Document: draft-ietf-geopriv-lis-discovery-11 Reviewer: Spencer Dawkins Review Date: 2009-10-21 IETF LC End Date: 2009-10-29 IESG Telechat date: (not known) Summary: This document is almost ready for publication as a Proposed Standard. I have one minor question, as follows: 2.2. Virtual Private Networks (VPNs) LIS discovery over a VPN network interface SHOULD NOT be performed. A LIS discovered in this way is unlikely to have the information necessary to determine an accurate location. Spencer (minor): I'm having a difficult time imagining why this is a SHOULD and not a MUST. When is LIS discovery over a VPN would be the *right* thing to do? I note that the related text in the following paragraph is "MUST NOT unless" - I'd be more comfortable seeing similar text here. Not all interfaces connected to a VPN can be detected by devices or the software running on them. A LIS MUST NOT provide location information in response to requests that it can identify as originating from a device on the remote end of a VPN tunnel, unless it is able to accurately determine location. The "notLocatable" HELD error code can be used to indicate to a device that discovery has revealed an unsuitable LIS. This ensures that even if a device discovers a LIS over the VPN, it does not rely on a LIS that is unable to provide accurate location information.