Hi Dan, Thank you for the review.
Please see inline. Cheers, Med De : Romascanu, Dan (Dan) [mailto:droma...@avaya.com] Envoyé : lundi 15 février 2016 17:18 À : General Area Review Team Cc : draft-ietf-tsvwg-behave-requirements-update....@tools.ietf.org Objet : Gen-ART review of draft-ietf-tsvwg-behave-requirements-update I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq> Document: draft-ietf-tsvwg-behave-requirements-update-06 Reviewer: Dan Romascanu Review Date: 2/15/16 IETF LC End Date: 2/16/16 IESG Telechat date: Summary: This document is ready with minor issues. Major issues: None Minor issues: 1. The text in the second and third paragraphs in section 2.2 is rather confusing. Do these belong to updates, or should they be under Notes? Ø Admittedly, the NAT has to verify whether received TCP RST packets belong to a connection. This verification check is required to avoid off-path attacks. Ø If the NAT removes immediately the NAT mapping upon receipt of a TCP RST message, stale connections may be maintained by endpoints if the first RST message is lost between the NAT and the recipient. If they belong to Updates 'Admittedly' needs to be dropped, 'has to verify' becomes 'SHOULD verify', etc. Else, if these are rather notes they should be labeled Notes or Clarification [Med] These are notes. What about making this change? OLD: Admittedly, the NAT has to verify whether received TCP RST packets belong to a connection. This verification check is required to avoid off-path attacks. If the NAT removes immediately the NAT mapping upon receipt of a TCP RST message, stale connections may be maintained by endpoints if the first RST message is lost between the NAT and the recipient. NEW: Notes: * Admittedly, the NAT has to verify whether received TCP RST packets belong to a connection. This verification check is required to avoid off-path attacks. * If the NAT removes immediately the NAT mapping upon receipt of a TCP RST message, stale connections may be maintained by endpoints if the first RST message is lost between the NAT and the recipient. 2. In section 5: Ø This update is compliant with the stateful NAT64 [RFC6146] that clearly specifies three binding information bases (TCP, UDP, ICMP). As the focus of this document is NAT44, I do not believe that 'compliant' is the right word. Probably 'consistent' would be more appropriate. [Med] I changed it to "consistent" in my local copy. Thank you for catching this. 3. EIF is never expanded [Med] Fixed. Nits/editorial comments: None.
_______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art
