Last Call Review of draft-iana-ipv4-examples-
review-iana-ipv4-examples-secdir-lc-leiba-2009-09-10-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This is just a short, informational document that reserved two new
address ranges for example use.  I have no significant issues with it.

I do have two minor questions:

1. The document does have normative language, telling operators what
they SHOULD and SHOULD NOT do with this addresses, and it instructs
IANA not to allocate addresses from these blocks.  Should it be BCP,
rather than Informational?  It doesn't matter terribly, so I'm just
asking the question.

2. The Security Considerations section says the document has no
security implications, but I'm not sure that's correct.  By calling
out certain addresses as examples, we might be inviting malefactors to
try to snag traffic meant for these addresses in an attempt to trick
those who use the example addresses as though they were real.  If the
advice in the Operational Implications section isn't followed, that
would result in an opportunity for fraud, for example.  I look at this
as an explanation of the importance of following the Operational
Implications advice.

Again, I consider this a minor point, and the document should
certainly go forward.

Barry