[secdir] review of draft-ietf-v6ops-3177bis-end-sites-00.txt
Stephen Kent <kent@bbn.com> Fri, 10 December 2010 16:01 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 48BB03A6B52 for <secdir@core3.amsl.com>; Fri, 10 Dec 2010 08:01:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.363
X-Spam-Level:
X-Spam-Status: No, score=-102.363 tagged_above=-999 required=5 tests=[AWL=0.235, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uKzM73SXpeAE for <secdir@core3.amsl.com>; Fri, 10 Dec 2010 08:01:14 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id 136413A6AA4 for <secdir@ietf.org>; Fri, 10 Dec 2010 08:01:14 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15]:47202 helo=[192.168.1.12]) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1PR0kU-000KAs-W8 for secdir@ietf.org; Fri, 10 Dec 2010 06:02:51 -0500
Mime-Version: 1.0
Message-Id: <p06240803c927fedaf4c8@[192.168.1.12]>
Date: Fri, 10 Dec 2010 11:02:42 -0500
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-920125532==_ma============"
Subject: [secdir] review of draft-ietf-v6ops-3177bis-end-sites-00.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Dec 2010 16:01:15 -0000
I reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Draft-ietf-v6ops-3177bis-end-sites-00.txt is a very short (9 page) document that revises a policy on the default size of an IPv6 address block that should be assigned to an end site. It updates RFC 3177. The original recommendation (developed by the RIRs) was for each end site to be assigned a /48. Since the publication of RFC 3177, three of the RIRs (APNIC, RIOPE, and ARIN) have revised their policies to encourage assignment of /56 blocks to end sites. This document updates 3177 in two significant ways - It deprecates /128 assignments - It moves away from the "one size fits all" suggestion of end site address block assignments There is no text in the security considerations section. Given the narrow focus of this document, I concur. One might note that moving away from /48, /64, and /128 boundaries may make life a tiny bit harder for address scanning by malware that it not very sophisticated, but I don't think this is a major concern. Steve
- [secdir] review of draft-ietf-v6ops-3177bis-end-s… Stephen Kent