[conex] Review of draft-ietf-conex-abstract-mech-06

[Mirja Kühlewind <mirja.kuehlewind@ikr.uni-stuttgart.de>]

Hi,

sorry for the very late review. The draft reads actually very well. I only 
have some high level comments:

1) The very long title of Figure 1 was kind of confusing me.

2) Section 'Overview' is very long (for an overview). Don't know if per-flow 
state, byte vs. packet and partial deployment needs to be discussed here. 
Maybe think about a subsection on discussion points instead (which could also 
include some discussion on attacks against the audit). On the other hand 
potentially introduce briefly the credit concept here.

3) Maybe define the term 'congestion signal' in section 2.1

4) I'm not sure that section 4.6 is at the right postion as it seems to me 
more related to requirements on the encoding.

5) Maybe address briefly how to handle ConEx-not-Marked and not ConEx-capable 
packets (not only for partial deployment but also in regular operation). They 
need to be limited somehow as well, otherwise a sender can easily cheat by 
sending ConEx-not-Marked. And this has to be done by the policer (and not the 
audit though).

8) Section 5.5 doesn't give any advise how to handle encrypted TCP for loss 
estimation.

9) Section 5.5.1 introdues the credit concept. Not sure if the meaning of 
credits is well enough specified here. My personal option is that credits 
should somehow get invalid (at some point in time). This is left open in the 
current text.

10) In section 6 it is stated that 'Networks MUST NOT change ConEx marked 
packets to not_ConEx. [...]'. Maybe move this to the requirement section, 
otherwise it might be easily overread. 

11) Security Considerations lists a number of attacks. Shouldn't this document 
also give hints how to handle these attacks? Especially for the 'Dragging 
Down a Spoofed Flow ID', I can't really come up with a good solution...?

Mirja