Skip to main content

Telechat Review of draft-ietf-opsec-v6-26
review-ietf-opsec-v6-26-opsdir-telechat-chown-2021-04-22-00

Request Review of draft-ietf-opsec-v6
Requested revision No specific revision (document currently at 27)
Type Telechat Review
Team Ops Directorate (opsdir)
Deadline 2021-04-20
Requested 2021-04-07
Authors Éric Vyncke , KK Chittimaneni , Merike Kaeo , Enno Rey
I-D last updated 2021-04-22
Completed reviews Opsdir Early review of -13 by Tim Chown (diff)
Iotdir Early review of -21 by Ted Lemon (diff)
Rtgdir Last Call review of -21 by Acee Lindem (diff)
Opsdir Last Call review of -21 by Tim Chown (diff)
Secdir Last Call review of -21 by Linda Dunbar (diff)
Genart Last Call review of -21 by Erik Kline (diff)
Opsdir Last Call review of -25 by Tim Chown (diff)
Rtgdir Last Call review of -24 by Acee Lindem (diff)
Opsdir Telechat review of -26 by Tim Chown (diff)
Assignment Reviewer Tim Chown
State Completed
Request Telechat review on draft-ietf-opsec-v6 by Ops Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/ops-dir/-AM6pnyWXCw6GFR3wDhrRsUWrcg
Reviewed revision 26 (document currently at 27)
Result Ready
Completed 2021-04-22
review-ietf-opsec-v6-26-opsdir-telechat-chown-2021-04-22-00
Hi,

I have reviewed this document (draft-ietf-opsec-v6-26) as part of the
Operational directorate's ongoing effort to review all IETF documents being
processed by the IESG.  These comments were written with the intent of
improving the operational aspects of the IETF drafts. Comments that are not
addressed in last call may be included in AD reviews during the IESG review. 
Document editors and WG chairs should treat these comments just like any other
last call comments.

This draft analyses operational security issues related to the deployment of
IPv6, and describes appropriate mechanisms and practices to mitigate potential
threats.

I have previously reviewed this draft three times in as many years, the most
recent being my OPS DIR review of the previous -25 version.

General comments:

The nature of this beast remains the same as the -25 version, and my general
comments from that version all still apply.  The draft has a lot of good
advice, provided by authors with significant expertise in the IPv6 security
field.  It could be better structured and could give some summary points for
readers not prepared to read 50 pages, but in my view ia) it is far better to
publish this document than hold it up much longer and b) certainly no harm can
be done by publishing it as is; there is nothing wrong and no bad advice. 
Perhaps someone else can write a blog-style summary of the key points and link
to the full RFC once published.

So, overall, given the history and the time the authors have spent to date, I
would support publication.  It’s good enough.

Specific comments:

Having re-read the draft and the diffs to -25, I counted that10 of the 39
specific comments I made about the -25 version of the draft have been
addressed, the rest remain open.  No direct response was provided to the -25
review, so it’s not possible to understand what some comments were addressed
and the others not.   There is nothing wrong in the text as such, but some
significant improvements that could be made., but I understand why the authors
would rather get the document shipped.

Nits:

All nits reported in my previous review are addressed.

One new nit was introduced in 2.3.2.4:
"unless specific use cases such as the presence of devices Homenet devices
emitting router advertisements preclude this" Something's not right there.

—
Tim