AD Review: draft-ietf-6man-nd-extension-headers
Brian Haberman <brian@innovationslab.net> Mon, 14 January 2013 15:09 UTC
Return-Path: <brian@innovationslab.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73ECB21F8AC3 for <ipv6@ietfa.amsl.com>; Mon, 14 Jan 2013 07:09:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.562
X-Spam-Level:
X-Spam-Status: No, score=-102.562 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AFYyd+y6NGEV for <ipv6@ietfa.amsl.com>; Mon, 14 Jan 2013 07:09:56 -0800 (PST)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) by ietfa.amsl.com (Postfix) with ESMTP id E185A21F8AD8 for <ipv6@ietf.org>; Mon, 14 Jan 2013 07:09:56 -0800 (PST)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id C038588153; Mon, 14 Jan 2013 07:09:56 -0800 (PST)
Received: from 1025265105.rude1.ra.johnshopkins.edu (addr16212925014.ippl.jhmi.edu [162.129.250.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id 4F306130019; Mon, 14 Jan 2013 07:09:56 -0800 (PST)
Message-ID: <50F41FCC.5020701@innovationslab.net>
Date: Mon, 14 Jan 2013 10:10:04 -0500
From: Brian Haberman <brian@innovationslab.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: draft-ietf-6man-nd-extension-headers@tools.ietf.org, 6man Chairs <6man-chairs@tools.ietf.org>, 6man WG <ipv6@ietf.org>
Subject: AD Review: draft-ietf-6man-nd-extension-headers
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jan 2013 15:09:57 -0000
All, I have completed my AD evaluation of draft-ietf-6man-nd-extension-headers. The following comments need to be addressed prior to progressing this draft to IETF Last Call. 1. The first sentence of the Abstract appears to be a remnant of when this draft discussed Extension Headers in general. It should be updated to focus on the use of fragmentation within NDP messages. 2. The first sentence of the Introduction is a bit misleading. NDP is specified in 4861. RFC 4862 specifies SLAAC. They are two different things, so I am not sure why 4862 is getting put into this statement. 3. The Intro also contains rudimentary discussion of existing tools for monitoring/protecting NDP traffic. It would be good to also discuss the KAME rafixd tool, as it as similar capabilities. 4. It would also be useful to discuss if there are limitations on simply blocking fragmented NDP traffic. Since this traffic is limited to a single L-2 link, dropping fragments may be a simple mechanism for dealing with fragmentation-based attacks. Regards, Brian
- AD Review: draft-ietf-6man-nd-extension-headers Brian Haberman
- Re: AD Review: draft-ietf-6man-nd-extension-headeā¦ Fernando Gont