Security Assessment of the Internet Protocol Version 4
Note: This ballot was opened for revision 07 and is now closed.
(Ron Bonica) Yes
(Jari Arkko) (was Discuss) No Objection
(Stewart Bryant) (was Discuss) No Objection
The introduction appears to incorrectly uses the term TCP/IP when the author means the Internet Protocol suit. "This document is the result of an assessment of the IETF specifications of the Internet Protocol (IP)" - The document only discusses IPv4. I am surprised that Section 3 does not have a normative reference to RFC791 In Figure 3, an attacker sends a 17914-byte datagram meant to the s/to/for/ NDIS is used before it is defined. Section 3.11 (related to the aside on SA being an interface) ought to have some text on loop-back addresses, and unnumbered interfaces.
(Adrian Farrel) (was Discuss, No Objection) No Objection
(Tim Polk) (was Discuss) No Objection
I still think the document would benefit greatly from a restructuring to explicitly address goals and threats, then structure the body to address the various threats. It would have been nice to address protocol-specific issues first, then go into implementation details.
(Peter Saint-Andre) No Objection
Comment (2010-12-01 for -)
Thank you for writing this helpful document. Appendix A borders on marketing and seems like a strange thing to include in an RFC. Why is this here?