Re: [secdir] [aqm] Review of draft-ietf-aqm-codel-07
Jana Iyengar <jri@google.com> Wed, 22 March 2017 05:10 UTC
Return-Path: <jri@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 23FAA129464
for <secdir@ietfa.amsl.com>; Tue, 21 Mar 2017 22:10:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7,
RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001]
autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=google.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id lPT1P7aJklu8 for <secdir@ietfa.amsl.com>;
Tue, 21 Mar 2017 22:10:18 -0700 (PDT)
Received: from mail-vk0-x235.google.com (mail-vk0-x235.google.com
[IPv6:2607:f8b0:400c:c05::235])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id A962612943B
for <secdir@ietf.org>; Tue, 21 Mar 2017 22:10:15 -0700 (PDT)
Received: by mail-vk0-x235.google.com with SMTP id d188so115201634vka.0
for <secdir@ietf.org>; Tue, 21 Mar 2017 22:10:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=5Gm2jlSTFBRw+QETQ1oGEA0bzyEcP/oREwyeO7z1t+8=;
b=F6RYfmt29GLe7A+S6p/TrlVfpFhHPQXRBdVkmylwAhymusm9jgzEinFjv1+8rZCXTX
lGakX67QZAWi+oCaaKnxZu2v/1lLzHHBS0D4JsL6Au8Vf9CYMy1poS9WaPCF8rwInnOu
kl4KeEDOSjHDJX+IhCyZNOJ/EPo7iNKes2Ct02G3fONzFXUIvV8d3CYLiw3JfEuIPQrJ
s4zROaP1myX+Mm3x1VcmxavW5IBtKbMg09g2oJHeDo1zE+Qzu3Qqh0zBD8BM6zaz4Ccu
sBf07zI/pZOTez17jRWjHTGFHvEdzCfAk+NwFSvZpKAAwzWtZSI3BkqInb4jZviwAxj9
BGmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=5Gm2jlSTFBRw+QETQ1oGEA0bzyEcP/oREwyeO7z1t+8=;
b=igOwHoUpzAxypF9C/YxRLuOI1KWKLby3WPnmRvchHov6BwOVXcepeOofYpM14B46XM
ItXF7VGfcNnFLp7u1VGHmNWx/4rnaTCJ3VdJcFRmFy45CBBnOOjflo0zzzw5nTz2AmfW
6srFVPTRRvW/iPR14jAHyn1G2fYa1QOsLNDhcOfufhF3FcMfjsksYHOHxYigAxKg/p7c
nOi8kKClK6776+zio0Q3bOFFcVdl6qBGy1ZLcrKIW/9xeJ2eqB0ddsyw62XLLmHKxBj0
UqClEuTYjx2BU954vjEfJlJlstbvuBkyyo837mHLkE+OKgw0kgxdQWMFuOpm6PJu2sNV
nBAg==
X-Gm-Message-State: AFeK/H2Mreq0prolt0MRUvseLV5tiDEuLAoq1HH60VXteuVMf35DeZrT9MsVuBkwROSogQZuGGGjU22Xvi60RF/P
X-Received: by 10.176.74.155 with SMTP id s27mr14109789uae.143.1490159414417;
Tue, 21 Mar 2017 22:10:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.15.6 with HTTP; Tue, 21 Mar 2017 22:10:13 -0700 (PDT)
In-Reply-To: <F1C1D5B02EA3FA4A8AF54C86BA4F325CEB8479@DGGEMA501-MBS.china.huawei.com>
References: <149008338604.24977.6083947817909590331@ietfa.amsl.com>
<F1C1D5B02EA3FA4A8AF54C86BA4F325CEB8479@DGGEMA501-MBS.china.huawei.com>
From: Jana Iyengar <jri@google.com>
Date: Tue, 21 Mar 2017 22:10:13 -0700
Message-ID: <CAGD1bZZQYU7opPhVt6o_=h5Q7rYMKe159m50V=9NGaQjFgYAxA@mail.gmail.com>
To: "Gengxuesong (Geng Xuesong)" <gengxuesong@huawei.com>
Cc: Yoav Nir <ynir.ietf@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>,
"draft-ietf-aqm-codel.all@ietf.org" <draft-ietf-aqm-codel.all@ietf.org>,
"ietf@ietf.org" <ietf@ietf.org>, "aqm@ietf.org" <aqm@ietf.org>
Content-Type: multipart/alternative; boundary=f403045ef6548e677b054b4ac607
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/E7F3KWYJtcFFBFjeTimzgcXdMk4>
Subject: Re: [secdir] [aqm] Review of draft-ietf-aqm-codel-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>,
<mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>,
<mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2017 05:10:20 -0000
Thanks Yoav, Emma. I can try to move Sec 5 before Sec 3, if that helps. Yoav: What do you suggest we add for security considerations? Thanks for the reviews! - jana On Tue, Mar 21, 2017 at 7:04 PM, Gengxuesong (Geng Xuesong) < gengxuesong@huawei.com> wrote: > Hi, > > I can not agree more on this. > It is well written, but I really think I can get the point of the draft > faster if I can read the section 5 before section 3. > > > Best Regards, > Emma (Xuesong) > > -----Original Message----- > From: aqm [mailto:aqm-bounces@ietf.org] On Behalf Of Yoav Nir > Sent: Tuesday, March 21, 2017 4:03 PM > To: secdir@ietf.org > Cc: draft-ietf-aqm-codel.all@ietf.org; ietf@ietf.org; aqm@ietf.org > Subject: [aqm] Review of draft-ietf-aqm-codel-07 > > Reviewer: Yoav Nir > Review result: Has Nits > > Hi, > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments just > like any other last call comments. > > The document describes the CoDel (controlled delay) framework for reducing > bufferbloat. It does a good job of describing the problem, outlining the > solution and providing both a description of the algorithm (including > pseudo-code) and linking to real world implementations. > > Two nits: > > 1. A lot of terms are used long before they are explained, such as > Estimator, Sojourn time, Interval (BTW: if this is a moving interval the > spec should probably say so). When reading sections 3 I concluded that the > document was aimed at peopel who already knew all these terms and didn't > need definitions, but then reading section 5 gave me a lot of a-ha moments > about what I had read previously. > > 2. The security considerations section says "There are no specific > security exposures associated with CoDel." CoDel is about dropping > packets, so immediately I have to think how I could subvert a router > running CoDel to drop other people's packets. Perhaps it is fine to say > that there are no known attacks on CoDel and no steps necessary to mitigate > such, but I think it's tempting fate and hackers to say that CoDel has no > security exposures. > > _______________________________________________ > aqm mailing list > aqm@ietf.org > https://www.ietf.org/mailman/listinfo/aqm >
- [secdir] Review of draft-ietf-aqm-codel-07 Yoav Nir
- Re: [secdir] [aqm] Review of draft-ietf-aqm-codel… Gengxuesong (Geng Xuesong)
- Re: [secdir] [aqm] Review of draft-ietf-aqm-codel… Jana Iyengar
- Re: [secdir] [aqm] Review of draft-ietf-aqm-codel… Yoav Nir
- Re: [secdir] [aqm] Review of draft-ietf-aqm-codel… Jana Iyengar