Hi, I agree with your comment and the proposed change. Using RFC9602 range should be the preferred way to go. Cheers Bala'zs
-----Original Message----- From: Tom Hill <t...@ninjabadger.net> Sent: Tuesday, August 26, 2025 4:54 PM To: spring@ietf.org Subject: [spring] Address ranges, re: draft-ietf-spring-srv6-security-05 [Ritkán kap e-maileket t...@ninjabadger.net. Miért fontos ez a https://aka.ms/LearnAboutSenderIdentification ] Hello, I realised this has been raised before and I'd been asked to write to the list, but I would appreciate some discussion on this point. In Section 7.1.3, Address Range Filtering, there is a list of example infrastructure address ranges to be used for SRv6 SIDs. -- Some examples of an infrastructure address range for SIDs are: 1. ULA addresses 2. The prefix defined in [RFC9602] 3. GUA addresses -- I have questions over the format, first and foremost; is this meant to be an ordered list? Previous feedback was no, but this format has persisted into the latest revision. If it isn't intended to be ordered, then it must be unordered to prevent the same ambiguity. If it is intended to be ordered, I am concerned with ULA being preferred over the purposely defined prefix in RFC9602. I do not feel that recommending ULA is preferable to the use of a prefix defined specifically for this use, which we now have (thank you Suresh). -- Regardless of ordering, it is also very concerning that we include GUA addressing in the list. I realise these are examples of what might be done today, and that it might be "valid" for an operator to do (I would disagree vehemently) but when discussing Security Considerations I believe that we have a duty to represent such prefix ranges as something other than equals -- they are not equal in respect of their use. Replacing the text above, a suggestion for S7.1.3 might be as follows: "Implementations of SRv6 should number SIDs within their trusted domain from the reserved prefix as defined within RFC9602." The prefix defined in RFC9602 is explicitly required to be filtered from the Internet, and it is far less complex to filter when an organisation is also utilising ULA or GUA in other networks adjacent to that of their SRv6 domain. RFC9602 should be considered as 'the' prefix range to utilise for these networks. -- Tom _______________________________________________ spring mailing list -- spring@ietf.org To unsubscribe send an email to spring-le...@ietf.org _______________________________________________ spring mailing list -- spring@ietf.org To unsubscribe send an email to spring-le...@ietf.org
