Summary:
This draft is basically ready for publication, but has nits that should 
be fixed before publication.

This is a reasonably well written short draft that injects randomness into 
Teredo IPv6 address generation and deprecates the Teredo cone bit.

I found a few nits:

(1) The first nit is right at the start of the draft (!).  This draft is 
clearly intended to update RFC 4380, but "Updates: 4380" is missing 
from the draft header on p.1.  Please add that.

(2) Section 3.2 on p.6 uses the acronyms RA and RS - they need to be 
expanded on first use.

(3) The first paragraph in the Security Considerations section (5) states the 
goal of comparable address prediction resistance (security) wrt a host 
directly attached to an untrusted Internet link, but nothing in the Security 
Considerations section indicates how close the technique in this draft 
comes to achieving that goal.  I suggest adding a short discussion of 
how 13 random bits compares with the level of randomness that can be 
expected from native IPv6 address assignment mechanisms.

(4) idnits 2.12.04 found four more nits that should be easy to address:

  == You're using the IETF Trust Provisions' Section 6.b License Notice from
     12 Sep 2009 rather than the newer Notice from 28 Dec 2009.  (See
     http://trustee.ietf.org/license-info/)

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard

  == The document seems to lack a disclaimer for pre-RFC5378 work, but was
     first submitted before 10 November 2008.  Should you add the disclaimer?
     (See the Legal Provisions document at
     http://trustee.ietf.org/license-info for more information.) -- however,
     there's a paragraph with a matching beginning. Boilerplate error?

  == Outdated reference: A later version (-02) exists of
     draft-ietf-v6ops-tunnel-security-concerns-01