[aqm] Review of draft-ietf-aqm-codel-07

Yoav Nir <ynir.ietf@gmail.com> Tue, 21 March 2017 08:03 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: aqm@ietf.org
Delivered-To: aqm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2793D12964F; Tue, 21 Mar 2017 01:03:06 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Yoav Nir <ynir.ietf@gmail.com>
To: secdir@ietf.org
Cc: draft-ietf-aqm-codel.all@ietf.org, ietf@ietf.org, aqm@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.47.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149008338604.24977.6083947817909590331@ietfa.amsl.com>
Date: Tue, 21 Mar 2017 01:03:06 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/aqm/0btyw3-f15gR83Iy2MzfD99KWvU>
Subject: [aqm] Review of draft-ietf-aqm-codel-07
X-BeenThere: aqm@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "Discussion list for active queue management and flow isolation." <aqm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/aqm>, <mailto:aqm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/aqm/>
List-Post: <mailto:aqm@ietf.org>
List-Help: <mailto:aqm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/aqm>, <mailto:aqm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 08:03:06 -0000

Reviewer: Yoav Nir
Review result: Has Nits

Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The document describes the CoDel (controlled delay) framework for
reducing bufferbloat. It does a good job of describing the problem,
outlining the solution and providing both a description of the
algorithm (including pseudo-code) and linking to real world
implementations. 

Two nits:

1. A lot of terms are used long before they are explained, such as
Estimator, Sojourn time, Interval (BTW: if this is a moving interval
the spec should probably say so). When reading sections 3 I concluded
that the document was aimed at peopel who already knew all these terms
and didn't need definitions, but then reading section 5 gave me a lot
of a-ha moments about what I had read previously.

2. The security considerations section says "There are no specific
security exposures associated with CoDel."  CoDel is about dropping
packets, so immediately I have to think how I could subvert a router
running CoDel to drop other people's packets. Perhaps it is fine to
say that there are no known attacks on CoDel and no steps necessary to
mitigate such, but I think it's tempting fate and hackers to say that
CoDel has no security exposures.