Comment: draft-ietf-v6ops-unman-scenarios-02.txt

[Allison Mankin <mankin@psg.com>]

The Security Considerations of this document largely say that security will be
covered in a companion document, but there is a short list of topics covered in
this document.  This list should add one that is very important to the 
unmanaged scenarios (related to the recommendation in Section 5.1.2):


   Security considerations are discussed as part of the applications'
   requirements. They include:
   
   - the guarantee that local applications are only used locally,
   - the protection of the privacy of clients
   - the requirement that peer-to-peer connections are only used by
   authorized peers.

Applications in the unmanaged scenarios also need to be protected from
risks associated with the transition tools, for example, access to their
net through an opportunistic tunnel if the IPv6-over-UDP service is not
well-designed.  So I think that it would be reasonable to add to Section 
5.1.2 and to the Security Considerations some statement about securing the
recommended tunneling approaches.  Here's some suggested words for the
Security Considerations:

   - the requirement that tunneling protocols used for IPv6 access over
     IPv4 be designed for secure use; the related requirement that servers in 
     in the infrastructure supporting this tunneling be designed not to be 
     vulnerable to abuse.

(Or something like that). 


Nit:

                             In practice, updating
   the DNS can be slow, which implies that server applications will
   have a better chance of being deployed if the IPv6 addresses remain
   stable for a long period.

Oversimplified operational statement.  Does it belong in this document?