Document: draft-ietf-dhc-relay-id-suboption-07
Reviewer: Sean Turner
Review Date: 2009-10-06
IETF LC End Date: 2009-10-16
IESG Telechat date: N/A

Summary: This draft is on the right track but has open issues, described in the review

Major #1 It's not clear to me whether both relay identifier types MUST be supported or whether implementations are free to pick which one(s) they support?  If you add one of the following (or something similar) in Section 5 then my concern is addressed:

Implementations MUST support both RELAY_IDENTIFIER_DUID and RELAY_IDENTIFIER_ASCII.

Implementations MUST support RELAY_IDENTIFIER_DUID and [SHOULD or MAY] support RELAY_IDENTIFIER_ASCII.

Implementations MUST support RELAY_IDENTIFIER_ASCII and [SHOULD or MAY] support RELAY_IDENTIFIER_DUID.

Major #2  In the security considerations it says look to RFC 3046 and RFC 4030 for security considerations and then says SHOULD use the relay agent authentication option from RFC 4030.  RFC 3046 is targeted at network infrastructures that are "trusted and secure" and RFC 4030 allows the relay agent to be part of this trusted and secure network.
If an implementation doesn't use the relay agent authentication option, then the relay agent can't be part of the "trusted and secure" network.
  This makes me think that the relay agent authentication option from RFC 4030 ought to be a MUST not a SHOULD?