Telechat Review of draft-ietf-csi-dhcpv6-cga-ps-
review-ietf-csi-dhcpv6-cga-ps-secdir-telechat-hanna-2010-10-10-00

Request Review of draft-ietf-csi-dhcpv6-cga-ps
Requested rev. no specific revision (document currently at 09)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2010-10-19
Requested 2010-09-25
Authors Sheng Jiang, Sean Shen
Draft last updated 2010-10-10
Completed reviews Genart Last Call review of -?? by Roni Even
Secdir Telechat review of -?? by Steve Hanna
Assignment Reviewer Steve Hanna
State Completed
Review review-ietf-csi-dhcpv6-cga-ps-secdir-telechat-hanna-2010-10-10
Review completed: 2010-10-10

Review
review-ietf-csi-dhcpv6-cga-ps-secdir-telechat-hanna-2010-10-10

I have reviewed this document as part of the security directorate's  
ongoing effort to review all IETF documents being processed by the  
IESG. These comments were written primarily for the benefit of the  
security area directors. Document editors and WG chairs should treat  
these comments just like any other last call comments.

This document discusses several ways that DHCPv6 can be used with
Cryptographically Generated Addresses (CGA), pointing out benefits
and concerns. While the document does discuss security issues in
several places, it often lapses into vague terminology like "one
should carefully consider the impact on security". Given that the
primary benefit of using CGAs is to improve security by providing
address validation without complex key distribution, carefully
analyzing security issues seems necessary for this document.

On the other hand, the Document Shepherd Write-up for this document
says "The WG was not very energetic on this document. The document
describes possible applications of CGAs and DHCP interaction and
when the WG was asked whether there was enough interest to work on
solutions, the reply was silence. As such, the consensus is based
on most of the WG being indifferent." So maybe this document is
only intended as a sketch of possible issues that can be explored
later in a more in-depth document if someone is interested in
doing so. If that's the case, maybe it's OK to not fully analyze
all the security implications. However, in that case, I think the
Security Considerations section should state clearly that this
document does not contain a complete security analysis and any
further work in this area should include such an analysis. Nobody
should implement the techniques described in this document without
conducting that more thorough analysis.

I noticed a few typos. On page 6, the word "certificated" should be
"certified". Three sentences later, "depend on policies" should be
"depending on policies". And the draft names in the Change Log say
"dhacpv6" instead of "dhcpv6".

Thanks,

Steve