Last Call Review of draft-ietf-6man-predictable-fragment-id-09

Request Review of draft-ietf-6man-predictable-fragment-id
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2015-09-09
Requested 2015-09-01
Authors Fernando Gont
Draft last updated 2015-09-11
Completed reviews Genart Last Call review of -09 by Meral Shirazipour (diff)
Genart Telechat review of -10 by Meral Shirazipour
Opsdir Last Call review of -09 by Sheng Jiang (diff)
Secdir Telechat review of -10 by Klaas Wierenga
Secdir Last Call review of -09 by Klaas Wierenga (diff)
Assignment Reviewer Sheng Jiang
State Completed
Review review-ietf-6man-predictable-fragment-id-09-opsdir-lc-jiang-2015-09-11
Reviewed rev. 09 (document currently at 10)
Review result Has Nits
Review completed: 2015-09-11



I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments.

This Informational document analyzes the security implications of predictable Fragment Header Identification values, and provides implementation guidance for selecting the Identification field of the Fragment Header. This document is well written. I don't see any issues from the operations and management perspective. It is ready to be published. While I am not a security expert, my review does not include the evaluation of either security threats that the document targets or whether the mentioned selecting mechanism could effectively mitigate these threats. This document does require another review by security expertise.

I have one minor comments as follow:

This document mentioned translators, but it actually only covers NAT64 [RFC6146]. It needs to use the accurate terminology.

Some editorial:

In the middle of section 3, "... reduce the Path-MTU for the corresponding destination address..., the " destination address" should be "Destination Address" for consistent.

In the 4th last paragraph of section 3, "The attacker would learn the the Identification value...", there is a duplicated "the".