[secdir] SECDIR review of draft-ietf-v6ops-ipv6-discard-prefix-02
Chris Lonvick <clonvick@cisco.com> Fri, 20 January 2012 18:47 UTC
Return-Path: <clonvick@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3E3121F8571; Fri, 20 Jan 2012 10:47:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kA0bxMSregRk; Fri, 20 Jan 2012 10:47:08 -0800 (PST)
Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 4410E21F8522; Fri, 20 Jan 2012 10:47:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=clonvick@cisco.com; l=2074; q=dns/txt; s=iport; t=1327085228; x=1328294828; h=date:from:to:subject:message-id:mime-version; bh=r/DsKDed+23qTwCACmmwGb8qF12Ect0nemiRIxSsMno=; b=LJcN6yNVk6g0IEb10YyycZtdlIdfMdaWAHbJPEajQ4ZO9jsW2E5Fi8iV 298HZVJjQrecv0Gaw/4wof4yGatYi1SiZSrvzKVyDqqUQomkMRWRVQTAJ HGBSM8gNerHLggnlwMkPskmzYsQqiRvx/6wh86U1js4M73VD0onQS34h2 Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnwHAIq1GU+rRDoH/2dsb2JhbABDnXsBkA2BBYILASUCgX40oXsBnjuMJgSIPJ9J
X-IronPort-AV: E=Sophos;i="4.71,544,1320624000"; d="scan'208";a="26228941"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-4.cisco.com with ESMTP; 20 Jan 2012 18:47:08 +0000
Received: from sjc-cde-021.cisco.com (sjc-cde-021.cisco.com [171.69.20.56]) by mtv-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id q0KIl886001484; Fri, 20 Jan 2012 18:47:08 GMT
Date: Fri, 20 Jan 2012 10:47:07 -0800
From: Chris Lonvick <clonvick@cisco.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-v6ops-ipv6-discard-prefix.all@tools.ietf.org
Message-ID: <Pine.GSO.4.63.1201201036400.24206@sjc-cde-021.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Subject: [secdir] SECDIR review of draft-ietf-v6ops-ipv6-discard-prefix-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2012 18:47:08 -0000
Hi,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
Overall, the document is very straightforward and the Security
Considerations section is appropriate for the content.
I do have one nit to pass along. I think that a paragraph break is in the
wrong place in the Introduction.
Current in Introduction:
(end of first paragraph)
manner which is efficient, scalable and straightforward to implement.
For IPv4, some networks configure RTBH installations using [RFC1918]
address space or the address blocks reserved for documentation in
[RFC5737].
However RTBH configurations are not documentation, but operationally
important features of many public-facing production networks.
Furthermore, [RFC3849] specifies that the IPv6 documentation prefix
should be filtered in both local and public contexts. On this basis,
it is suggested that both private network address blocks and
documentation prefixes described in [RFC5737] are inappropriate for
the purpose of RTBH configurations.
Suggested:
manner which is efficient, scalable and straightforward to implement.
For IPv4, some networks configure RTBH installations using [RFC1918]
address space or the address blocks reserved for documentation in
[RFC5737]. However RTBH configurations are not documentation, but
operationally important features of many public-facing production
networks. Furthermore, [RFC3849] specifies that the IPv6 documentation
prefix should be filtered in both local and public contexts. On this
basis, it is suggested that both private network address blocks and
documentation prefixes described in [RFC5737] are inappropriate for
the purpose of RTBH configurations.
Regards,
Chris
- [secdir] SECDIR review of draft-ietf-v6ops-ipv6-d… Chris Lonvick
- Re: [secdir] SECDIR review of draft-ietf-v6ops-ip… Joel jaeggli
- Re: [secdir] SECDIR review of draft-ietf-v6ops-ip… Nick Hilliard