[secdir] Secdir review of draft-ietf-aqm-eval-guidelines-11
Tero Kivinen <kivinen@iki.fi> Wed, 27 April 2016 13:07 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BBF812D162; Wed, 27 Apr 2016 06:07:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2U6V8apNgTFp; Wed, 27 Apr 2016 06:07:05 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 456DB12D161; Wed, 27 Apr 2016 06:07:05 -0700 (PDT)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id u3RD70hZ000978 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 27 Apr 2016 16:07:00 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id u3RD6xwB006766; Wed, 27 Apr 2016 16:06:59 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <22304.47475.765923.579337@fireball.acr.fi>
Date: Wed, 27 Apr 2016 16:06:59 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-aqm-eval-guidelines.all@tools.ietf.org
X-Edit-Time: 11 min
X-Total-Time: 11 min
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/RDMUJahkAaEy-o6sQTO414lUrE0>
Subject: [secdir] Secdir review of draft-ietf-aqm-eval-guidelines-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2016 13:07:07 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: ready with nits. This document describes various criteria for doing characterizations of active queue management schemes. As this is not really a protocol document there is not that much of security issues that could raise from here. The security considerations section says Some security considerations for AQM are identified in [RFC7567].This document, by itself, presents no new privacy nor security issues. and I agree with that. As for nits, the document uses very heavily references in a format where it makes document very hard to read. The references are used in such way, that if they are removed or hidden, the whole document comes completely unreadable. I think the references should only provide extra information, and the document should be readable even if you remove everything between [], but in this case the text comes like this: An AQM scheme SHOULD adhere to the recommendations outlined in [], and SHOULD NOT provide undue advantage to flows with smaller packets []. Also references style (i.e. whether it is [RFCxxxx] or [1]) should not affect the document readability, but in this case it makes things very hard to read when text is like: [1] separately describes the AQM algorithm implemented in a router from the scheduling of packets sent by the router. When you are reading the document and you do not remember what [1] (or [RFC7567]) actually is it forces you to go and check the reference section to see what this document is. It would be better if the text would be expanded so that the actual text is readable even if you remove all references, i.e. the first example would come: An AQM scheme SHOULD adhere to the recommendations outlined in Byte and Packet Congestion Notification document [RFC7141], and SHOULD NOT provide undue advantage to flows with smaller packets. (I have no idea why the second reference was there at all, it might be useful if it provided section talking about that, but as the whole document is "IETF Recommendations Regarding Active Queue Management", I do not think it relates only to the smaller packets. -- kivinen@iki.fi
- [secdir] Secdir review of draft-ietf-aqm-eval-gui… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-aqm-eval… Kuhn Nicolas
- Re: [secdir] Secdir review of draft-ietf-aqm-eval… Kuhn Nicolas
- Re: [secdir] Secdir review of draft-ietf-aqm-eval… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-aqm-eval… Kuhn Nicolas
- Re: [secdir] Secdir review of draft-ietf-aqm-eval… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-aqm-eval… Kuhn Nicolas