Telechat Review of draft-ietf-v6ops-tunnel-loops-
This document describes routing loop vulnerabilities inherent in the
existing design of IPv6-in-IPv4 tunneling protocols, and suggests
While the Security Considerations section of this document claims that
the recommended checks do not introduce new security threats, Section
3.1 mentions that the additional processing overhead for checking
destination and source addresses may be considerable. It would be
useful to have measurements or estimates of how this additional
processing overhead compares to the effects of the routing loop attack
that it is intended to mitigate.
This document makes no mention of the Teredo attacks that are
discussed in the USENIX WOOT paper. The authors may wish to mention
draft-gont-6man-teredo-loops-00 for the sake of completeness.
Section 3 lists three categories of mitigation measures but the
accompanying text states that they fall under two categories.
In Section 3.1, in the sentence "However, this approach has some
inherit limitations", replace "inherit" with "inherent".
In Section 4, in the sentence "...other mitigation measures may be
allowed is specific deployment scenarios", replace "may be allowed is"
with "may be feasible in".