Last Call Review of draft-ietf-opsec-ip-options-filtering-05
review-ietf-opsec-ip-options-filtering-05-genart-lc-krishnan-2013-11-18-00
Request | Review of | draft-ietf-opsec-ip-options-filtering |
---|---|---|
Requested revision | No specific revision (document currently at 07) | |
Type | Last Call Review | |
Team | General Area Review Team (Gen-ART) (genart) | |
Deadline | 2013-09-30 | |
Requested | 2013-09-19 | |
Authors | Fernando Gont , Ran Atkinson , Carlos Pignataro | |
I-D last updated | 2013-11-18 | |
Completed reviews |
Genart Last Call review of -05
by Suresh Krishnan
(diff)
|
|
Assignment | Reviewer | Suresh Krishnan |
State | Completed | |
Request | Last Call review on draft-ietf-opsec-ip-options-filtering by General Area Review Team (Gen-ART) Assigned | |
Reviewed revision | 05 (document currently at 07) | |
Result | Almost ready | |
Completed | 2013-11-18 |
review-ietf-opsec-ip-options-filtering-05-genart-lc-krishnan-2013-11-18-00
I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-opsec-ip-options-filtering-05.txt Reviewer: Suresh Krishnan Review Date: 2013/11/17 IESG Telechat date: 2013/11/21 Summary: This draft is almost ready for publication as a BCP but I do have some issues that you may wish to consider * Sections 4.12.5 and 4.13.5 Since these options are supposed to be used in closed environments, how likely are these options to appear in the wild? Even if they do, isn’t it a symptom of a misconfiguration somewhere. Given this, I would have expected the recommendation to read Routers, security gateways, and firewalls … SHOULD by default drop packets because they contain this option… but the recommendation is “SHOULD NOT by default”. I think It would be good if there was some reasoning attached to this recommendation. Without such reasoning, I think this recommendation will probably not be followed. * Section 4.22.5 Have you considered that the default behavior for the option could be related to the option class. E.g. Class 2 would default to ignore and forward and class 0 would default to drop and log. * Section 4.23.4 It would be good to specify a default for this knob. Thanks Suresh