Document: draft-ietf-v6ops-tunnel-loops-01.txt
    Routing Loop Attack using IPv6 Automatic Tunnels:
        Problem Statement and Proposed Mitigations
Reviewer: Joel M. Halpern
Review Date: 28-Dec-2010
IETF LC End Date: 29-Dec-2010
IESG Telechat date: 06-Jan-2011)

Summary: Nearly ready for publication as an Informational RFC

Major issues: It is unclear in the document what assumptions section 3.1 makes
about the relationship between supported tunnels and checked embedded
addresses.  Is there an assumption that the router only has to check for
addresses in the format and prefix it supports?  I hope so. Otherwise, a
router seems to be expected to look at an arbitrary IPv6 addresses, guess
whether it has an embedded IPv4 addresses, and perform filter checks on that
guessed addresses against its own addresses.
If indeed their is a relationship, then it would really help if section 3.1
said that.
Unfortunately, I am afraid no such relationship is assumed.  If not, I would
like to see significantly better explanation of how the router is to reliably
know that there is a 6rd or ISATAP address embedded in the v6 address.

Minor issues:

Nits/editorial comments: