[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: zeroconf draft Editorial

To: "'Pekka Savola'" <pekkas@netcore.fi>
Subject: RE: zeroconf draft Editorial
From: "Karen E. Nielsen (AH/TED)" <karen.e.nielsen@ericsson.com>
Date: Mon, 23 Aug 2004 15:20:07 +0200
Cc: v6ops@ops.ietf.org

Hi Pekka,

Thanks a lot for your comments.

I shall try to mend the wording in the appropriate places.

BR, Karen

> 
> editorial
> ---------
> 
>    Tunnel endpoint:
>    A dual-stack node performing IPv6-in-IPv4 tunnel
>    encapsulation/decapsulation in accordance with zero-configuration
>    tunneling.
> 
> ==> is Tunnel Server also a Tunnel endpoint?  That is, should 
> we define
> "Tunnel Client" as well if tunnel endpoint is meant to be a 
> generic term?
> 
>    Tunnel Server:
>    A dual-stack server node with native IPv6 connectivity and which
>    provides IPv6 connectivity to client nodes by performing 
> IPv6-in-IPv4
>    tunnel encapsulation/decapsulation to/from client nodes in 
> accordance
>    with zero-configuration tunneling.
> 
> ==> as a pedantical note, native v6 connectivity is not a 
> strict requirement
> for the tunnel server.  It could very well get its v6 
> connectivity through
> v6-in-v4 tunnels, right?
> 
>    extendable to outer encapsulation mechanisms, e.g., IPv4-in-IPv6.
>                                                               
>                                            
> ==> s/outer/other/
> 
>       - Network infrastructure nodes cannot in an attempt to 
> protect the
>         end-hosts by default filter out intra-site (i.e. internally
>         sourced and destined) ipv6-in-ipv4 tunneled packets.
>       - As the tunnel service is un-authenticated (not registered) the
>         tunnel server may be usable to reflect tunneled 
> packets into the
>         network, similar to the 6to4-reflection attacks identified in
>         Error! Reference source not found..
>       - The usage of zero-configuration tunneling may open up for
>         threats to other mechanisms in the network that rely 
> on proto-41
>         encapsulation.
> 
> ==> could these be reworded slightly?  In each "bullet", 
> there appear to be
> a few grammatical errors which make it difficult to 
> understand the intent of
> the bullets.
> 
>    In order for an end-host deploying zero-configuration tunneling to
>    trust that packets it perceives as stemming from tunnel servers do
>    actually also stem form such as well as for the end-host 
> to trust on
>    the benevolence of its tunnel servers it suffices that a 
> sufficiently
>    trustworthy tunnel server end-point discovery mechanism, read
>    discovery of benevolent tunnel servers IPv4 address(es), is
>    implemented.
> 
> ==> I had hard time parsing the first lines of this loooong sentence
> 
> 10. Authors Contact Information
> 
> ==> "Authors' Addresses"
> 
> 11. References
>                                                               
>                                            
> ==> splitting the refs to normative/informative might not hurt..
> 
> 
> 
> 
> -- 
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
>

Prev by Date: node-to-node security breach
Next by Date: Re: mech-v2-05pre
Previous by thread: node-to-node security breach
Next by thread: DNS Weather Report 2004-08-24
Index(es):
- Date
- Thread