Re: secid review of draft-ietf-ipv6-deprecate-rh0-01

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi David, and thanks for your review. Inline:


> As such, the whole document is a security consideration. The
> vulnerability appears well-documented, and the guidelines for handling
> the deprecated RH0 are clear.
>   

Good.

> I have a few comments
> 1) RH0 really is something we do not want to see used, right? Should
> this RH be obsoleted rather than deprecated? 
>   

The new RFC cannot obsolete the RFC where RH0 was defined,
because the latter contains also parts that we do not intend
to remove :-) i.e., base IPv6 spec.

> 2) Per BCP61, MUST is for implementers, and SHOULD is for
> users/deployers. There is a MUST NOT in section 4.2 that is a
> deployment decision, so this should be a SHOULD NOT. At the same time,
> there is a "must" in section 4.2 that is an implementation
> requirement, so this should be a MUST.
>   

Hmm. There was fair amount of discussion about this in the WG.
The problem is that wholesale filtering of protocol 43 breaks other things,
including Mobile IPv6. This is why the document explicitly says that
type specific filtering is required. There was a desire to make this
very clear.

But then again, who is the IETF to say what filtering MUST
be performed? If someone wants to block all of TCP, they should
be able to do it...

We'll talk about this point in the next IESG telechat.

> 3) Section three uses "must" where MUST would seem appropriate
>   

This is a quote from another RFC, and as such we should not
change it.

Jari


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]