Hi David, and thanks for your review. Inline:
As such, the whole document is a security consideration. The
vulnerability appears well-documented, and the guidelines for handling
the deprecated RH0 are clear.
Good.
I have a few comments
1) RH0 really is something we do not want to see used, right? Should
this RH be obsoleted rather than deprecated?
The new RFC cannot obsolete the RFC where RH0 was defined,
because the latter contains also parts that we do not intend
to remove :-) i.e., base IPv6 spec.
2) Per BCP61, MUST is for implementers, and SHOULD is for
users/deployers. There is a MUST NOT in section 4.2 that is a
deployment decision, so this should be a SHOULD NOT. At the same time,
there is a "must" in section 4.2 that is an implementation
requirement, so this should be a MUST.
Hmm. There was fair amount of discussion about this in the WG.
The problem is that wholesale filtering of protocol 43 breaks other things,
including Mobile IPv6. This is why the document explicitly says that
type specific filtering is required. There was a desire to make this
very clear.
But then again, who is the IETF to say what filtering MUST
be performed? If someone wants to block all of TCP, they should
be able to do it...
We'll talk about this point in the next IESG telechat.
3) Section three uses "must" where MUST would seem appropriate
This is a quote from another RFC, and as such we should not
change it.
Jari
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf