[conex] Review of draft-ietf-conex-abstract-mech-06

Mirja Kühlewind <mirja.kuehlewind@ikr.uni-stuttgart.de> Tue, 04 June 2013 16:27 UTC

Return-Path: <mirja.kuehlewind@ikr.uni-stuttgart.de>
X-Original-To: conex@ietfa.amsl.com
Delivered-To: conex@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1928021F9CD2 for <conex@ietfa.amsl.com>; Tue, 4 Jun 2013 09:27:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.989
X-Spam-Status: No, score=-0.989 tagged_above=-999 required=5 tests=[AWL=0.960, BAYES_00=-2.599, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ZE0fPt1QSPJU for <conex@ietfa.amsl.com>; Tue, 4 Jun 2013 09:27:09 -0700 (PDT)
Received: from mailsrv.ikr.uni-stuttgart.de (mailsrv.ikr.uni-stuttgart.de []) by ietfa.amsl.com (Postfix) with ESMTP id D575921F9E79 for <conex@ietf.org>; Tue, 4 Jun 2013 07:12:28 -0700 (PDT)
Received: from netsrv1.ikr.uni-stuttgart.de (netsrv1-c []) by mailsrv.ikr.uni-stuttgart.de (Postfix) with ESMTP id D1CDE601FB; Tue, 4 Jun 2013 16:12:25 +0200 (CEST)
Received: from vpn-2-cl195 (vpn-2-cl195 []) by netsrv1.ikr.uni-stuttgart.de (Postfix) with ESMTP id CC7BE601FA; Tue, 4 Jun 2013 16:12:25 +0200 (CEST)
From: Mirja Kühlewind <mirja.kuehlewind@ikr.uni-stuttgart.de>
To: conex@ietf.org, Bob Briscoe <bob.briscoe@bt.com>, Matt Mathis <mattmathis@google.com>
Date: Tue, 04 Jun 2013 16:12:25 +0200
User-Agent: KMail/1.9.10 (enterprise35 0.20101217.1207316)
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <201306041612.25493.mkuehle@ikr.uni-stuttgart.de>
Subject: [conex] Review of draft-ietf-conex-abstract-mech-06
X-BeenThere: conex@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Congestion Exposure working group discussion list <conex.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/conex>, <mailto:conex-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/conex>
List-Post: <mailto:conex@ietf.org>
List-Help: <mailto:conex-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/conex>, <mailto:conex-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jun 2013 16:27:24 -0000


sorry for the very late review. The draft reads actually very well. I only 
have some high level comments:

1) The very long title of Figure 1 was kind of confusing me.

2) Section 'Overview' is very long (for an overview). Don't know if per-flow 
state, byte vs. packet and partial deployment needs to be discussed here. 
Maybe think about a subsection on discussion points instead (which could also 
include some discussion on attacks against the audit). On the other hand 
potentially introduce briefly the credit concept here.

3) Maybe define the term 'congestion signal' in section 2.1

4) I'm not sure that section 4.6 is at the right postion as it seems to me 
more related to requirements on the encoding.

5) Maybe address briefly how to handle ConEx-not-Marked and not ConEx-capable 
packets (not only for partial deployment but also in regular operation). They 
need to be limited somehow as well, otherwise a sender can easily cheat by 
sending ConEx-not-Marked. And this has to be done by the policer (and not the 
audit though).

8) Section 5.5 doesn't give any advise how to handle encrypted TCP for loss 

9) Section 5.5.1 introdues the credit concept. Not sure if the meaning of 
credits is well enough specified here. My personal option is that credits 
should somehow get invalid (at some point in time). This is left open in the 
current text.

10) In section 6 it is stated that 'Networks MUST NOT change ConEx marked 
packets to not_ConEx. [...]'. Maybe move this to the requirement section, 
otherwise it might be easily overread. 

11) Security Considerations lists a number of attacks. Shouldn't this document 
also give hints how to handle these attacks? Especially for the 'Dragging 
Down a Spoofed Flow ID', I can't really come up with a good solution...?