Many thanks for your review, Suresh. We will propose resolutions to these three comments you make.
Thanks, -- Carlos. On Nov 18, 2013, at 12:54 AM, Suresh Krishnan <[email protected]> wrote: > I have been selected as the General Area Review Team (Gen-ART) reviewer > for this draft (for background on Gen-ART, please see > http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). > > Please wait for direction from your document shepherd or AD before > posting a new version of the draft. > > Document: draft-ietf-opsec-ip-options-filtering-05.txt > Reviewer: Suresh Krishnan > Review Date: 2013/11/17 > IESG Telechat date: 2013/11/21 > > Summary: This draft is almost ready for publication as a BCP but > I do have some issues that you may wish to consider > > * Sections 4.12.5 and 4.13.5 > > Since these options are supposed to be used in closed environments, > how likely are these options to appear in the wild? Even if they do, > isn’t it a symptom of a misconfiguration somewhere. Given this, I > would have expected the recommendation to read > > Routers, security gateways, and firewalls … SHOULD by default drop > packets because they contain this option… > > but the recommendation is “SHOULD NOT by default”. I think It would > be good if there was some reasoning attached to this recommendation. > Without such reasoning, I think this recommendation will probably not > be followed. > > * Section 4.22.5 > > Have you considered that the default behavior for the option could be related > to the option class. E.g. Class 2 would default to ignore and forward and > class 0 would default to drop and log. > > * Section 4.23.4 > > It would be good to specify a default for this knob. > > Thanks > Suresh
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
