Hi Bernie,
Many thanks for the review. I’ve had a look through your comments and they all
look straightforward enough. They will be in the next version with Tomek’s
comments.
Here’s my suggestions in response to a couple of your comments:
SECTION 9:
- More of a question – do the new options or procedures add any new or
different considerations? If not, great.
There is one case that I think is missed. I’ve update the Security
Considerations section to add the following text:
A rogue client could attempt to use the mechanism described
in "Changing the Bound IPv6 Softwire Source Address” to redirect IPv4
traffic
intended for another client to itself. This would be performed by
sending a DHCPREQUEST message for another client's active IPv4
lease containing the attacker's softwire IPv6 address in
OPTION_DHCP4O6_S46_SADDR.
For such an attack to be effective, the attacker would
need to know both the client identifier and active IPv4
address lease currently in use by another client. The risk
of this can be reduced by using a client identifier format
which is not easily guessable, e.g. by including a time
component for when the client identifier was generated
(see [I-D.ietf-dhc-rfc3315bis] Section 11.2).
> - And, it is rather odd that DHCPv4 (RFC2131) and DHCPv6
> (draft-ietf-dhc-rfc3315bis) aren’t referenced in the document. They are
> implicit because RFC7341 is referenced, but not always clear that this is the
> best way to go. But I didn’t find any easy way to incorporate these
> references directly.
I’ve added the following to Section 4. Solution Overview:
In order to provision a softwire, both IPv6 and IPv4 configuration
needs to be passed to the client. To map this to the DHCP 4o6
configuration process, the IPv6 configuration is carried in
DHCPv6 options [I-D.ietf-dhc-rfc3315bis], carried
inside the DHCPv6 message DHCPV4-RESPONSE (21)
sent by the server.
And:
IPv4 configuration is carried in DHCPv4 messages <xref target="RFC2131"/>,
(inside the DHCP 4o6 option OPTION_DHCPV4_MSG (87)) using the mechanism
described in <xref target="RFC7341"/>.
The normative refs. are updated with these as well.
BTW, should I be referencing RFC3315 or the -bis version as normative at this
stage?
Thanks,
Ian
_______________________________________________
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires
