I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This document describes how IPv6 is transported over Bluetooth
Low Energy (BT-LE).
As a proviso, I am not an expert in IPv6, 6LoWPAN, or Bluetooth.
Still, this document seemed to be a clear specification of the
intended subject matter. The Security Considerations section
says that the security concerns are similar to those for IPv6
over 802.15.4. That makes sense, I suppose.
I was happy to see that this document says "IPv6 over BT-LE
SHOULD be protected by using BT-LE Link Layer security", whereas
RFC 4944 (IPv6 over 802.15.4) does not include any normative
language on using link layer security. Also, this document says
that "Key management in BT-LE is provided by the Security Manager
Protocol (SMP)", whereas RFC 4944 says that no key management
is provided by 802.15.4. So this specification is apparently
more secure that RFC 4944. That's good.
So based on my review (admitting little knowledge of BT-LE),
this document seems to be an improvement over the current
state of the art for 6LoWPAN from a security perspective.
And the overall level of security seems reasonable.
I have no objection to the publication of this document.
I did notice two typos:
gateway^1s => gateway's
respectively => respectively
Thanks,
Steve