Hi Eric, the draft is very well written and contains useful guidance/recommendations. Sections 2.4 and 2.5 do not contain much IPv6-specific information and sections 2.7.2.* do not give much guidance. However, these three sections together amount to ~11 pages (1/3 of the document). If you could shorten these sections, the document would become more manageable. Some minor comments and nits: 2.1.2 "... The latter would be problematic." I suspect by "latter" you mean NPTv6. Better make that explicit.
"A typical argument is that there are too many mistakes made with filters and ULAs make things easier to hide machines." Why "to hide machienes"? I would suggest "to set filters". 2.1.4 "... privacy extension addresses should be used" Punctuation mark is missing. 2.2 still TBD 2.3.2 "... for protecting hosts connected against..." "Connected hosts" maybe!? 2.3.4 "RFC6980 [RFC6980] aims to update RFC4861 [RFC4861]" "[RFC6980] updates [RFC4861]" 2.7.2 "embeb" -> embed 2.7.2.4 "... operational problems" Punctuation mark is missing. 2.7.2.8 The second "MAP-E" should be "MAP-T". 2.8 "device to authenticated" -> "device authenticated" 3.1 "bogon and reserved space" Some links might be helpful (e.g. to IANA). 5 "[RFC7084] (which obsoletes [RFC6204]" Missing ")" "[RFC7084] states that a clear choice must be given to the user to select one of those two policies." Does it? I did not find the corresponding passage. Throughout the document there are some "IPV6", "DOS" and " ", which should be replaced with "IPv6", "DoS" and " ". I hope these comments are helpful. Cheers, Markus ---- Ein Mi, 15 Jun 2016 12:50:29 +0200 Eric Vyncke (evyncke)<[email protected]> hat geschrieben ---- The authors (and OPSEC WG chairs) would really appreciate if a review of https://tools.ietf.org/html/draft-ietf-opsec-v6-08 is done in the coming days/weeks (in time to submit a -09 in case it needs to be amended). This I-D is about the operation security considerations when operating an IPv6 network (both as Service Provider and enterprise/subscriber). Thanks a lot in advance for your review and be sure to include [email protected] in your reply. - the authors (Merike, KK and Eric) - the chairmen (Gunter and Eric) PS: Markus, Fred, Fernando and Lee, as you kindly volunteered to review it during IETF-95, I also put your names ;-)
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
