IETF Last Call Review of draft-ietf-6man-snac-router-ra-flag-06
review-ietf-6man-snac-router-ra-flag-06-secdir-lc-jain-2026-05-24-00

Sorry for the delay.

I have not identified any new security issues. However, I want to note that
several concerns raised against earlier versions remain unaddressed in v06 as
well. Also it looks like that v06 has regressed. The cross-reference to
snac-simple's security considerations was deleted. Section 6 now provides less
guidance than earlier.

These 2 issues are still unaddressed:

* An on-link attacker can forge the SNAC flag and affect SNAC router behavior.
RFC 4861's Hop Limit=255 only protects against off-link attackers. * An on-path
attacker can strip the SNAC flag from a legitimate RA before forwarding it,
causing receiving devices to fall back to degraded behavior silently.

If I am missing some conversation here, please let me know but I would like to
ensure that we clarify this before moving forward.