Skip to main content

Last Call Review of draft-ietf-softwire-lw4over6-10

Request Review of draft-ietf-softwire-lw4over6
Requested revision No specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-10-28
Requested 2014-10-02
Authors Yong Cui , Qiong Sun , Mohamed Boucadair , Tina Tsou (Ting ZOU) , Yiu Lee , Ian Farrer
I-D last updated 2014-10-30
Completed reviews Genart Last Call review of -10 by David L. Black (diff)
Genart Last Call review of -11 by David L. Black (diff)
Secdir Last Call review of -10 by Samuel Weiler (diff)
Opsdir Last Call review of -10 by David L. Black (diff)
Opsdir Telechat review of -11 by David Harrington (diff)
Opsdir Telechat review of -13 by David L. Black
Assignment Reviewer Samuel Weiler
State Completed
Review review-ietf-softwire-lw4over6-10-secdir-lc-weiler-2014-10-30
Reviewed revision 10 (document currently at 13)
Result Has Issues
Completed 2014-10-30
I have reviewed this document as part of the security directorate's 

ongoing effort to review all IETF documents being processed by the 

IESG.  These comments were written primarily for the benefit of the 

security area directors.  Document editors and WG chairs should treat 

these comments just like any other last call comments.

Does this mechanism introduce new points for a DoS attack,
e.g. forging the ICMPv6 error message (type 1, code 5) mentioned in
Section 5.1?  I would like to see a list and discussion of these or,
if appropriate, an analysis showing that none exist.

It's probably worth explaining this 2119 RECOMMENDation in more 


   Unless an lwB4 is being allocated a full IPv4 address, it is
   RECOMMENDED that PSIDs containing the well-known ports (0-1023) are
   not allocated to lwB4s.

I would like to see a discussion of provisioning mechanism security.
Are there security-related factors that should drive the choice of
provisioning mechanism (the doc mentions several options...)?  Are
there configuration choices that should or must be made when using one
of thsoe for this purpose?

Non-security stuff:

I'm not seeing any explicit discussion of whether (and how) a lwB4 can 

request additional port space after the initial assignment.  If that 

feature does not exist, I would like to see it explicitly acknowledged 

as a limitation with a discussion of why it is not being provided.

Again, assuming that there is not such a mechanism: since this is the 

architecture document, I would like to see a few words on expected 

port assignment/utilization ratios.  Assuming a typical case of a 

residential subscriber, it seems that lw4o6 would need to assign 

enough ports to each user to accommodate expected peak usage.  This 

pretty clearly results in fewer users accommodated on a public v4 

address than if they were sharing the port space on demand.  How much 

much v4 space does lw4o6 consume in this environment compared to 


Editorial stuff:

The next-to-last paragraph of section 1 doesn't seem to flow well with
the text around it, perhaps for lack of clarity in pronoun

   This document is an extended case, which covers address sharing for
   [RFC7040].  It is also a variant of A+P called Binding Table Mode
   (see Section 4.4 of [RFC6346]).

And I think something is broken in the below sentence:

   The solution specified in this document allows the assignment of
   either a full or a shared IPv4 address requesting CPEs.