[secdir] Secdir review of draft-ietf-core-cocoa-03
Vincent Roca <vincent.roca@inria.fr> Fri, 16 March 2018 08:28 UTC
Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50CC712762F; Fri, 16 Mar 2018 01:28:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6eqR9EK04ApP; Fri, 16 Mar 2018 01:28:32 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE1811243FE; Fri, 16 Mar 2018 01:28:31 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.48,313,1517871600"; d="scan'208,217";a="258531353"
Received: from dom38-1-82-236-155-50.fbx.proxad.net (HELO [192.168.1.118]) ([82.236.155.50]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Mar 2018 09:07:32 +0100
From: Vincent Roca <vincent.roca@inria.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_3FB12971-EFF9-4B88-8F3F-0D0CA0882A96"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Message-Id: <DF2C05FE-EFE7-4180-A40D-065F13D02F01@inria.fr>
Date: Fri, 16 Mar 2018 09:07:31 +0100
To: The IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-core-cocoa.all@ietf.org
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/9Zrh1-SKkBl21Yg4NRCiEUMzyXs>
Subject: [secdir] Secdir review of draft-ietf-core-cocoa-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Mar 2018 08:28:34 -0000
Hello, I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Ready with nits This document proposes an improved congestion control for CoAP. Its Security Considerations section lists several RFCs whose security discussion may apply, and in particular [RFC7252]. This is a bit annoying as the security considerations section of RFC 7252 is 6 pages long. What do you mean more precisely? What should the implementer care about? Otherwise I agree with the authors that attacks preventing the delivery of some packets are hard to prevent while seriously impacting CoCoA. Such attacks are however limited to a single flow. What about the opposite (misleading the sender and making him unresponsive to congestion signals)? This would be a more serious issue. This is not specific to CoAP but could CoAP simplify this type of attack? Other comments: ** Introduction: In sentence "For non-confirmable packets, it also limits the sending rate to 1/RTO;" I have problems understanding what "non-confirmable" means. ** Section 3: When saying that "CoCoA has been found to perform well in scenarios with latencies ranging from the order of milliseconds to peaks of dozens of seconds,..." what do you mean by "latency"? Is it the transmission and/or propagation times? Is it related to the access method? Not very clear. And I'm a bit surprised by the value of "dozens of seconds »? Is it just a simulation parameter or is it realistic. ** Section 3: (corollary) the default initial RTO is set to 2 to 3 seconds, i.e., well below the "dozens of seconds" mentioned above. ** Appendix B. Pseudocode: As a general comment, I don't like function definitions where input and output are not defined, where global versus local variables are not defined, where persistant variables (global or static local variables) are not defined. For instance, between two calls to updateRTO(), should the RTO variable keep its previous value (I assume it is the case) or not? Same question for RTTVAR_strong, RTT_strong. And in appendix B.1., since you provide C-type pseudo-code, it's better to use a final ";" during default value initialisation (or #define if this is a constant). Cheers, Vincent
- [secdir] Secdir review of draft-ietf-core-cocoa-03 Vincent Roca