Re: [secdir] secdir review of draft-ietf-tcpm-rfc3782-bis-03
"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Mon, 05 December 2011 06:44 UTC
Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBD7521F87D6; Sun, 4 Dec 2011 22:44:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A84gEChPLM7s; Sun, 4 Dec 2011 22:44:51 -0800 (PST)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by ietfa.amsl.com (Postfix) with ESMTP id DA40A21F86F6; Sun, 4 Dec 2011 22:44:50 -0800 (PST)
Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by stl-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id pB56ifRQ020016 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 5 Dec 2011 00:44:42 -0600 (CST)
Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id pB56iVga003055; Sun, 4 Dec 2011 22:44:31 -0800 (PST)
Received: from XCH-NWHT-02.nw.nos.boeing.com (xch-nwht-02.nw.nos.boeing.com [130.247.70.248]) by slb-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id pB56iU0J003045 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Sun, 4 Dec 2011 22:44:31 -0800 (PST)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-02.nw.nos.boeing.com ([130.247.70.248]) with mapi; Sun, 4 Dec 2011 22:44:30 -0800
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: 'Tom Yu' <tlyu@mit.edu>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-tcpm-rfc3782-bis.all@tools.ietf.org" <draft-ietf-tcpm-rfc3782-bis.all@tools.ietf.org>
Date: Sun, 04 Dec 2011 22:44:29 -0800
Thread-Topic: secdir review of draft-ietf-tcpm-rfc3782-bis-03
Thread-Index: AcyprZN5UFdB6tUKRbaAmNES1AHeOQJa3ARQ
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CF2319BF7@XCH-NW-10V.nw.nos.boeing.com>
References: <ldvhb1vz5lv.fsf@cathode-dark-space.mit.edu>
In-Reply-To: <ldvhb1vz5lv.fsf@cathode-dark-space.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [secdir] secdir review of draft-ietf-tcpm-rfc3782-bis-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2011 06:44:51 -0000
Tom, thank you for providing helpful comments. I've posted a version -04 document just now with the revisions. Responses inline below. > -----Original Message----- > From: Tom Yu [mailto:tlyu@mit.edu] > Sent: Tuesday, November 22, 2011 11:00 PM > To: iesg@ietf.org; secdir@ietf.org; draft-ietf-tcpm-rfc3782- > bis.all@tools.ietf.org > Subject: secdir review of draft-ietf-tcpm-rfc3782-bis-03 > > The Security Considerations section of this document says: > > [RFC5681] discusses general security considerations concerning TCP > congestion control. This document describes a specific algorithm > that conforms with the congestion control requirements of [RFC5681], > and so those considerations apply to this algorithm, too. There are > no known additional security concerns for this specific algorithm. > > I believe this assessment is accurate. > > Editorial: > > I found it really confusing where Section 4 appears to directly copy > text from RFC 3782 with no fixups of section references and step > numbers. For example, 4.1 refers to a Step 1B of Section 3. There is > no Step 1B in this document, and the relevant section is actually > Section 3.2. Also, Section 4.2 refers to a Step 1A of Section 3, when > it probably means Step 2 of Section 3.2 of RFC 5681. These references have been fixed, thanks. > > In Appendix B, first paragraph: > > In [RFC3782], the cwnd after Full ACK reception will be set to > (1) min (ssthresh, FlightSize + SMSS) or (2) ssthresh. However, > there is a risk in the first logic which results in performance > degradation. With the first logic, if FlightSize is zero, the > result will be 1 SMSS. This means TCP can transmit only 1 segment > at this moment, which can cause delay in ACK transmission at > receiver > due to delayed ACK algorithm. > > The phrase "first logic" sounds awkward, and should probably be "first > option", to align with the wording in Section 3.2. Improved as you suggested. > > In Appendix B, end of second paragraph: > > Even if window size is not small, > loss of ACK packets or receive buffer shortage during fast recovery > can also increase the possibility to fall into this situation. > > should probably end with "...can also increase the possibility of > falling into this situation." Improved as you suggested. > > In the third paragraph of Appendix B: > > The proposed fix in this document ensures that sender TCP transmits > at least two segments on Full ACK reception. > > I initially couldn't determine exactly what changes in this document > achieve the purported fix, but I'm not an expert at TCP. The text in > step 3 of Section 3.2 of this document is substantially the same when > describing the Full ACK behavior, and the prescribed options for > resetting the value of cwnd looked the same as in RFC 3782 until I > carefully compared them side by side. Perhaps more clearly > identifying the change, using text like: > > The proposed fix in this document, which sets cwnd to at least > 2*SMSS if the implementation uses option 1 in the Full ACK > behavior, ensures that sender TCP transmits at least two segments > on Full ACK reception. > > would be better. I improved this along the lines of your above suggestion.
- [secdir] secdir review of draft-ietf-tcpm-rfc3782… Tom Yu
- Re: [secdir] secdir review of draft-ietf-tcpm-rfc… Henderson, Thomas R