Last Call Review of draft-ietf-v6ops-enterprise-incremental-ipv6-05
review-ietf-v6ops-enterprise-incremental-ipv6-05-secdir-lc-hanna-2014-06-12-00
Request | Review of | draft-ietf-v6ops-enterprise-incremental-ipv6 |
---|---|---|
Requested revision | No specific revision (document currently at 06) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2014-06-09 | |
Requested | 2014-05-30 | |
Authors | Kiran K. Chittimaneni , Tim Chown , Lee Howard , Victor Kuarsingh , Yanick Pouffary , Éric Vyncke | |
I-D last updated | 2014-06-12 | |
Completed reviews |
Genart Last Call review of -05
by Robert Sparks
(diff)
Genart Telechat review of -05 by Robert Sparks (diff) Secdir Last Call review of -05 by Steve Hanna (diff) Opsdir Last Call review of -05 by Ron Bonica (diff) Opsdir Last Call review of -05 by Tom Taylor (diff) |
|
Assignment | Reviewer | Steve Hanna |
State | Completed | |
Request | Last Call review on draft-ietf-v6ops-enterprise-incremental-ipv6 by Security Area Directorate Assigned | |
Reviewed revision | 05 (document currently at 06) | |
Result | Has nits | |
Completed | 2014-06-12 |
review-ietf-v6ops-enterprise-incremental-ipv6-05-secdir-lc-hanna-2014-06-12-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document provides advice for enterprise administrators working on deploying IPv6 in their networks. I don't have much experience in this area (deploying IPv6 on an enterprise network) and I'm not even an IPv6 security expert but... I found the document easy to understand, thorough, and apparently based on real experiences. I was happy to see that security issues were thoroughly covered throughout and that simple, practical recommendations were given. I did find a few tiny typos and possible clarifications that are listed at the end of this email. In my view, this document is Ready with nits. The nits are tiny so they can be handled in AUTH48 or whenever the next draft is posted. Thanks, Steve ----------- Small Typos in draft-ietf-v6ops-enterprise-incremental-ipv6-05.txt * At the bottom of page 12, there is an extra close parenthesis after the word "implemented". * On page 17, "outside worlds" should be "outside world". * On page 20, at the end of section 3.5, "included both" should be "including both". At least, I think so. It's not quite clear what this parenthetical comment means. If it means that use of NPTv6 can be chosen independently of whether PA or PI addresses are used, this text might be better: Use of NPTv6 can be chosen independently from how addresses are assigned and routed within the internal network, how prefixes are routed towards the Internet, or whether PA or PI addresses are used.