Early Review of draft-ietf-savi-mix-11
review-ietf-savi-mix-11-intdir-early-lamparter-2016-12-07-00

Hi everyone,

[apologies for the delay, got some interference from a release cycle...]

Apart from some typos (which I think the RFC editors will fix?), my
review is the following:

- the draft has no privacy consideration section.  It should have one,
  pointing out the following:

  "When implementing multiple SAVI methods, privacy considerations of
   all methods apply cumulatively.  In addition, there is a minor
   additional loss of privacy in that the SAVI device can correlate
   information from different SAVI methods."

  (optionally: "This additional loss of privacy is considered
  miniscule.", though that's just my personal opinion.)

- in section 6.1.2.2., on "responding to the DAD message", it would be
  useful to state that the DAD message should be discarded and not
  forwarded.  (Forwarding it may cause other SAVI devices to send
  additional defense NAs.)  I believe this is the intent, but it's not
  quite obvious.  Maybe I'm also misunderstanding something there?

- also in section 6.1.2.2., a suggestion to ratelimit (or, in general,
  apply precautions) defense NAs in order to reduce security threats is
  probably a good idea.  The problem I see there is that it's newly
  specified behaviour that just needs to be pointed out as requiring the
  same approach as the individual SAVI methods.

- lastly, it could be pointed out that applying SAVI-MIX in an
  inconsistent way can well break one's network.  Obvious case of user
  stupidity, but well...

All in all I believe the draft is in good shape and should proceed with
minor edits.

Hope this is useful,

-David

On Fri, Sep 16, 2016 at 12:49:58PM +0200, Carlos Jesús Bernardos Cano wrote:
> You are next up on the Int Area Directorate review assignment queue
> and the Int ADs have requested a review of draft-ietf-savi-mix-11 (see 
> https://tools.ietf.org/html/draft-ietf-savi-mix-11).
[...]