Last Call Review of draft-ietf-opsec-ip-options-filtering-05
review-ietf-opsec-ip-options-filtering-05-genart-lc-krishnan-2013-11-18-00

Request Review of draft-ietf-opsec-ip-options-filtering
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2013-09-30
Requested 2013-09-19
Other Reviews
Review State Completed
Reviewer Suresh Krishnan
Review review-ietf-opsec-ip-options-filtering-05-genart-lc-krishnan-2013-11-18
Posted at http://www.ietf.org/mail-archive/web/gen-art/current/msg09254.html
Reviewed rev. 05 (document currently at 07)
Review result Almost Ready
Draft last updated 2013-11-18
Review completed: 2013-11-18

Review
review-ietf-opsec-ip-options-filtering-05-genart-lc-krishnan-2013-11-18






I have been selected as the General Area Review Team (Gen-ART) reviewer




for this draft (for background on Gen-ART, please see




http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).




 




Please wait for direction from your document shepherd or AD before




posting a new version of the draft.




 




Document: draft-ietf-opsec-ip-options-filtering-05.txt




Reviewer: Suresh Krishnan




Review Date: 2013/11/17




IESG Telechat date: 2013/11/21




 




Summary: This draft is almost ready for publication as a BCP but




I do have some issues that you may wish to consider




 




* Sections 4.12.5 and 4.13.5




 




Since these options are supposed to be used in closed environments,




how likely are these options to appear in the wild? Even if they do,





isn’t it a symptom of a misconfiguration somewhere. Given this, I




would have expected the recommendation to read




 




Routers, security gateways, and firewalls … SHOULD by default drop





packets because they contain this option…




 




but the recommendation is “SHOULD NOT by default”. I think It would





be good if there was some reasoning attached to this recommendation.




Without such reasoning, I think this recommendation will probably not




be followed.




 




* Section 4.22.5




 




Have you considered that the default behavior for the option could be related




to the option class. E.g. Class 2 would default to ignore and forward and




class 0 would default to drop and log.




 




* Section 4.23.4




 




It would be good to specify a default for this knob. 




 




Thanks




Suresh