Last Call Review of draft-ietf-netlmm-grekey-option-
review-ietf-netlmm-grekey-option-secdir-lc-gondrom-2009-04-02-00

Hello,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

Overall, the document is clear and ok, although I am not that particularly
strong with MIPv6 etc.

>From the review I have one simple Question and one comment:
1. simple maybe stupid Question: Section 6.4 Status codes:
What do you mean with the abbrevation "TBD" in this text?
e.g. "GRE KEY OPTION NOT REQUIRED (TBD less than 128)"

2. COMMENT on Section 9 Security Considerations:
Considering the potential risks, I find it unnecessary weak to state that the
there described security mechanisms "can be used". The section should use the
stronger term of "SHOULD be" used instead throughout the whole section.
Additionally in the last paragraph:"In Proxy Mobile IPv6 [RFC5213], the use of
IPsec [RFC4301] for protecting a mobile node's data traffic is optional."
should rather use the term "recommended"/"RECOMMENDED" instead of "optional".

Best regards,

Tobias

_______________________________________________
secdir mailing list
secdir at mit.edu

https://mailman.mit.edu/mailman/listinfo/secdir