Title: 

review of
draft-ietf-v6ops-3177bis-end-sites-00.txt




I reviewed this
document as part of the security directorate's ongoing effort to
review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.







Draft-ietf-v6ops-3177bis-end-sites-00.txt is a very
short (9 page) document that revises a policy on the default size of
an IPv6 address block that should be assigned to an end site.  It
updates RFC 3177. The original recommendation (developed by the RIRs)
was for each end site to be assigned a /48. Since the publication of
RFC 3177, three of the RIRs (APNIC, RIOPE, and ARIN) have revised
their policies to encourage assignment of /56 blocks to end
sites.







This document
updates 3177 in two significant ways




       


- It deprecates /128 assignments




       


- It moves away from the "one size fits all" suggestion of
end site address block assignments







There is no text
in the security considerations section. Given the narrow focus of this
document, I concur.  One might note that moving away from /48,
/64, and /128 boundaries may make life a tiny bit harder for address
scanning by malware that it not very sophisticated, but I don't think
this is a major concern.





Steve