Skip to main content

Last Call Review of draft-ietf-anima-prefix-management-05

Request Review of draft-ietf-anima-prefix-management
Requested revision No specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-10-12
Requested 2017-09-28
Authors Sheng Jiang , Zongpeng Du , Brian E. Carpenter , Qiong Sun
I-D last updated 2017-10-06
Completed reviews Genart Last Call review of -05 by Dan Romascanu (diff)
Rtgdir Last Call review of -05 by Geoff Huston (diff)
Opsdir Last Call review of -06 by Fred Baker (diff)
Secdir Last Call review of -05 by Russ Housley (diff)
Secdir Telechat review of -06 by Catherine Meadows (diff)
Genart Telechat review of -06 by Dan Romascanu (diff)
Assignment Reviewer Russ Housley
State Completed
Request Last Call review on draft-ietf-anima-prefix-management by Security Area Directorate Assigned
Reviewed revision 05 (document currently at 07)
Result Has issues
Completed 2017-10-06
I reviewed this document as part of the Security Directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the Security Area
Directors.  Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.

Document: draft-ietf-anima-prefix-management-05
Reviewer: Russ Housley
Review Date: 2017-10-05
IETF LC End Date: 2017-10-12
IESG Telechat date: Unknown

Summary: Has Issues

No Major Concerns

Minor Concerns

This document uses "DHCPv6-PD" and "DHCPv6 PD".  At first, I was going
to recommend picking one spelling.  However, RFC 3633 does not define
either of these.  So, some explanation is needed in addition to being

In Section 3, the document says that roles can be locally defined.  If
I properly understood the rest of the document, this is just a indirect
way to state the prefix size.  If I got that right, it would help to
explain this to the reader as soon as possible.

In Section 3.2.1, please give some examples of device identities.  Are
we talking about a serial number or something else?

In Section 4.1, the document says:

  It should decide the length of the requested prefix and request it by
  the mechanism described in Section 6.

However, Section 6 talks about:

   ...  Thus it would be possible to apply an
   intended policy for every device in a simple way, without traditional
   configuration files.

I do not see how the mechanisms in Section 6 increases the allocation
for a single router.  It seems to increase the allocation to all routers
with a particular role.


Throughout the document, I find that "administrator(s)" grabs my
attention.  I suggest that "administrators" would be better for the

In Section 1, please spell out the first use of "ASA".

In Section 3.1: s/with minimum efforts/with minimum effort/