Draft:  draft-ietf-mip6-firewalls-02.txt
Reviewer: Spencer Dawkins [spencer@mcsr-labs.org]
Review Date: Thursday 8/11/2005 2:21 PM CST
Telechat Date: 8/18/2005 

Summary: this document is very close to being ready for publication as 
Informational.

Review:
--------

I don't believe that Gen-ART reviews for Informational documents need to 
say much more than this, but, since I'm typing...

- The document is clearly written and well-organized. Other reviewers 
might push back on the breezy English style, but I like it.

- The first time there's a clue that firewalls are problematic for 
NON-mobile users is in the Conclusion:

   Current firewalls may not only prevent route optimization but may
   also prevent regular TCP and UDP sessions from being established in
   some cases.  This document describes some of the issues between the
   Mobile IPv6 protocol and current firewall technologies.

It might be nice to call this issue out earlier in the draft, so that 
it's more obvious what ADDITIONAL problems happen when you go mobile. 
Firewalls that drop ESP by default, for instance, are problematic for 
non-mobile users - stuff like that.

- The stated goal for this document is to enable futher discussion; I 
didn't see any thought given to firewalls in transit networks between 
the home, visited, and correspondent networks, and I'll bet transit 
networks will have something like firewalls in place, in at least some 
environments. Even a statement that says "we don't think firewalls in 
transit networks will add any requirements for further work" would be 
useful.

- The assumption that issues called out in this draft will be solved in 
MIP6 is stated at the end of the abstract. Although BEHAVE explicitly 
declares firewalls to be out of scope, it seems that what's needed is 
something like BRIDE of BEHAVE, developing BCP recommendations for 
firewall types, just as BEHAVE is doing for NAT types...