Telechat Review of draft-ietf-6man-rfc1981bis-06
review-ietf-6man-rfc1981bis-06-secdir-telechat-shekh-yusef-2017-04-17-00

Team Security Area Directorate (secdir)
Title Telechat Review of draft-ietf-6man-rfc1981bis-06
Request Telechat - requested 2017-04-07
Reviewer Rifaat Shekh-Yusef
Review result Has Issues
Posted at https://mailarchive.ietf.org/arch/msg/secdir/TSP93gEx0QW9WDOHUK3X3ipGiMk
Last updated 2017-04-17

Review
review-ietf-6man-rfc1981bis-06-secdir-telechat-shekh-yusef-2017-04-17

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Summary: Ready with issues


The Security Considerations section describes the possible implications of
a malicious party sending false ICMPv6 Packet Too Big messages and
reasonable ways to mitigate their impact.

The section also discusses the implication of filtering valid ICMPv6
Packet Too Big messages, which is one of the limitation of this mechanism,
and points to a more robust alternative.


Issues
======

Issue 1 - The Security Considerations section, page 14:

The first paragraph is discussing the case of malicious party stopping a
victim from receiving legitimate Packet Too Big messages. The second
paragraph is discussing the filtering of such packets and implies the
potential implication of "black holing".

It seems to me that in both of these use cases "black holing" is possible,
and should be clearly stated as such.


Issue 2 - Section 4, 5th paragraph:

Should the term "near future" be clearly defined here?


Nits
====

Page 6, first paragraph:
Drop the "to" before the word "appear"

Regards,
 Rifaat