I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

The draft is essentially describing an extension to the IPv4/6 mapping mechanism to allow a mixture of mappings determined by fixed function and mappings determined by an address table.

7

.  Security Considerations



   The EAM algorithm does not introduce any new security issues beyond
   those that are already discussed in 

Section 7 of [RFC6145]

.

Which points to.

7

.  Security Considerations



   The use of stateless IP/ICMP translators does not introduce any new
   security issues beyond the security issues that are already present
   in the IPv4 and IPv6 protocols and in the routing protocols that are
   used to make the packets reach the translator.

Both statements are incorrect.

If we were to write out a modern Internet architecture we would no doubt decide that addresses have no significance above the transport layer and should not be visible to applications. But that isn't the Internet architecture we have today.

Further most Internet services  make use of IP addresses for various types of abuse mitigation. This is something that these mapping functions will have a significant impact on.

Adding an address table capability provides even more potential to play various types of application layer routing games.

This needs a comprehensive analysis.