Last Call: <draft-ietf-opsec-dhcpv6-shield-04.txt> (DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers) to Best Current Practice

The IESG <> Mon, 17 November 2014 19:52 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 241F61A8A06; Mon, 17 Nov 2014 11:52:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id X2CyqLDbU6VF; Mon, 17 Nov 2014 11:52:10 -0800 (PST)
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 7129B1A8994; Mon, 17 Nov 2014 11:52:09 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <>
To: IETF-Announce <>
Subject: Last Call: <draft-ietf-opsec-dhcpv6-shield-04.txt> (DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers) to Best Current Practice
X-Test-IDTracker: no
X-IETF-IDTracker: 5.7.4
Auto-Submitted: auto-generated
Precedence: bulk
Sender: <>
Message-ID: <>
Date: Mon, 17 Nov 2014 11:52:09 -0800
X-Mailman-Version: 2.1.15
List-Id: "IETF announcement list. No discussions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 17 Nov 2014 19:52:12 -0000

The IESG has received a request from the Operational Security
Capabilities for IP Network Infrastructure WG (opsec) to consider the
following document:
- 'DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers'
  <draft-ietf-opsec-dhcpv6-shield-04.txt> as Best Current Practice

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the mailing lists by 2014-12-01. Exceptionally, comments may be
sent to instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.


   This document specifies a mechanism for protecting hosts connected to
   a switched network against rogue DHCPv6 servers.  The aforementioned
   mechanism is based on DHCPv6 packet-filtering at the layer-2 device
   at which the packets are received.  The aforementioned mechanism has
   been widely deployed in IPv4 networks ('DHCP snooping'), and hence it
   is desirable that similar functionality be provided for IPv6

The file can be obtained via

IESG discussion can be tracked via

No IPR declarations have been submitted directly on this I-D.