Re: [OPSEC] RtgDir: Last Call Review of draft-ietf-opsec-v6-21.txt - "Operational Security Considerations for IPv6 Networks"

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 09 February 2021 11:10 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA89D3A0D9D; Tue, 9 Feb 2021 03:10:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Tg7M6Oyo; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=EHosKEjh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BqsnLJtZAhT; Tue, 9 Feb 2021 03:10:23 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 208173A0D95; Tue, 9 Feb 2021 03:10:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7878; q=dns/txt; s=iport; t=1612869023; x=1614078623; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=tg5MseUw1rA68WYKjh6PMpO7jPS9i7RuvQNiFkuinUc=; b=Tg7M6OyoOEwoTP/VBZKf4OF9qzinuhkyCazl+CFFBKnPXWEWJWvTKzs4 oqCu5pCWjLlU0LZHwMpSZoj2i3Gam7jEobq/bYdcw3rqY/fdRgGrkTKca fySdqwCOt5X6ZnKmszjuA2u4U5S2ds0w+OGJhYahKaLKczRyjyQ8N6lLv s=;
X-IPAS-Result: =?us-ascii?q?A0BwBABJayJgkIENJK1iHgEBCxIMQIFEC4FTUX1aNjGEQ?= =?us-ascii?q?YNIA44QA5kcglMDVAsBAQENAQEjCgIEAQGESwIXgWsCJTcGDgIDAQEBAwIDA?= =?us-ascii?q?QEBAQUBAQECAQYEFAEBAQEBAYY4DYZDAQECAyMRDAEBJwEPAQsGAQgRAwECA?= =?us-ascii?q?wIfBwIEMBUICgQBDQWCcAGCVQMuAQ6jWQKKJXaBMoMEAQEGgTMBg1MYghIJg?= =?us-ascii?q?Q4qgnaCbBI+R4ZmG4FBP4EQASccglY+glILAoFfJoJwNIIrgVktRAEWTQQYK?= =?us-ascii?q?w8BIisDKx0IOQ4VBQYLGQUMk3+lTAqCeogpgQ2SUQMfgy6BNIkThW+PQZQ0i?= =?us-ascii?q?yuRbgUgZINUAgQCBAUCDgEBBoFrIoFZcBVlAYI+CUcXAg2OHw0NCRSDOoEBg?= =?us-ascii?q?1g7hUVzAjUCBgEJAQEDCXyKOl0BAQ?=
IronPort-PHdr: =?us-ascii?q?9a23=3ADj/PKx38/oFdP/MGsmDT+zVfbzU7u7jyIg8e44?= =?us-ascii?q?YmjLQLaKm44pD+JxWGuadmjUTCWsPQ7PcXw+bVsqW1X2sG7N7BtX0Za5VDWl?= =?us-ascii?q?cDjtlehA0vBsOJSCiZZP7nZiA3BoJOAVli+XzoOklOE8G4bFrX8TW+6DcIEU?= =?us-ascii?q?D5Mgx4bu3+Bo/ViZGx0Oa/s53eaglFnnyze7R3eR63tg7W8MIRhNhv?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,164,1610409600"; d="scan'208";a="643548868"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Feb 2021 11:10:21 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 119BALtf008605 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 9 Feb 2021 11:10:21 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 9 Feb 2021 05:10:21 -0600
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 9 Feb 2021 05:10:20 -0600
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 9 Feb 2021 06:10:20 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JWaq5hkf5599PuLxUDamX+zOn9aZGgfY+TnLlF2sZoj1hLPsUVfFuFkcJGbDVVTv5dE0QHSUmJJ9TZhTVN754007Xh4fMHhno89tX2qdNDXlwRXoy5W0imgJCMeQQ70/mLjlAx7aonpZ45efMSrRS94Ehw+jXSlb4PAhR+PQArzrawfRWA1dxXRbfGthkdV1UzXePECO1QYcolmOrnc97osTuHz/+LUQtuvt/NITfzh34QFO+qNbhajnUhDBzhazi/WyVI4FEP9WYUuI295tyYYJUQvzH0Re6b3L1BZ57sfMU1Jz0yd/xZv7ypwDpsURvx0DXTj/A4jd9uYelCs3NQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tg5MseUw1rA68WYKjh6PMpO7jPS9i7RuvQNiFkuinUc=; b=NzMwxnfriFrMNe+HK7d04VwQgSDFTIccZtXK8neNn91VbzIiScMTBhuiB7Pq6VPonuLKRt2MaEL/5a9K4Z3CmE0GDGSJFer7wudnBFX2OikG7pLsQVOPwIv4UgYx5j/x4n0bc0tvDt6ChNnXBWLUZpJSm1vbpzUTURWJAEQNfmxmwO2f1NRxkkhEDpRJm86qDzniotd1kPi0mErfesV0vTb31uTX8ckPSrivRMEnjdXNOP1oZbcPMrlhanovPToEyiWWtXH2VIy+ra6pODjmnQ/cqi4+T4IuDDdkJokTiHTaO+3vGufTfI0EuXbideMlBrm4WhZcBd2nG+zJcWuZpA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tg5MseUw1rA68WYKjh6PMpO7jPS9i7RuvQNiFkuinUc=; b=EHosKEjhHjgoT4ot7bfjzgV7/k1uZwsfUuPooXE+X0EDW1o4eV0AO7p8CfymOhCipayjGdT+8+9OtDRsjCYhEu4vJnUz59Kg6ySrl4Ot+pkSRQ2cRUC90U4jRi9rw+QzHTtK0iugimFEevMYIkCWFnDGs/DhegZ7ziUSjMJICW0=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB5143.namprd11.prod.outlook.com (2603:10b6:510:3f::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.23; Tue, 9 Feb 2021 11:10:18 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::7d4c:6b05:89aa:85b]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::7d4c:6b05:89aa:85b%3]) with mapi id 15.20.3825.030; Tue, 9 Feb 2021 11:10:18 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "Acee Lindem (acee)" <acee@cisco.com>, "draft-ietf-opsec-v6@ietf.org" <draft-ietf-opsec-v6@ietf.org>
CC: Routing Directorate <rtg-dir@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, "rtg-ads@ietf.org" <rtg-ads@ietf.org>
Thread-Topic: [OPSEC] RtgDir: Last Call Review of draft-ietf-opsec-v6-21.txt - "Operational Security Considerations for IPv6 Networks"
Thread-Index: AQHW/mnCSuHTph4XfkqN4chzQxwtiw==
Date: Tue, 9 Feb 2021 11:10:18 +0000
Message-ID: <A15E3C08-3EFF-4ACF-BD32-9FEE8CEC5777@cisco.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:c9d4:e122:d86f:c845]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 45ddb9c4-8286-4fe8-b60a-08d8cceb4927
x-ms-traffictypediagnostic: PH0PR11MB5143:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <PH0PR11MB5143A910EDDE783A06EBDB28A98E9@PH0PR11MB5143.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: G1TT0orrTKuSX8xM31NbISE3jYlDdWonT00OpHHeAD4B2wRkNxdnMoGHyTEq3Hhy3u1xSNbbmQ/uf5I5/1Y33LlqMhpeIKqBE9DcCevK8p/mbb4pNKQiMINXj3yFs6jEEpqckIHmaQfW0hK0rI5qXSqXEwBqmyanaU48Zwm5+zXbLS9NzzqjSZ5bMIPvlSJa9Hl6qlMncwihEEVjX6Pygwy9qG/bU31fb3NzmJUPYuyvV3xQMxF+pxG9HEQUmkyGHEia7UIsRgJ9NF6nHfLtjkC534ugbOdltpnAWO05YovX3TanpKVkv9QZtrzKgkLAwfxPrMXxIGtI7Pjn/5bptxd74/3aPd9M8PLIcuCfEnrMPK+fTZ69xx6kCKW0z1wgLbbbBVihpzKLO1+vYlnJ6/lpUKcFMlOr6c8S8/Xzpq+NHc/RuSV7DJnq14CnaPLwoi5yY8d5g5s2lngh66ULmtExx1NfYdwuxslI8naQ7sGsYjwK569oz0TRy4QBHoLDMqK8/zDfBCK6+HIBzPSBCATtzhCubK/PSAI7IHqlZpdYux2xuXpR0aQvgwzBmCoTUVZ+Y1N++H5MT3jxIPtWZxFEmC6zOO1t8VfjtRHyIthBSBmoSc/TR+VJBxlbzirCoIT/tYUiRETHD/5wYLrd2CJbMAnDjOt7RbBFsh6L2eh8bQTFkKiBIeehx2BcpQbt
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(366004)(396003)(136003)(376002)(346002)(15650500001)(5660300002)(110136005)(54906003)(4326008)(6506007)(316002)(53546011)(6512007)(966005)(76116006)(86362001)(186003)(478600001)(83080400002)(36756003)(450100002)(64756008)(66446008)(6486002)(66946007)(83380400001)(66574015)(91956017)(71200400001)(2616005)(66556008)(2906002)(33656002)(8676002)(66476007)(8936002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?WlFSTzlLOHNZclRGa1VyeGROYkZKUFhtMkZabkcySjl6anBaSWNXaTZVRDNU?= =?utf-8?B?c1VWZTlUaGRrYXUvMitWTnJFWFdxMW1IdWxlTHZTSDFaS29scTRGdmJ3KzRO?= =?utf-8?B?dnREYWlreWZXQWp4NCsvVmMxNjhjOWZGcjg4N0w4S2NuSXdwMzhZSUNZRUdi?= =?utf-8?B?dWdyT00zeVFNUnhhV1ZzRU5uNSswYjRjOFcwcUY2UFlOTlBSZVR2MVB6ZG11?= =?utf-8?B?WSsyc1BRUEMvaUFUa3FDcEorNVNpV0t1MFA0MkRNbUNKc2JXRXBZVTdPY0dk?= =?utf-8?B?ZDRkbytYVlNycjlYelVnckc1cXdKak9aN1hqRHdBcjV1OUkwUFU5MytuaFpM?= =?utf-8?B?RXUzQzhUR1R5SXZoN2pzanNidTVWT2hNZ2hUcHF1cUZNTWhiMERTUzAyWUtH?= =?utf-8?B?a3ZjSTgzYXpHdlF5bmxnODNJa2FmcTJqU0dKNUFITU9EN1Nrb3NGZVluUVcy?= =?utf-8?B?TTdpNXcyaU5LODZXSFNIR3p2SWYrR3ZvZmNjUmNlYUFSZDJ3MDR1cFV4dWJs?= =?utf-8?B?Ym5ZQnNrSTJYaTdxZVlNdXY2M2JpRlNOZkNOK1ZLT1VJTFhwdC9zcWVEL044?= =?utf-8?B?YWVqMGdkTXp3SFBNdy90cU4vY0xpM1VEK1lmcU1KdVBoODZ4RmpScDVuYUhO?= =?utf-8?B?Slp3am1yc3B5WlZKK01GQjZWYUJlWmM5Yi9ibi9BK3RRdWNHRG9nZll1WHEy?= =?utf-8?B?SE8rNXdiMUx5T1JEUnBRNFNDNTlSeFZVNzlVT054cVJpb250OHN5Vzh4Uk5E?= =?utf-8?B?NjUyZFZmc1ZIcEhrMTdlM1NDVUxDNEsxTVVyakFyTXo1Q0h5bkFSZTg3ZVdw?= =?utf-8?B?SDYrKzJ0S2JITkRpY2hRbFlEMDFrd1VRVUdUak1nYUF6bmlvS2lGVklLWE81?= =?utf-8?B?SmI4M2h0ZTVqTEJTV0h1cnlXR0xuYXNKU25YQ3lwa0RLbnRTTE9iN2IvSDVo?= =?utf-8?B?UWk0QzdKckdSeDJuNTNVMUpxeVd4MGFQZmYxenlqa3N6N3BnSWJXQlVWOWpF?= =?utf-8?B?ci9qdG5lSmxPZU5Md09Vc3hmZnpOelRPRjdzaU44U2JqUHk4ZEtPeUwyYU5M?= =?utf-8?B?T0xPempkRXcyS241SjNKd1hMY3hFY0pJYlA0aWVUUW1lY3BaUE9XbUYzNWRL?= =?utf-8?B?V0pubGVxa09ITDV5NGxQMDA4N1NmUlZpb1JVTnJFMXVPR0VKYXFjZDZKRmpS?= =?utf-8?B?VTFld2dXTHRtb3prcElUb25CbUdWSXg2eXFCR1F0ZDRxZjRyajJZM1hPWlhY?= =?utf-8?B?QmFiaDQ3OVJHVkh0d0JhRG04d2kyUmxGU3JzK2l6S3NZdGhBNVhkUDlJYUdl?= =?utf-8?B?VWFsR0ZiT2xRbTRKaTF2L2hBaHhLUVpLUmFCY3BOY2JpTi8zaDFjYS9JczJx?= =?utf-8?B?MjY1ZlFoMWVrTlJqZnBkWVYwams1dndvUjVxcUl1SUVmTC9nWUNrRTNmVEZz?= =?utf-8?B?VE5BQVNocml1dDJHZVhKeTIwVldHblp5U1BpSXRsRmNIZ2NHWXdSc2JmZ0pR?= =?utf-8?B?YWFBVUw1RDkyVzlTa25kWEEzL2pIOXVGc0RGOEV5bThVY0lHeXJad1ZydmR4?= =?utf-8?B?UFB1S0s0dVFZV2EycVRLazdkZjlWbk1BQkxSVzhoRXg0aGhsaFVjZGloNnl0?= =?utf-8?B?bzQxZXJ6SEt5VkdPeGovNFJiTFFYMzIrTFZVdXNFNEJ4d25WYXNOT2FGTVN6?= =?utf-8?B?ME5JR1luY3ROMjY0Ymo4a3RGWm0wQUpuYldmWFViTU1GTXhLd2t3TlN1MmRo?= =?utf-8?B?a2R5MmRxRlFRU3R6M2hHWmNBU2pFYlV6ejFwUnVvUHE1VFI1WThFOEwvMEZG?= =?utf-8?B?dDNEQW54eVl6bUhlOGluczVBNVdGRnhrclJTYTA1VnBpR0xuMG1rc09KaDl0?= =?utf-8?Q?dOOebLVchsSEl?=
Content-Type: text/plain; charset="utf-8"
Content-ID: <D83FF4BB495E3C41B9F6FBF0BB9F37E2@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 45ddb9c4-8286-4fe8-b60a-08d8cceb4927
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Feb 2021 11:10:18.8938 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2H/AeJc5HXd+UkMKJDby3+cYWYDQdVdxehSTWaPer/P9/k9SttoLRjIuwoNZR+2CizdbtVo1V2tUGM4M+RKuoA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5143
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/8fsTWuQsVshq6lrYBPt7Bp_1ygk>
Subject: Re: [OPSEC] RtgDir: Last Call Review of draft-ietf-opsec-v6-21.txt - "Operational Security Considerations for IPv6 Networks"
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2021 11:10:27 -0000

Hello Acee,

Thank you for your directorate review and sorry for such a belated reply!

Special thanks for the DIFF containing suggestions for improving the text. Most of them have been applied (none of the authors is English native so such assistance is welcome)

Look below for EV> for more comments.

Regards

-éric

-----Original Message-----
From: "Acee Lindem (acee)" <acee@cisco.com>
Date: Tuesday, 3 December 2019 at 17:21
To: "draft-ietf-opsec-v6@ietf.org" <draft-ietf-opsec-v6@ietf.org>rg>, "rtg-ads@ietf.org" <rtg-ads@ietf.org>
Cc: Routing Directorate <rtg-dir@ietf.org>rg>, "opsec@ietf.org" <opsec@ietf.org>
Subject: [OPSEC] RtgDir: Last Call Review of draft-ietf-opsec-v6-21.txt - "Operational Security Considerations for IPv6 Networks"

     Hello,

    I have been selected as the Routing Directorate reviewer for this draft.
    The Routing Directorate seeks to review all routing or routing-related
    drafts as they pass through IETF last call and IESG review, and
    sometimes on special request. The purpose of the review is to provide
    assistance to the Routing ADs. For more information about the Routing
    Directorate, please see ​

      http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir

    Although these comments are primarily for the use of the Routing ADs,
    it would be helpful if you could consider them along with any other
    IETF Early Review/Last Call  comments that you receive, and strive to
    resolve them through discussion or by updating the draft.

    Document: draft-ietf-opsec-v6-21.txt
    Reviewer: Acee Lindem
    Review Date: 12/2/2019
    IETF LC End Date: Soon
    Intended Status:  Informational

    Summary: The document contains a lot of useful recommendations and
             references for Operational Security in IPv6 networks. Since
                    the document has "Informational" status, none of the text is
                    normative.

                    While the information content is very good, parts of the
                    document are very hard to read and need revision. In general,
                    the usage of long clauses connected by semicolons should be
                    discouraged and the lists connected in this manner should
                    be replaced with complete sentences. I've attached a diffs
                    with editorial suggests but didn't try and rewrite all the
                    semicolon connected text segments.

EV> let's hope that the RFC Editor will find and remediate those long constructs.

                    There are also minor issues that need to be addressed.

    Major Issues: None

    Minor Issues:

        1. Section 1.0 - What do you mean by "updating it with that have been
           standardized since 2007."? It just doesn't read right.

EV> text has been simplified in -23

        2. Section 2.1 - IPv4 also allows multiple addresses per interface,
           i.e., secondary addresses. So what is new?

EV>  last sentence now reads as
 "Having by default multiple
   IPv6 addresses per interface is a major change compared to the unique
   IPv4 address per interface for hosts (secondary IPv4 addresses are
   not common); especially for audits (see section Section 2.6.2.3)."

        3. Section 2.1.5 - The whole discussion on how to use Router
           Advertisement (RA) messages lacks enough context to understand.
           Also, expand RA in the first occurrence.

EV> text was not clear indeed, changed

        4. Section 2.2.3 - Expand out NDP since it is not clear that it is
           Neighbor Discovery Protocol from the context. It is expanded later
           in section 2.3.

EV> thanks, fixed

        5. Section 2.4 - RFC 6192 not only defines the "router control plane"
            but provides much better guidance for control plane filtering than
            section 2.4.1 and 2.4.2.

EV> text updated

        6. Section 2.4.1 and 2.4.2 - The ingress ACL should only be applied on
           the packets punted to the RP.

EV> indeed, added

        7. Section 2.4.1 - If OSPFv3 vitual links are used, the destination
           address will not be a link-local address.

EV> trusting you on this one, text modified

        8. Section 2.4.3 - Suggest references for Path MTU Discovery
           and traceroute.

EV> good idea

        9. Section 2.5.1 - HMAC MD5 is considered vulnerable.

EV> let's indeed remove this paragraph

       10. Section 2.5.2 - What prior section describes the operational
           costs of IPsec?

EV> oups the previous section was deleted revisions ago...

       11. Section 2.5.3 - Need expansion and reference for RADB.

EV> indeed, added reference to https://www.radb.net/ 

       12. Section 2.6 - Need expansion and reference for GDPR.

EV> indeed, added reference to https://eur-lex.europa.eu/eli/reg/2016/679/oj

       13. Section 2.7.1 - ACLs are typically per address family so this
           recommendation isn't
           really feasible. Please revise.

EV> I disagree, this is a platform limitation. Text unchanged.

       14. Section 2.7.2.6 - Expand MAP-E and MAP-T.

EV> done

       15. Section 3.1 and 4.1 - Define bogon and provide reference.

EV> done, added reference to CYMRU

       16. Section 3.2 - Bad reference in fourth paragraph.

EV> fixed in -22

       17. Section 5 - Suggest references for Teredo tunnels and NAT-PT.
           Also, expand NAT-PT on first occurrence.

EV> good idea for Teredo (added) and NAPT is now defined in section 1

    Nits: Attached diff with suggested edits.

EV> big thanks for them

    Thanks,
    Acee