[secdir] review of draft-ietf-v6ops-3177bis-end-sites-00.txt

Stephen Kent <kent@bbn.com> Fri, 10 December 2010 16:01 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 48BB03A6B52 for <secdir@core3.amsl.com>; Fri, 10 Dec 2010 08:01:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.363
X-Spam-Status: No, score=-102.363 tagged_above=-999 required=5 tests=[AWL=0.235, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id uKzM73SXpeAE for <secdir@core3.amsl.com>; Fri, 10 Dec 2010 08:01:14 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com []) by core3.amsl.com (Postfix) with ESMTP id 136413A6AA4 for <secdir@ietf.org>; Fri, 10 Dec 2010 08:01:14 -0800 (PST)
Received: from dommiel.bbn.com ([]:47202 helo=[]) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1PR0kU-000KAs-W8 for secdir@ietf.org; Fri, 10 Dec 2010 06:02:51 -0500
Mime-Version: 1.0
Message-Id: <p06240803c927fedaf4c8@[]>
Date: Fri, 10 Dec 2010 11:02:42 -0500
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-920125532==_ma============"
Subject: [secdir] review of draft-ietf-v6ops-3177bis-end-sites-00.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Dec 2010 16:01:15 -0000

I reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

Draft-ietf-v6ops-3177bis-end-sites-00.txt is a very short (9 page) 
document that revises a policy on the default size of an IPv6 address 
block that should be assigned to an end site.  It updates RFC 3177. 
The original recommendation (developed by the RIRs) was for each end 
site to be assigned a /48. Since the publication of RFC 3177, three 
of the RIRs (APNIC, RIOPE, and ARIN) have revised their policies to 
encourage assignment of /56 blocks to end sites.

This document updates 3177 in two significant ways
	- It deprecates /128 assignments
	- It moves away from the "one size fits all" suggestion of 
end site address block assignments

There is no text in the security considerations section. Given the 
narrow focus of this document, I concur.  One might note that moving 
away from /48, /64, and /128 boundaries may make life a tiny bit 
harder for address scanning by malware that it not very 
sophisticated, but I don't think this is a major concern.