Thanks for your review, Patrick! Comments inline: > I expect that the biggest risk of telling a mobile agent to use a new home > agent > is the threat of impersonation, i.e., moving home agents so as to insert a > woman-in-the-middle. > The document doesn't talk about this at all, only mentioning in the security > considerations that > a change agent command should be authenticated. > Yes. But the protocols used between mobile nodes and home agents require authentication and authorization of both sides to act in their roles. This applies even with the new home agent. Perhaps a statement about this for the security considerations section would be appropriate. > General Comments: > - There are a bunch of places where something is defined/identified with no > obvious explanation. > For example, "section 7. Protocol Considerations", defines two timeout > values. I wonder how they > came up with the values? > Good question -- though I would expect any number to be merely guidance that may get changed with implementation and usage experience. > - The IANA considerations may need a note to point that when the requested > value is assigned, the > multiple TBDs in the text will need to change. Just as a reminder. > This is usually taken care of by the RFC Editor and IANA. For ensuring that IANA actually does catch them, using a string such as "TBD by IANA" is recommended, however. Jari _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf