Note: This ballot was opened for revision 09 and is now closed.

(Harald Alvestrand) No Objection

Reviewed by Michael Patton, Gen-ART

His review of -08:

OK.  I have enough other work that I'm not going to do a full
re-review, but I went through my earlier review and checked all of the
items I found then and they all seem to have been adequately addressed.

(Steven Bellovin) (was Discuss) No Objection

(Margaret Cullen) (was Discuss, Yes) No Objection

(Bill Fenner) (was Discuss) No Objection

(Sam Hartman) (was Discuss, No Objection) No Objection

(Scott Hollenbeck) No Objection

Section 7 says that "AAAA and PTR records for locally assigned local IPv6 addresses are not recommended to be installed in the global DNS."  Some text to explain why would be helpful.

(Russ Housley) (was Discuss, No Objection, Discuss) No Objection

  Section 3.2.2 makes use of MD5.  While MD5 is probably fine for this
  application, I strongly prefer SHA-1.  I propose the replacement
  of steps 4) and 5) with the following:
  
     4) Compute an SHA-1 digest on the key as specified in [FIPS, SHA1];
        the resulting value is 160 bits.
     5) Use the least significant 40 bits as the Global ID.

     [FIPS]   Federal Information Processing Standards Publication
              (FIPS PUB) 180-1, Secure Hash Standard, 17 April 1995.
     [SHA1]   D. Eastlake 3rd and P. Jones,  US Secure Hash Algorithm 1 
              (SHA1), RFC 3174, September 2001.

  Section 3.2.2 provides an algorithm, but not source code.  I think
  the title of the section should be changed.

  Global change: s/IPSEC/IPsec/

(David Kessens) No Objection

(Allison Mankin) No Objection

(Thomas Narten) No Objection

(Jon Peterson) No Objection

(Bert Wijnen) No Objection

(Alex Zinin) (was Discuss) No Objection

(Ted Hardie) (was Discuss) Abstain