All,
I have completed my AD evaluation of
draft-ietf-6man-nd-extension-headers. The following comments need to be
addressed prior to progressing this draft to IETF Last Call.
1. The first sentence of the Abstract appears to be a remnant of when
this draft discussed Extension Headers in general. It should be updated
to focus on the use of fragmentation within NDP messages.
2. The first sentence of the Introduction is a bit misleading. NDP is
specified in 4861. RFC 4862 specifies SLAAC. They are two different
things, so I am not sure why 4862 is getting put into this statement.
3. The Intro also contains rudimentary discussion of existing tools for
monitoring/protecting NDP traffic. It would be good to also discuss the
KAME rafixd tool, as it as similar capabilities.
4. It would also be useful to discuss if there are limitations on simply
blocking fragmented NDP traffic. Since this traffic is limited to a
single L-2 link, dropping fragments may be a simple mechanism for
dealing with fragmentation-based attacks.
Regards,
Brian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
