Last Call Review of draft-ietf-opsec-ipv6-host-scanning-07
review-ietf-opsec-ipv6-host-scanning-07-secdir-lc-zhang-2015-07-08-00

Request Review of draft-ietf-opsec-ipv6-host-scanning
Requested rev. no specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-07-08
Requested 2015-06-25
Authors Fernando Gont, Tim Chown
Draft last updated 2015-07-08
Completed reviews Genart Last Call review of -07 by Francis Dupont (diff)
Secdir Last Call review of -07 by Dacheng Zhang (diff)
Assignment Reviewer Dacheng Zhang 
State Completed
Review review-ietf-opsec-ipv6-host-scanning-07-secdir-lc-zhang-2015-07-08
Reviewed rev. 07 (document currently at 08)
Review result Has Nits
Review completed: 2015-07-08

Review
review-ietf-opsec-ipv6-host-scanning-07-secdir-lc-zhang-2015-07-08

I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document explores the topic of Network Reconnaissance in IPv6 networks. It analyzes the feasibility of address-scan attacks in IPv6 networks in different scenarios and proposes comments to mitigate to certain issues. 

Follows are two comments:

1) There are overlaps in the contents of the security consideration and conclusions. Maybe it is reasonable to integrate the the conclusions into security considerations. In addition, the security consideration section is normally about the new issues or concerns raised by the proposed work. However, this memo does not propose any new mechanism and so introduce no security vulnerability. I suggest the authors clarify this in the security consideration section. 

2) There is a very big section and a lot of short sections. I suggest to combine sections 4-14 into a single one to make the lengths of different sections more balanced. 

Anyway,  the  analysis in this work is quite extensive. I really enjoy reading it. I think this document is nearly ready for publication with some tiny modifications. 

Cheers

Dacheng