draft-ietf-send-psreq-03.txt

[Thomas Narten <narten@us.ibm.com>]

These should all be easy to fix. I'm happy with whatever the authors
want to do with it.

Thomas


>    In constrast to solicitation messages that create state only in these
>    specific occasions, state is usually created whenever a node receives
>    an advertisement message.

actually, I thought state  was created for an advertisement only if
the node was expecting an advertisement from a particular source IP
address. This is to prevent the ND cache from overflowing as a result
of entries it doesn't really care about.... (This is copied from ARP).

> 4.1.3 Duplicate Address Detection DoS Attack
> 
>    In networks where the entering hosts obtain their addresses using
>    stateless address autoconfiguration [4], an attacking node could
>    launch a DoS attack by responding to every duplicate address
>    detection attempt made by an entering host.  If the attacker claims

not just with stateless addr conf. DHC requires this. Some manual
configs do this (I suspect). Issue occurs whenever DAD is invoked
prior to actually configuring a suggested address.


nits:

   suffers from a chicken-and-egg problem [11]: one needs and IP address

s/and IP/an IP/

>    One should also note that link layer security and IP topology do not

s/link layer/link-layer/

>    messages to creat bindings between IP addresses and MAC addresses.

s/creat/create/


>    This threat involves Neighbor Solicitation and Neighbor Advertisement
>    messages.

better:

s/this threat/the above threat/

same for next paragraph. (Actually, the useage of this occurs
frequently, and is less clear than being specific as to what the
"this" refers to).


>    This threat involves Router Advertisement message.  The extended

s/message/messages/

   This threat involves Neighbor Solicitation message.
   
ditto (and throughout)