[secdir] (no subject)

"Hilarie Orman" <hilarie@purplestreak.com> Wed, 13 September 2017 17:47 UTC

Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 714C41323B4; Wed, 13 Sep 2017 10:47:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.801
X-Spam-Status: No, score=-0.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_SUBJECT=1.799, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id G8isLXNKWogX; Wed, 13 Sep 2017 10:47:22 -0700 (PDT)
Received: from out03.mta.xmission.com (out03.mta.xmission.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1D9B1320D9; Wed, 13 Sep 2017 10:47:22 -0700 (PDT)
Received: from in02.mta.xmission.com ([]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1dsBkv-00034i-F4; Wed, 13 Sep 2017 11:47:21 -0600
Received: from [] (helo=rumpleteazer.rhmr.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1dsBku-0004nB-H2; Wed, 13 Sep 2017 11:47:21 -0600
Received: from rumpleteazer.rhmr.com (localhost []) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id v8DHk3ic010835; Wed, 13 Sep 2017 11:46:03 -0600
Received: (from hilarie@localhost) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Submit) id v8DHk2xY010834; Wed, 13 Sep 2017 11:46:02 -0600
Date: Wed, 13 Sep 2017 11:46:02 -0600
Message-Id: <201709131746.v8DHk2xY010834@rumpleteazer.rhmr.com>
From: "Hilarie Orman" <hilarie@purplestreak.com>
Reply-To: "Hilarie Orman" <hilarie@purplestreak.com>
To: iesg@ietf.org, secdir@ietf.org
Cc: draft-ietf-tsvwg-ecn-experimentation.all@tools.ietf.org
X-XM-SPF: eid=1dsBku-0004nB-H2; ; ; mid=<201709131746.v8DHk2xY010834@rumpleteazer.rhmr.com>; ; ; hst=in02.mta.xmission.com; ; ; ip=; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-AID: U2FsdGVkX19Yzafye8kchzfbfP6Q90qo
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa03 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ******;iesg@ietf.org, secdir@ietf.org
X-Spam-Timing: total 582 ms - load_scoreonly_sql: 0.10 (0.0%), signal_user_changed: 5 (0.9%), b_tie_ro: 3.8 (0.6%), parse: 1.23 (0.2%), extract_message_metadata: 6 (1.1%), get_uri_detail_list: 1.83 (0.3%), tests_pri_-1000: 5.0 (0.9%), tests_pri_-950: 2.4 (0.4%), tests_pri_-900: 2.0 (0.3%), tests_pri_-400: 28 (4.8%), check_bayes: 25 (4.4%), b_tokenize: 8 (1.4%), b_tok_get_all: 6 (1.1%), b_comp_prob: 4.3 (0.7%), b_tok_touch_all: 2.8 (0.5%), b_finish: 0.94 (0.2%), tests_pri_0: 517 (88.9%), check_dkim_signature: 1.01 (0.2%), check_dkim_adsp: 6 (1.1%), tests_pri_500: 10 (1.7%), rewrite_mail: 0.00 (0.0%)
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/O99wIM2NP7YjbvdRS14alTBIzUw>
Subject: [secdir] (no subject)
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 17:47:23 -0000

                     Security review of
         Explicit Congestion Notification (ECN) Experimentation

Do not be alarmed.  I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors and
WG chairs should treat these comments just like any other last call

This document liberalizes the ways in which experiments can be
conducted on explicit congestion notification with TCP, RTP, and DCCP.
RFC 3168 imposes limits on what can be marked and what cannot, how the
endpoints should respond, and reserves codepoints for particular
experiments.  There are three areas of experimentation that this
document intends to enable by removing standards track limitations:
congestion response differences, congestion marking differences, TCP
control packets and retransmissions.

Other than the alarming statement:

   "... this memo places the
   responsibility for not breaking Internet congestion control on the
   experiments and the experimenters who propose them, as specified in
   Section 4.4."

there are no security considerations that occur to me.

I realize that people experiment with TCP modifications all the time,
and the ECN experiments can provide valuable engineering information.
Nonetheless, it seems that some higher standard of safety could be
in order for today's Internet.  But that is outside the scope of this