Last Call Review of draft-ietf-netlmm-grekey-option-
review-ietf-netlmm-grekey-option-secdir-lc-gondrom-2009-04-02-00

Request Review of draft-ietf-netlmm-grekey-option
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-03-23
Requested 2009-03-13
Authors Kent Leung, Mohamed Khalil, Sri Gundavelli, Ahmad Muhanna
Draft last updated 2009-04-02
Completed reviews Secdir Last Call review of -?? by Tobias Gondrom
Assignment Reviewer Tobias Gondrom
State Completed
Review review-ietf-netlmm-grekey-option-secdir-lc-gondrom-2009-04-02
Review completed: 2009-04-02

Review
review-ietf-netlmm-grekey-option-secdir-lc-gondrom-2009-04-02

Hello,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

Overall, the document is clear and ok, although I am not that particularly strong with MIPv6 etc.

>From the review I have one simple Question and one comment:
1. simple maybe stupid Question: Section 6.4 Status codes:
What do you mean with the abbrevation "TBD" in this text?
e.g. "GRE KEY OPTION NOT REQUIRED (TBD less than 128)"

2. COMMENT on Section 9 Security Considerations: 
Considering the potential risks, I find it unnecessary weak to state that the there described security mechanisms "can be used". The section should use the stronger term of "SHOULD be" used instead throughout the whole section. 
Additionally in the last paragraph:"In Proxy Mobile IPv6 [RFC5213], the use of IPsec [RFC4301] for protecting a mobile node's data traffic is optional." should rather use the term "recommended"/"RECOMMENDED" instead of "optional".


Best regards,

Tobias

_______________________________________________
secdir mailing list
secdir at mit.edu


https://mailman.mit.edu/mailman/listinfo/secdir