[secdir] Sec-dir review of draft-ietf-ledbat-congestion-09

<kathleen.moriarty@emc.com> Thu, 03 May 2012 16:06 UTC

Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E19121F85D3; Thu, 3 May 2012 09:06:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.559
X-Spam-Level:
X-Spam-Status: No, score=-10.559 tagged_above=-999 required=5 tests=[AWL=0.040, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rTYmfl41f7Th; Thu, 3 May 2012 09:06:08 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by ietfa.amsl.com (Postfix) with ESMTP id 30EAB21F85D2; Thu, 3 May 2012 09:06:02 -0700 (PDT)
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q43G5vXe002498 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 3 May 2012 12:05:58 -0400
Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.222.130]) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor); Thu, 3 May 2012 12:05:33 -0400
Received: from mxhub23.corp.emc.com (mxhub23.corp.emc.com [128.222.70.135]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q43G5W6u018724; Thu, 3 May 2012 12:05:32 -0400
Received: from mx06a.corp.emc.com ([169.254.1.106]) by mxhub23.corp.emc.com ([128.222.70.135]) with mapi; Thu, 3 May 2012 12:05:32 -0400
From: <kathleen.moriarty@emc.com>
To: <secdir@ietf.org>, <iesg@ietf.org>
Date: Thu, 3 May 2012 12:05:31 -0400
Thread-Topic: Sec-dir review of draft-ietf-ledbat-congestion-09
Thread-Index: Ac0pRpBgKWUTU3/eScy/0moIJll/7Q==
Message-ID: <AE31510960917D478171C79369B660FA0E954F3352@MX06A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
Cc: jiyengar@fandm.edu, mirja.kuehlewind@ikr.uni-stuttgart.de, greg@bittorrent.com, shalunov@bittorrent.com
Subject: [secdir] Sec-dir review of draft-ietf-ledbat-congestion-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 16:06:10 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

Security risks should be minimized since it is designed to back off to standard TCP behavior in congestion situations.  It can be used in transport or in applications by design.  The Security considerations section says it relies on 'authenticating' time stamps, so the security relies upon the application or protocol at the higher level to have a method to do this.

The draft is written more like a whitepaper than a typical RFC, so it made it tough to follow the flow of the algorithm.

NITS:
Section 2, 3rd line in second paragraph: typo
Change from: avoidoing
To: avoiding

Section 2.1: the section ends with a ',' at the end of #3

Thanks,
Kathleen