Taken alone, the "security considerations" section
would not be sufficient. However the RFC5213 (PMIPv6) provides
the required security guidelines. In particular it clarifies that the use
of IPsec is recommended between the MAG and LMA for signaling
messages. The present document therefore inherits from these
recommendations. I therefore agree with the authors.

A remark. It is said:
 "This option is carried like any other 
   mobility header option as specified in [RFC5213] and does not require
   any special security considerations."

It's misleading IMHO. This option does require security considerations
since an attacker, by sending fake signaling messages, may prevent
a mobile network from offloading traffic which may lead to a DoS. 
You'd better say something like:

 "This option is carried like any other 
   mobility header option as specified in [RFC5213].
   Therefore it inherits from [RFC5213] its security guidelines
   and does not require any additional security considerations."

Typos: 
Section 1:
s/its only about IPv4/it is only about IPv4/


Cheers,

   Vincent