Last Call Review of draft-ietf-6man-predictable-fragment-id-09
review-ietf-6man-predictable-fragment-id-09-opsdir-lc-jiang-2015-09-11-00

• Status
• Email expansions
• History

• Versions
• 00

Review
review-ietf-6man-predictable-fragment-id-09-opsdir-lc-jiang-2015-09-11

Hi,

I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments.

This Informational document analyzes the security implications of predictable Fragment Header Identification values, and provides implementation guidance for selecting the Identification field of the Fragment Header. This document is well written. I don't see any issues from the operations and management perspective. It is ready to be published. While I am not a security expert, my review does not include the evaluation of either security threats that the document targets or whether the mentioned selecting mechanism could effectively mitigate these threats. This document does require another review by security expertise.

I have one minor comments as follow:

This document mentioned translators, but it actually only covers NAT64 [RFC6146]. It needs to use the accurate terminology.


Some editorial:

In the middle of section 3, "... reduce the Path-MTU for the corresponding destination address..., the " destination address" should be "Destination Address" for consistent.

In the 4th last paragraph of section 3, "The attacker would learn the the Identification value...", there is a duplicated "the".

Regards,

Sheng