In the process of doing the apps area review, I came across some points
that were not related to applications. The basis for these comments is
precisely the sentiment that Russ Housley expressed, which is that the
specification is done when there is no more to remove. With this
document, I wonder if quite a bit could be removed.
Specifically, a great deal of discussion goes into the PRF involving DAD
counters, etc, when all that is needed is a suitable PRF. The draft in
fact says this in Section 3 after an explanation of the inputs. Any PRF
that follows the guidelines of RFC 4086 should do fine and not cause
interoperability OR security problems. Put simply, you are
over-specifying the RID and derive no benefit from doing so.
Also, the following text in section 3 Page 7 is contorted:
This means that this document does not formally obsolete or
deprecate any of the existing algorithms to generate Interface IDs
(e.g. such as that specified in [RFC2464]). However, those IPv6
implementations that employ this specification must generate all
of their "stable" addresses as specified in this document.
My suggestion is to simplify remove it as it is self-evident.
Finally, this algorithm requires that the resultant host portion be 64
bits. Is that necessary?
Eliot
