FYI, Ben Campbell's GEN-ART review raised the following "minor issue", which resulted in the only DISCUSS on the document:
> Minor issues: > > -- security considerations, 1st paragraph: "This document has no > direct impact on Internet infrastructure security." > > Can source and/or destination address selection could influence > whether data is sent over and encrypted path? In particularly true > since section 7 allows the address selection to influence interface > selection? If so, it's worth mentioning the fact, and considering > whether an encrypted path vs unencrypted path should be considered > in the selection rules. Perhaps such decisions should be made prior > to following the rules in this draft--but if so it would be helpful to > explicitly say that. To address the above issue, I'm adding the following text to the security considerations section in between the 2nd and 3rd paragraph: + Similarly, most source and destination address selection algorithms, + including the one specified in this document, influence the choice + of network path taken (as do routing algorithms that are orthogonal + to, but used together with such algorithms) and hence whether data + might be sent over a path or network that might be more or less + trusted than other paths or networks. Administrators should consider + the security impact of the rows they configure in the prefix policy + table, just as they should consider the security impact of the + interface metrics used in the routing algorithms. -Dave -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
