iSNS DHC option comments

[Black_David@emc.com]

In the hopes of encouraging others to do likewise, here
are my comments from a review of draft-ietf-dhc-isnsoption-03.txt

(1)  If FCIP were to be added, we could run out of space in
the DD Access field.  I suggest moving the high order octet
of Administrative Flags to DD Access and making all of
those new DD Access bits RESERVED for future extensibility.

(2) The Security Considerations need to include the exposure
to a "bid down" attack on security policy distribution (malicious
intermediary weakens the security used) and say that reliance on
local policy to avoid unacceptably weak security is the
countermeasure.

Plus a few nits:

(3) Section 2.3 - Typo in name of bit 28, Discovrery --> Discovery

(4) The description of the heartbeat should probably talk about
the Multicast address to which the heartbeat is sent, as opposed
to the current language about where it originates.

(5) Please double check that the PFS bit for security is needed.
It looks like it is, as I didn't find anything obvious in a quick
scan of RFC 2409 and the DOI (and IANA registry) only has KEY_IKE,
and the authentication methods, with nothing to indicate PFS usage.

Thanks,
--David

p.s.  I hope to push this draft to a joint ips/dhc WG Last Call
	shortly after Thanksgiving.

----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953 **NEW**     FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------