Last Call Review of draft-ietf-6man-predictable-fragment-id-09
review-ietf-6man-predictable-fragment-id-09-opsdir-lc-jiang-2015-09-11-00
Request | Review of | draft-ietf-6man-predictable-fragment-id |
---|---|---|
Requested revision | No specific revision (document currently at 10) | |
Type | Last Call Review | |
Team | Ops Directorate (opsdir) | |
Deadline | 2015-09-09 | |
Requested | 2015-09-01 | |
Authors | Fernando Gont | |
I-D last updated | 2015-09-11 | |
Completed reviews |
Genart Last Call review of -09
by Meral Shirazipour
(diff)
Genart Telechat review of -10 by Meral Shirazipour Opsdir Last Call review of -09 by Sheng Jiang (diff) Secdir Telechat review of -10 by Klaas Wierenga Secdir Last Call review of -09 by Klaas Wierenga (diff) |
|
Assignment | Reviewer | Sheng Jiang |
State | Completed | |
Request | Last Call review on draft-ietf-6man-predictable-fragment-id by Ops Directorate Assigned | |
Reviewed revision | 09 (document currently at 10) | |
Result | Has nits | |
Completed | 2015-09-11 |
review-ietf-6man-predictable-fragment-id-09-opsdir-lc-jiang-2015-09-11-00
Hi, I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. This Informational document analyzes the security implications of predictable Fragment Header Identification values, and provides implementation guidance for selecting the Identification field of the Fragment Header. This document is well written. I don't see any issues from the operations and management perspective. It is ready to be published. While I am not a security expert, my review does not include the evaluation of either security threats that the document targets or whether the mentioned selecting mechanism could effectively mitigate these threats. This document does require another review by security expertise. I have one minor comments as follow: This document mentioned translators, but it actually only covers NAT64 [RFC6146]. It needs to use the accurate terminology. Some editorial: In the middle of section 3, "... reduce the Path-MTU for the corresponding destination address..., the " destination address" should be "Destination Address" for consistent. In the 4th last paragraph of section 3, "The attacker would learn the the Identification value...", there is a duplicated "the". Regards, Sheng