Last Call Review of draft-ietf-capport-rfc7710bis-04
review-ietf-capport-rfc7710bis-04-secdir-lc-shekh-yusef-2020-05-01-00

Request Review of draft-ietf-capport-rfc7710bis
Requested rev. no specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2020-05-13
Requested 2020-04-29
Authors Warren Kumari, Erik Kline
Draft last updated 2020-05-01
Completed reviews Secdir Last Call review of -04 by Rifaat Shekh-Yusef (diff)
Genart Last Call review of -04 by Stewart Bryant (diff)
Opsdir Last Call review of -04 by Tim Chown (diff)
Iotdir Telechat review of -07 by Suresh Krishnan (diff)
Intdir Telechat review of -07 by Ralf Weber (diff)
Assignment Reviewer Rifaat Shekh-Yusef 
State Completed
Review review-ietf-capport-rfc7710bis-04-secdir-lc-shekh-yusef-2020-05-01
Posted at https://mailarchive.ietf.org/arch/msg/secdir/kHOP21ffwd-HSKZ2tb-brTthReA
Reviewed rev. 04 (document currently at 11)
Review result Has Issues
Review completed: 2020-05-01

Review
review-ietf-capport-rfc7710bis-04-secdir-lc-shekh-yusef-2020-05-01

Since the use of IP address literal is not forbidden by this document, what if 
an attacker with the ability to inject DHCP messages or RAs uses this option 
to force the user to contact an IP address of his choosing? In this case, the use 
of TLS and presenting the identity in the certificate might not be of much help.

I think this case should be discussed in the security consideration section.