Last Call Review of draft-arkko-townsley-coexistence-
review-arkko-townsley-coexistence-secdir-lc-emery-2010-10-11-00

I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the 


IESG.  These comments were written primarily for the benefit of the 


security area directors. Document editors and WG chairs should treat 


these comments just like any other last call comments.






This is an information draft that provides guidance for effectively 


managing IPv4/IPv6 addresses by address and protocol translation mechanisms.






The security considerations section does exist and defers to 


wing-nat-pt-replacement-comparison for some of the solutions.  


wing-nat-pt-replacement-comparison discusses possible DoS and spoofing 


attacks when sharing an IPv4 amongst multiple subscribers.  Though it 


would be nice if either this draft or the one referenced would prescribe 


techniques to mitigate such attacks.




General comments:

None.

Editorial comments:

s/reader to be consider/reader to consider/

This sentence should be restructured for readability purposes:

For deployments where the GW is owned and operated by the customer, this becomes
operational overhead for the Internet Service Provider (ISP) that it
will no longer be able to rely on the customer and the seller of the
GW device for.


s/of NAT444 need/of NAT444 needs/

s/tunnel could created/tunnel could be created/

Shawn.
--