Last Call Review of draft-ietf-v6ops-ipv6-discard-prefix-
review-ietf-v6ops-ipv6-discard-prefix-secdir-lc-lonvick-2012-01-23-00

Request Review of draft-ietf-v6ops-ipv6-discard-prefix
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2012-01-31
Requested 2012-01-12
Other Reviews Genart Last Call review of - by Mary Barnes (diff)
Review State Completed
Reviewer Chris Lonvick
Review review-ietf-v6ops-ipv6-discard-prefix-secdir-lc-lonvick-2012-01-23
Posted at http://www.ietf.org/mail-archive/web/secdir/current/msg03060.html
Draft last updated 2012-01-23
Review completed: 2012-01-23

Review
review-ietf-v6ops-ipv6-discard-prefix-secdir-lc-lonvick-2012-01-23

Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.



Overall, the document is very straightforward and the Security 


Considerations section is appropriate for the content.






I do have one nit to pass along.  I think that a paragraph break is in the 


wrong place in the Introduction.




Current in Introduction:
(end of first paragraph)
   manner which is efficient, scalable and straightforward to implement.
   For IPv4, some networks configure RTBH installations using [RFC1918]
   address space or the address blocks reserved for documentation in
   [RFC5737].

   However RTBH configurations are not documentation, but operationally
   important features of many public-facing production networks.
   Furthermore, [RFC3849] specifies that the IPv6 documentation prefix
   should be filtered in both local and public contexts.  On this basis,
   it is suggested that both private network address blocks and
   documentation prefixes described in [RFC5737] are inappropriate for
   the purpose of RTBH configurations.

Suggested:
   manner which is efficient, scalable and straightforward to implement.

   For IPv4, some networks configure RTBH installations using [RFC1918]
   address space or the address blocks reserved for documentation in
   [RFC5737].  However RTBH configurations are not documentation, but
   operationally important features of many public-facing production
   networks.  Furthermore, [RFC3849] specifies that the IPv6 documentation
   prefix should be filtered in both local and public contexts.  On this
   basis, it is suggested that both private network address blocks and
   documentation prefixes described in [RFC5737] are inappropriate for
   the purpose of RTBH configurations.

Regards,
Chris