Last Call Review of draft-ietf-dhc-topo-conf-07
review-ietf-dhc-topo-conf-07-secdir-lc-sheffer-2016-06-09-00

Request Review of draft-ietf-dhc-topo-conf
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-05-23
Requested 2016-05-12
Draft last updated 2016-06-09
Completed reviews Genart Telechat review of -08 by Joel Halpern (diff)
Secdir Last Call review of -07 by Yaron Sheffer (diff)
Secdir Telechat review of -09 by Yaron Sheffer
Opsdir Last Call review of -07 by Sarah Banks (diff)
Rtgdir Early review of -08 by Russ White (diff)
Assignment Reviewer Yaron Sheffer
State Completed
Review review-ietf-dhc-topo-conf-07-secdir-lc-sheffer-2016-06-09
Reviewed rev. 07 (document currently at 09)
Review result Has Issues
Review completed: 2016-06-09

Review
review-ietf-dhc-topo-conf-07-secdir-lc-sheffer-2016-06-09

I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the IESG.



These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.



This document describes current practices for configuring DHCP in 


complex network scenarios, where the goal is to allow servers to 


configure DHCP clients differently depending on the client's network 


location.




Summary



This is a very extensive document, but the security considerations do 


not do it justice.




Details



The Security Considerations section is essentially empty, saying only 


that drafts that define DHCP options each include their own security 


considerations. However this document references 12 other RFCs (and they 


in fact do have substantial security considerations) so this leaves the 


reader to research the matter on her own.






Moreover, the technology covered spans more than 20 years (15 years, 


counting only Relay Agent Information), and security best practices have 


changed. Old security recommendations may not be today's best practices, 


and some previously recommended mechanisms may have never materialized 


in real-world deployment.






This document is basically a survey of best practices in deploying DHCP 


in complex networks. As such, I would expect the Security Considerations 


section to include:






- Recommendations about which configuration practices are to be 


preferred from a security point of view.


- Up to date security recommendations in summary form, at least for the 


main use cases covered.


- An architectural view, at the same level as the rest of the document, 


of how these configurations interact with common security practices like 


firewall-based network separation or NAC.






I realize that the document is 3 years old and everyone just wants to 


see it published, but in my opinion it is incomplete in its current form.




Thanks,
	Yaron