[secdir] Review of draft-ietf-tcpm-ecnsyn-08.txt
"Hilarie Orman" <ho@alum.mit.edu> Mon, 20 April 2009 14:59 UTC
Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2BFB33A6B09 for <secdir@core3.amsl.com>; Mon, 20 Apr 2009 07:59:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dWd6cNy9xZ+C for <secdir@core3.amsl.com>; Mon, 20 Apr 2009 07:59:37 -0700 (PDT)
Received: from etrn.xmission.com (etrn.xmission.com [198.60.22.17]) by core3.amsl.com (Postfix) with ESMTP id 7A01D3A6A81 for <secdir@ietf.org>; Mon, 20 Apr 2009 07:59:37 -0700 (PDT)
Received: from [166.70.57.249] (helo=localhost.localdomain) by etrn.xmission.com with esmtp (Exim 4.50) id 1LvuzH-0003VH-R1; Mon, 20 Apr 2009 09:00:47 -0600
Received: from localhost.localdomain (tobermory [127.0.0.1]) by localhost.localdomain (8.12.10/8.12.10) with ESMTP id n3KEvaqo010615; Mon, 20 Apr 2009 08:57:36 -0600
Received: (from ho@localhost) by localhost.localdomain (8.12.10/8.12.10/Submit) id n3KEvWVD010611; Mon, 20 Apr 2009 08:57:32 -0600
Date: Mon, 20 Apr 2009 08:57:32 -0600
Message-Id: <200904201457.n3KEvWVD010611@localhost.localdomain>
X-Authentication-Warning: localhost.localdomain: ho set sender to hilarie using -f
From: Hilarie Orman <ho@alum.mit.edu>
To: secdir@ietf.org
Cc: akuzma@northwestern.edu, david.borman@windriver.com, floyd@icir.org, magnus.westerlund@ericsson.com, a-mondal@northwestern.edu, lars.eggert@nokia.com, kkrama@research.att.com, weddy@grc.nasa.gov
Subject: [secdir] Review of draft-ietf-tcpm-ecnsyn-08.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Hilarie Orman <ho@alum.mit.edu>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2009 14:59:38 -0000
draft-ietf-tcpm-ecnsyn-08.txt I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This is an interesting and well-written document, I enjoyed reading it. It is about an optional, experimental modification to RFC 3168 to allow TCP SYN/ACK packets to be ECN-Capable. The TCP initiator can use this information to reduce its initial congestion window. In simulation, there is a compelling argument that this helps to improve response time during heavy congestion.. The draft argues that the mechanism introduces no security problems, using arguments that bound any potential problems by known existing behaviors. I have no reason to believe that the analysis is wrong. My only caveat is that the combined state machine for TCP and ECN seems complicated, I don't know that all cases are really covered by the draft authors. Perhaps someone could do that if this draft ever moves toward standard. Hilarie Orman
- [secdir] Review of draft-ietf-tcpm-ecnsyn-08.txt Hilarie Orman
- Re: [secdir] Review of draft-ietf-tcpm-ecnsyn-08.… Sally Floyd