Last Call Review of draft-ietf-softwire-public-4over6-09
review-ietf-softwire-public-4over6-09-secdir-lc-kumari-2013-05-30-00

Request Review of draft-ietf-softwire-public-4over6
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-05-24
Requested 2013-05-16
Authors Yong Cui, Jianping Wu, Peng Wu, Olivier Vautrin, Yiu Lee
Draft last updated 2013-05-30
Completed reviews Genart Last Call review of -09 by Elwyn Davies (diff)
Secdir Last Call review of -09 by Warren Kumari (diff)
Assignment Reviewer Warren Kumari 
State Completed
Review review-ietf-softwire-public-4over6-09-secdir-lc-kumari-2013-05-30
Reviewed rev. 09 (document currently at 10)
Review result Has Nits
Review completed: 2013-05-30

Review
review-ietf-softwire-public-4over6-09-secdir-lc-kumari-2013-05-30

I have reviewed draft-ietf-softwire-public-4over6-09 as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors and
WG chairs should treat these comments just like any other last call
comments.

Given that this is an informational draft documenting existing
practice, I have no serious security concerns with the draft.  FWIW, I
agree with the issue Sean Turner already raised in his discuss, not
that Sean needs my approval.

If the draft gets another spin, the security considerations could
benefit from a bit more text making it clear that the proposed use of
IPv6 address filtering is in the context of the constrained
environment of a single ISP, where such filtering is based on the
ISP's knowledge of its own topology and address allocation scheme.
One can sort of read this between the lines anyway, but it would be
better to make it explicit.