Last Call Review of draft-ietf-dhc-topo-conf-07

Request Review of draft-ietf-dhc-topo-conf
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-05-23
Requested 2016-05-12
Draft last updated 2016-06-09
Completed reviews Genart Telechat review of -08 by Joel Halpern (diff)
Secdir Last Call review of -07 by Yaron Sheffer (diff)
Secdir Telechat review of -09 by Yaron Sheffer
Opsdir Last Call review of -07 by Sarah Banks (diff)
Rtgdir Early review of -08 by Russ White (diff)
Assignment Reviewer Yaron Sheffer
State Completed
Review review-ietf-dhc-topo-conf-07-secdir-lc-sheffer-2016-06-09
Reviewed rev. 07 (document currently at 09)
Review result Has Issues
Review completed: 2016-06-09


I have reviewed this document as part of the security directorate's 

ongoing effort to review all IETF documents being processed by the IESG.

These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

This document describes current practices for configuring DHCP in 

complex network scenarios, where the goal is to allow servers to 

configure DHCP clients differently depending on the client's network 



This is a very extensive document, but the security considerations do 

not do it justice.


The Security Considerations section is essentially empty, saying only 

that drafts that define DHCP options each include their own security 

considerations. However this document references 12 other RFCs (and they 

in fact do have substantial security considerations) so this leaves the 

reader to research the matter on her own.

Moreover, the technology covered spans more than 20 years (15 years, 

counting only Relay Agent Information), and security best practices have 

changed. Old security recommendations may not be today's best practices, 

and some previously recommended mechanisms may have never materialized 

in real-world deployment.

This document is basically a survey of best practices in deploying DHCP 

in complex networks. As such, I would expect the Security Considerations 

section to include:

- Recommendations about which configuration practices are to be 

preferred from a security point of view.

- Up to date security recommendations in summary form, at least for the 

main use cases covered.

- An architectural view, at the same level as the rest of the document, 

of how these configurations interact with common security practices like 

firewall-based network separation or NAC.

I realize that the document is 3 years old and everyone just wants to 

see it published, but in my opinion it is incomplete in its current form.