Last Call Review of draft-ietf-v6ops-3gpp-eps-
review-ietf-v6ops-3gpp-eps-secdir-lc-mundy-2011-08-26-00
| Request | Review of | draft-ietf-v6ops-3gpp-eps |
|---|---|---|
| Requested revision | No specific revision (document currently at 08) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2011-08-23 | |
| Requested | 2011-08-05 | |
| Authors | Teemu Savolainen , Jouni Korhonen , Kaisu Iisakkila , Basavaraj Patil , Jonne Soininen , Gabor Bajko | |
| I-D last updated | 2011-08-26 | |
| Completed reviews |
Secdir Last Call review of -??
by Russ Mundy
Tsvdir Last Call review of -?? by Martin Stiemerling |
|
| Assignment | Reviewer | Russ Mundy |
| State | Completed | |
| Request | Last Call review on draft-ietf-v6ops-3gpp-eps by Security Area Directorate Assigned | |
| Completed | 2011-08-26 |
review-ietf-v6ops-3gpp-eps-secdir-lc-mundy-2011-08-26-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.
While I do agree with the factual correctness of the Security Considerations
section (the document does not _introduce_ any security related concerns),
the support for IPv6 in 3GPP networks described in document certainly does
have a number of security concerns. Some obvious examples, use of DHCP
based address management and access control/authorization of the PDN
Connection (shown in Figure 8). Although these and other security issues
are likely addressed in various other documents, it would be useful to make
a definitive statement to that effect in the Security Considerations
section. It would be even more useful if some more specific references were
to be included in parts of the document that clearly deal with security
issues such as address management and access control and authorization.
Russ Mundy