[secdir] Review of draft-ietf-aqm-recommendation-08
Shawn M Emery <shawn.emery@oracle.com> Mon, 05 January 2015 04:48 UTC
Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B4F51A1A7F for <secdir@ietfa.amsl.com>; Sun, 4 Jan 2015 20:48:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gD3K6xriSUW7 for <secdir@ietfa.amsl.com>; Sun, 4 Jan 2015 20:48:16 -0800 (PST)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 864921A1ADF for <secdir@ietf.org>; Sun, 4 Jan 2015 20:48:16 -0800 (PST)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id t054mDs6025020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 5 Jan 2015 04:48:14 GMT
Received: from userz7022.oracle.com (userz7022.oracle.com [156.151.31.86]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id t054mCO6021412 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jan 2015 04:48:12 GMT
Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12]) by userz7022.oracle.com (8.14.5+Sun/8.14.4) with ESMTP id t054mB85020774; Mon, 5 Jan 2015 04:48:12 GMT
Received: from dhcp-rmdc-twvpn-2-vpnpool-10-159-73-210.vpn.oracle.com (/10.159.73.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 04 Jan 2015 20:48:11 -0800
Message-ID: <54AA17B0.40500@oracle.com>
Date: Sun, 04 Jan 2015 21:48:48 -0700
From: Shawn M Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: secdir@ietf.org, draft-ietf-aqm-recommendation.all@tools.ietf.org
References: <544F3820.6040505@oracle.com>
In-Reply-To: <544F3820.6040505@oracle.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/GHk8PwCqNgHZME2vXtoYajxrnm8
Subject: [secdir] Review of draft-ietf-aqm-recommendation-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jan 2015 04:48:19 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This proposed BCP draft provides guidance on various ways to improve network performance over the Internet through Active Queue Management (AQM). The draft describes various techniques to avoid network failure due to congestion, congestion itself, and network latencies. The security considerations section does exist and discloses that the draft does not impose any new security considerations beyond what is currently vulnerable to DoS attacks, in fact AQM may help in mitigating against some of these attacks. However, the draft explains that not all DoS attacks can be avoided and suggests that further investigation is required to find out how to help prevent said attacks. I believe that these assertions are correct. General comments: A well written and thorough document. Thank you. Editorial comments: s/> class of/class of/ s/connection preventing/connections, preventing/ s/devices deploy/devices that deploy/ Shawn. --
- Re: [secdir] Review of draft-ietf-trill-irb-13 Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-irb-13 Donald Eastlake
- [secdir] Review of draft-ietf-tictoc-security-req… Shawn M Emery
- [secdir] Review of draft-ietf-core-groupcomm-21 Shawn M Emery
- Re: [secdir] Review of draft-ietf-core-groupcomm-… Rahman, Akbar
- Re: [secdir] Review of draft-ietf-trill-irb-13 Donald Eastlake
- Re: [secdir] Review of draft-ietf-trill-irb-13 Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-irb-13 Donald Eastlake
- [secdir] Review of draft-ietf-trill-irb-13 Shawn M Emery
- [secdir] Review of draft-ietf-l3vpn-mvpn-mldp-nlr… Shawn M Emery
- [secdir] Review of draft-ietf-aqm-recommendation-… Shawn M Emery
- [secdir] Review of draft-ietf-ccamp-rwa-wson-enco… Shawn M Emery
- [secdir] Secdir review of draft-ietf-nfsv4-lfs-re… Dacheng
- Re: [secdir] Review of draft-ietf-ccamp-rwa-wson-… Moriarty, Kathleen
- [secdir] Review of draft-ietf-manet-tlv-naming-02 Shawn M Emery
- [secdir] Review of draft-ietf-precis-nickname-18 Shawn M Emery
- [secdir] Review of draft-ietf-pwe3-iccp-stp-04 Shawn M Emery
- Re: [secdir] Review of draft-ietf-pwe3-iccp-stp-04 Mingui Zhang
- [secdir] Review of draft-ietf-dnsop-qname-minimis… Shawn M Emery
- Re: [secdir] Review of draft-ietf-dnsop-qname-min… Stephane Bortzmeyer
- [secdir] Review of draft-ietf-tcpm-undeployed-03 Shawn M Emery
- [secdir] Secdir review of draft-ietf-netconf-yang… Dacheng
- [secdir] Review of draft-ietf-bfd-seamless-base-09 Shawn M Emery
- Re: [secdir] Review of draft-ietf-bfd-seamless-ba… Carlos Pignataro (cpignata)
- [secdir] Review of draft-ietf-mpls-entropy-lsp-pi… Shawn M Emery
- Re: [secdir] Review of draft-ietf-mpls-entropy-ls… Andrew G. Malis
- Re: [secdir] Review of draft-ietf-mpls-entropy-ls… Carlos Pignataro (cpignata)
- [secdir] Review of draft-ietf-payload-rtp-ancilla… Shawn M Emery
- Re: [secdir] Review of draft-ietf-payload-rtp-anc… Thomas Edwards
- Re: [secdir] Review of draft-ietf-payload-rtp-anc… Shawn M Emery
- [secdir] Review of draft-ietf-trill-rfc6439bis-03 Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Donald Eastlake
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Donald Eastlake
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Shawn M Emery
- Re: [secdir] Review of draft-ietf-trill-rfc6439bi… Donald Eastlake