A few comments on the individual submission.
big issues:
-----------
==> note to self and to the w.g.: this is very similar to Bellovin's
access-prefix draft, but simpler (with advantages / drawbacks that result
from that). So, I believe it might be useful to try to compare these two
approaches so we could better understand which features are needed and which
are net.
==> note that if one sets the O field to 1 but forgets to set "Org
PrefixLen", org prefixlen defaults to zero, and makes all of the
Internet a trusted, "in-organization" zone (as the field was previously
reserved").
This must be stated in the security considerations.
I would also recommend that the prefix length "0" in conjunction with
O-bit=0 is a special value which MUST be treated as equal to "none",
and a possible error be logged. This reduces the amount of flexibility
slightly, but the tradeoff seems too huge, otherwise.
5. Security Considerations
==> it should be noted that a single on-off binary value
in-org,outside-of-org may not be granular/flexible enough,
and that as many attacks come from inside the organization (either by an
insider attack or breaking into a system in the organization and attacking
there), depending too heavily on security of the "in-organization" may not
be a good idea.
substantial/semi-editorial:
---------------------------
Option format to allow the router to also advertise the length of
the advertised prefix which belongs to the same organization (or
other administrative entity).
==> clarify "other administrative entity", think the point here was to say
like "not necessary the same organization, but also otherwise named, *same*
administrative entity"?
==> if not, this may require syncing elsewhere in the draft (where it
discusses same-org, same-admin-entity)
editorial:
----------
IPv6 Working Group Brian Zill
Internet Draft Microsoft
==> "IPv6 WG" is premature as this is not yet a w.g. document..?
==> the whole document should be shifted 5 characters to the left; it
exceeds the maximum line length.
References
==> split the references explicitly, even though those are probably all
Normative.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
