Last Call Review of draft-ietf-v6ops-3gpp-eps-
review-ietf-v6ops-3gpp-eps-secdir-lc-mundy-2011-08-26-00

Request Review of draft-ietf-v6ops-3gpp-eps
Requested rev. no specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-08-23
Requested 2011-08-05
Other Reviews Tsvdir Last Call review of - by Martin Stiemerling (diff)
Review State Completed
Reviewer Russ Mundy
Review review-ietf-v6ops-3gpp-eps-secdir-lc-mundy-2011-08-26
Posted at http://www.ietf.org/mail-archive/web/secdir/current/msg02865.html
Draft last updated 2011-08-26
Review completed: 2011-08-26

Review
review-ietf-v6ops-3gpp-eps-secdir-lc-mundy-2011-08-26

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.
        
While I do agree with the factual correctness of the Security Considerations
section (the document does not _introduce_ any security related concerns),
the support for IPv6 in 3GPP networks described in document certainly does
have a number of security concerns.  Some obvious examples, use of DHCP
based address management and access control/authorization of the PDN
Connection (shown in Figure 8).  Although these and other security issues
are likely addressed in various other documents, it would be useful to make
a definitive statement to that effect in the Security Considerations
section.  It would be even more useful if some more specific references were
to be included in parts of the document that clearly deal with security
issues such as address management and access control and authorization.
        
        
        Russ Mundy