Reviewer: Henning Rogge Review result: Has Issues //resend to RTG DIR list Hi, I was asked by the Routing Directorate to do a last call review of draft-ietf-babel-dtls-06. I like that the draft is quite short, which is a good thing for a security draft. I have found a few question you can consider to address in the final document. Chapter 2.3: I wonder if using DTLS protected unicast Hellos should be mandatory... using unprotected multicast to determine bidirectional reachability looks like a good way to do a cheap denial of service attack. Chapter 2.5: What happens when a node starts a new DTLS connection and there is already one in the neighbor table? This could both be an attempt to attack Babel, a reboot of a node or just a matter of misconfiguration of two nodes. Chapter 3: Different pairs of nodes could select different ciphers, resulting in different MTUs. I assume this is no problem for Babel (could be mentioned in the chapter). Some of the design decisions of regarding the three questions could be mentioned in chapter 5 (Security Implications). Henning Rogge
