I have been selected as the Applications Area Directorate reviewer
for this draft (for background on APPSDIR, please see
http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate ).
Please resolve these comments along with any other Last Call comments
you may receive. Please wait for direction from your document
shepherd or AD before posting a new version of the draft. The review
is not copied to the IESG as the Last Call has not been announced yet.
Document: draft-vegoda-cotton-rfc5735bis-02
Title: Special Use IPv4 Addresses
Reviewer: S. Moonesamy
Review Date: June 3, 2012
Summary: This document is almost ready for publication as a BCP.
The draft describes the global and other specialized IPv4 address
blocks that have been assigned by IANA. It is an update of RFC 5735
to include the Shared IPv4 address space which was assigned about the
publication of RFC 5735. The proposal does not have any impact on
Application-related protocols.
Major issues: None
Minor issues:
In Section 1:
"Section 4 of this document describes that assignment process."
Section 4 contains a summary table without any assignment process
description. Where is the assignment process described?
In Section 5:
"The domain name and IP address spaces involve policy issues (in
addition to technical issues) so that the requirements of [RFC2860]
do not apply generally to those spaces."
The wording is different from what is in RFC 2860.
"Immediately before the RFC is published, the IANA will, in
consultation with the Regional Internet Registries, make the
necessary assignment and notify the RFC Editor of the particulars
for inclusion in the RFC as published."
There is no mention of "Regional Internet Registries" in RFC 2860.
I suggest dropping Section 5 as according to Abstract this draft is
about documenting Special Use IPv4 addresses.
In Section 7:
"Security policy SHOULD NOT blindly filter all of these address spaces
without due consideration, and network operators are encouraged to
review this document, and references contained therein, and determine
what security policies should be associated with each of these address
blocks within their specific operating environments."
The recommendation is not clear. The recommendation seems more
appropriate for network operators instead of "Security policy" as
they have the awareness to make such decisions.
Given the recommendation about due consideration and reviewing all
the references, these references would have to be normative. It is
easier to remove the RFC 2119 boilerplate and use a "should not" to
reduce the amount of required reading.
Nits:
Why does this draft update RFC 6441?
Regards,
S. Moonesamy