Hi, Arturo, Thanks so much for your feedback! -- Please find my responses inline...
On 06/05/2011 07:28 PM, Arturo Servin wrote: > I think you missed the reference to RFC 6105, this is the same problem > with the reference > than http://tools.ietf.org/id/draft-gont-v6ops-ra-guard-evasion-00.txt Good grief! -- There was an error in the xml source which resulted in the reference not being included. I'll fix this in the next rev of the I-D. > May be it is just me and the excess of caffeine but the third paragraph > of section 1 is a bit long and hard to understand. I would recommend > some rephrasing. With a bit more caffeine, it was parsable to me :-) . Anyway, I've worked a little bit on the paragraph, to improve it. This is the resulting text: ---- cut here ---- Since there is no current legitimate use for IPv6 Extension Headers in IPv6 Neighbor Discovery packets, and avoiding their use in such packets would greatly simplify the monitoring and mitigation of Neighbor Discovery attacks, this document proposes that hosts silently ignore Neighbor Discovery messages that employ IPv6 Extension Headers. ---- cut here ---- > Other: > > In section 2. I think it has to be a MUST instead of SHOULD. I'd probably agree with you but will leave this one for discussion... > In section 3, I think you should add a paragraph saying that even with > the filtering rules described > in http://tools.ietf.org/id/draft-gont-v6ops-ra-guard-evasion-00.txt there > is a important cost in complexity and performance for devices performing > those filters (l2-switches, IDS/IPS/FWS, etc.) This is a very good point. Will craft some text about this and include it in the next revision of the I-D. Thanks! Best regards, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
