[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SECDIR review of draft-ietf-v6ops-addr-select-req-02.txt

To: secdir@mit.edu, v6ops-chairs@tools.ietf.org, draft-ietf-v6ops-addr-select-req@tools.ietf.org
Subject: SECDIR review of draft-ietf-v6ops-addr-select-req-02.txt
From: Julien Laganier <julien.IETF@laposte.net>
Date: Fri, 13 Jul 2007 11:38:14 +0200
Cc: v6ops@ops.ietf.org, Ron Bonica <rbonica@juniper.net>
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-disposition:content-type:content-transfer-encoding:message-id:sender; b=tDDosq/e9t5NJUW0Uu4wP0qJLyBcWfSlaA1FeucY+acb/slLpnc6GOhiElIU3oASsYGtOM8s9KnH4QWo31KfFTuOPjRyyQmv0IcqSuZ0MNXWagE9Spujnw3LNE05Qvc0tCVTkfeRAYrqTKVKwADPLpsQTQZ3ZwUkCGCmmN4reBA=
In-reply-to: <Pine.LNX.4.64.0707061506430.12081@mint.samweiler.com>
References: <5A54917B-4B25-47F5-91D8-2E9BD7B34D9E@cisco.com> <26FCDD15-4FB9-482F-B5BC-F2EB8FF1A0E2@cisco.com> <Pine.LNX.4.64.0707061506430.12081@mint.samweiler.com>
User-agent: KMail/1.9.1

I have reviewed this document as part of the security 
directorate's ongoing effort to review all IETF 
documents being processed by the IESG.  These comments 
were written primarily for the benefit of the security 
area directors.  Document editors and WG chairs should 
treat these comments just like any other last call 
comments.

Background: In multi-prefix environments it is possible 
for an IPv6 node to have multiple IPv6 addresses 
available. There is thus a need to select appropriate 
source and destination addresses when initiating 
communication. RFC3484 defines default address 
selection for IPv6. Another v6ops draft 
[I-D.ietf-v6ops-addr-select-ps] points to some 
situations in which RFC3484 leads to problems, hence 
the desire to introduce new selection mechanisms 
overcoming those. This document discusses requirements 
for such mechanisms. 

Security Review: While I think this is useful work, I 
am concerned that security wasn't made a requirement 
in itself and is instead just touched upon in the 
security considerations section. I also think that the 
security considerations section is not appropriate: it 
doesn't do a good job of analyzing threats that might 
be introduced by address selection mechanisms. It is 
insufficient to state that "incorrect address 
selection can lead to serious security problems, such 
as session hijack", this is too vague. Security 
threats should be listed exhaustively. As I already 
said, I believe that it should be made a requirement 
in itself that these threats are appropriately 
countered. Since it also seems that address selection 
mechanisms can be realized via protocols, it might 
also be good to go into what are the requirements on 
protection of these protocols (e.g. network filtering 
at the domain boundary, message authentication, etc.).

Non-security nit: In section 2.5., "address selection 
API" could reference a recently approved individual 
submission [I-D.chakrabarti-ipv6-addrselect-api]. 

Hope that helps. Best regards,

--julien

Follow-Ups:
- Re: SECDIR review of draft-ietf-v6ops-addr-select-req-02.txt
  - From: Ruri Hiromi <hiromi@inetcore.com>

Prev by Date: I-D ACTION:draft-ietf-v6ops-rfc3330-for-ipv6-01.txt
Next by Date: Rethinking the transition: ditching IPv4
Previous by thread: I-D ACTION:draft-ietf-v6ops-rfc3330-for-ipv6-01.txt
Next by thread: Re: SECDIR review of draft-ietf-v6ops-addr-select-req-02.txt
Index(es):
- Date
- Thread