Document: draft-ietf-6man-overlap-fragment-03.txt Reviewer: Francis Dupont Review Date: 2009-10-29 IETF LC End Date: 2009-11-02 IESG Telechat date: unknown Summary: Ready Major issues: None Minor issues: None Personal comment as a IPv6 implementor: overlapping fragments have no utility in IPv6 so I never added code to support them. BTW the specs just didn't disallow them (at explained in the introduction but not in the Abstract) and most implementors didn't care. Some lazy copied the IPv4 code and removed the overlap support to get something simpler, some are so lazy they kept everything... But to explicitely disallow them is the right idea. BTW I remember an old paper about BRO (before the IDSs :-) where a fragmentation/segmentation overlap was found bad, so it is not new (i.e., it is older than IPv6...). Nits/editorial comments: - Abstract page 1: allows -> does not disallow?? - Toc page 2: Acknowledgements -> Acknowledgments - 2 page 3: the term 'check' is not enough because it is for protection, something like 'security check' should be better (but a bit too strong). - 3 page 5: it is possible to get bad overlapping fragments from an error too (i.e., it is not always an attack, of course the action should be to drop the whole packet anyway). - 4 page 6: received), MUST -> received) MUST? - 6 page 6: Acknowledgements -> Acknowledgments