Last Call Review of draft-ietf-opsec-ipv6-eh-filtering-06

Request Review of draft-ietf-opsec-ipv6-eh-filtering
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-12-03
Requested 2018-11-19
Authors Fernando Gont, Will LIU
Draft last updated 2018-12-04
Completed reviews Secdir Last Call review of -06 by Nancy Cam-Winget
Tsvart Last Call review of -06 by Michael Scharf
Genart Last Call review of -06 by Vijay Gurbani
Rtgdir Last Call review of -06 by Stewart Bryant
Assignment Reviewer Nancy Cam-Winget 
State Completed
Review review-ietf-opsec-ipv6-eh-filtering-06-secdir-lc-cam-winget-2018-12-04
Reviewed rev. 06
Review result Has Nits
Review completed: 2018-12-04


I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call

Significant nits:

This document provides recommendations that do include security considerations; but it
is missing privacy considerations.  While there may be no (or little impact), there should at
least be some mention of privacy considerations in Section 6 (or create a new section).

The document also references two drafts that are expired.

General: it would be useful to reference the “EH Types” (RFC7045?) so that it is clearly distinct
from the general “Option types” defined in RFC8200 (and also include the RFC8200 as
reference on the first occurrence of “option types”)

Section 2.1: the Terminology needs to be updated to comply with the latest BCP14 and RFC8174

Section 2.3: given the expressed terminology, I believe the “is *not*” is better stated as “SHOULD NOT”
to be consistent with IETF guidelines in RFC8174.

Section 2.3: this section not about “Conventions” but is really more about “Assumptions” with some recommendations
already sprinkled, so the section should fall more in the “General Discussion” section

Section 3.1: Not sure this is correct:  “[RFC7045] identifies
   which of the currently assigned Internet Protocol numbers identify
   IPv6 EHs vs. upper-layer protocols. ”
Reading RFC7045: it seems to be focused on how to process the extensions appropriately not sure it really does the identification of protocol layering or distinction?

Simple Editorial nits:
Section 2.3: redundant reference.  Suggest to update
from: “in [RFC7045].  Namely (from [RFC7045]),”
to: “namely from [RFC7045]:”

Section 3.1: the following sentence or perhaps the last clause (“they contain”) is not needed:
 “ This document discusses the
   filtering of packets based on the IPv6 EHs (as specified by
   [RFC7045]) they contain.”