Last Call Review of draft-ietf-6man-prefixlen-p2p-
review-ietf-6man-prefixlen-p2p-secdir-lc-austein-2011-02-01-00
| Request | Review of | draft-ietf-6man-prefixlen-p2p |
|---|---|---|
| Requested revision | No specific revision (document currently at 01) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2011-01-06 | |
| Requested | 2010-12-28 | |
| Authors | Yoshinobu Matsuzaki , Miya Kohno , Dr. Thomas Narten , Randy Bush , Becca Nitzan , Lorenzo Colitti | |
| I-D last updated | 2011-02-01 | |
| Completed reviews |
Secdir Last Call review of -??
by Rob Austein
|
|
| Assignment | Reviewer | Rob Austein |
| State | Completed | |
| Request | Last Call review on draft-ietf-6man-prefixlen-p2p by Security Area Directorate Assigned | |
| Completed | 2011-02-01 |
review-ietf-6man-prefixlen-p2p-secdir-lc-austein-2011-02-01-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft discusses several reasons why the recommendations against using 127-bit prefixes on inter-router IPv6 point-to-point links in the current RFCs are not merely specious but actively harmful, and details several attack scenarios in which 127-bit prefixes on inter-router point-to-point links are a better defense than anything that can be done with 64-bit prefixes. The draft concludes by requiring (if this draft is adopted) router support for 127-bit prefixes and makes some recommendations on how to avoid having use of 127-bit prefixes cause problems with other IPv6 implementations. I have no security concerns regarding this document. Should have done this years ago, and the authors of this draft deserve our thanks for their perseverance.