Ballot for draft-ietf-dmm-hnprenum
Yes
No Objection
Note: This ballot was opened for revision 06 and is now closed.
In the abstract, I would suggest s/as an update of the PMIPv6 specification./as an optional extension of the PMIPv6 specification./ to be crystal clear that this is not a formal update.
A couple of editorial comments: - Abstract: The last sentence is convoluted; please consider simplifying it. -3, first paragraph: "... the LMA has to notify a new HNP to a MAG...": Does this mean the same as "LMA has to notify a MAG about a new HNP"? If so, I think the text as written has the wrong direct object for "notify".
Agree with Mirja's comment, it would be clearer if use normative language.
I agree with Stephen's discuss point.
This document has a 2119 boilerplate but doesn't use normative language. I think it would actually be good to use normative language! Minor questions: - secion 4: "This temporary binding should only be used for the downwards packet transmission" By downward you mean 'to the MN', right? Why is this? Does that actually help in any scenario? - I'm not sure why section 3 is titled 'PMIPv6 Extensions'...?
Section 7 says: "The protection of UPN and UPA messages in this document follows [RFC5213] and [RFC7077]." I'm not clear if "follows" means the same as "MUST be protected using end-to-end security association(s) offering integrity and data origin authentication" (RFC5213, section 4). I think it ought really, as otherwise this could subvert the security of PMIPv6. So wouldn't it make sense to be explicit that these new messages have the same MUST requirements as binding updates. Doing that by repeating the quoted text from 5213 would be a fine way to do that, but there may be better options. The above was a discuss ballot. The AD and an author agreed with the interpretation above that that adding a clarification might be good so I've cleared the discuss assuming they'll do that nicely. (Thanks). OLD COMMENT below - It might also be worth saying in section 7 that to provision a new HNP someone has to have setup all the IPsec stuff for that.