Re: draft-ietf-v6ops-security-overview-06.txt comments

[Pekka Savola <pekkas@netcore.fi>]

Hi itojun,

On Fri, 3 Aug 2007, Jun-ichiro itojun Hagino wrote:
> 	i'm not too sure if the document have reached WGLC or not, but anyways,
> 	there are some critical comments coming up from my side.
> 	http://ipv6samurais.com/ipv6samurais/openbsd-audit/
> 	(still under development)

Yes -- in fact, it's already in RFC-editor's queue, so the possibility 
of making non-editorial changes is rather slim.

> 	overall (up to 2.1.9):
> 	- i'm not too sure if it is appropriate to go into middleboxes too much
> 	  in this document or not.  the document should clear up its standpoint
> 	  either to the standards side (like those who write specifications for
> 	  normal nodes), or to the "real life" side (like those who implement
> 	  middleboxes)

There has been significant debate about this, and much of it during 
IESG review (see https://datatracker.ietf.org/idtracker/ballot/2044/), 
so changes at this time are likely very substantial and not possible.

> 	- i guess we need some upper-limit on a number of hop-by-hop option
> 	  headers present on a packet.  i would say "at most 1", as the sender
> 	  can encodde as many stuffs as needed into a single hop-by-hop option
> 	  header.

Yes, that would be a good idea, but would need to be done in a spec 
that updates RFC 2460 or such.

You may be interested in draft-krishnan-ipv6-hopbyhop-01.txt which 
goes even a bit further than that.  I guess this could potentially be 
a good topic for the future IPv6 maintenance WG.

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings