Security Review of draft-ietf-behave-nat-behavior-discovery-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. 

(I note there is expected to be a new version coming for this draft).

Security Issues:
The Security Considerations section is reasonably complete, as far as I can tell, however it is not terribly clear that it suggests authentication of the clients (it says "preexisting credentials") - I think this could be clearer. The description of XOR-RESPONSE-TARGET also doesn't include this, it's mentioned most clearly in Section 6.1. 

General comments:
I have a strong suspicion that this document is Experimental purely because it failed to gain sufficient consensus to be Standards-Track. It's not clear to me why this is not Informational, or why all the extensions described in the document are within the same document. I'm dubious that they're all of similar quality.
If there is an experiment here, then it's in the usage of these extensions to determine whether, at least in some cases, NAT behaviour is sufficiently stable as to be useful, and moreover, whether taking advantage of this is practical. The extensions themselves clearly seem suitable for discovering whether this is so.
As such, section 2.3 seems somewhat contrived and grasping. This isn't to say that the hypothesis being tested is not valid, but the experiment, as defined, seems like a matter of form rather than a useful test of the hypothesis as outlined. 

Editorial Issues:
The use of the term "aprocyphal" is interesting, but conjures up connotations that seem to be somewhat self-defeating. Perhaps "anecdotal" would be more fitting, or "controversial". (It is this evidence, after all, that forms the hypothesis mentioned above, and the hypothesis itself is surely not aprocypha).
IANA section requests registration of CHANGE-REQUEST, but this is already registered - the registration needs changing, as per section 6.1, where the situation is detailed more clearly. 

Typographical Errors:

Extraneous "}" in section 9.4.

_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]