Skip to main content

Last Call Review of draft-ietf-6man-predictable-fragment-id-09
review-ietf-6man-predictable-fragment-id-09-opsdir-lc-jiang-2015-09-11-00

Request Review of draft-ietf-6man-predictable-fragment-id
Requested revision No specific revision (document currently at 10)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2015-09-09
Requested 2015-09-01
Authors Fernando Gont
I-D last updated 2015-09-11
Completed reviews Genart Last Call review of -09 by Meral Shirazipour (diff)
Genart Telechat review of -10 by Meral Shirazipour
Opsdir Last Call review of -09 by Sheng Jiang (diff)
Secdir Telechat review of -10 by Klaas Wierenga
Secdir Last Call review of -09 by Klaas Wierenga (diff)
Assignment Reviewer Sheng Jiang
State Completed
Request Last Call review on draft-ietf-6man-predictable-fragment-id by Ops Directorate Assigned
Reviewed revision 09 (document currently at 10)
Result Has nits
Completed 2015-09-11
review-ietf-6man-predictable-fragment-id-09-opsdir-lc-jiang-2015-09-11-00
Hi,

I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written with the intent of improving the operational aspects of the IETF
drafts. Comments that are not addressed in last call may be included in AD
reviews during the IESG review. Document editors and WG chairs should treat
these comments just like any other last call comments.

This Informational document analyzes the security implications of predictable
Fragment Header Identification values, and provides implementation guidance for
selecting the Identification field of the Fragment Header. This document is
well written. I don't see any issues from the operations and management
perspective. It is ready to be published. While I am not a security expert, my
review does not include the evaluation of either security threats that the
document targets or whether the mentioned selecting mechanism could effectively
mitigate these threats. This document does require another review by security
expertise.

I have one minor comments as follow:

This document mentioned translators, but it actually only covers NAT64
[RFC6146]. It needs to use the accurate terminology.

Some editorial:

In the middle of section 3, "... reduce the Path-MTU for the corresponding
destination address..., the " destination address" should be "Destination
Address" for consistent.

In the 4th last paragraph of section 3, "The attacker would learn the the
Identification value...", there is a duplicated "the".

Regards,

Sheng