Re: [secdir] Review of draft-ietf-tsvwg-ecn-experimentation-05

Hilarie Orman <hilarie@purplestreak.com> Wed, 13 September 2017 23:11 UTC

Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56E53132D8C; Wed, 13 Sep 2017 16:11:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CNIf_qq3tUNR; Wed, 13 Sep 2017 16:11:51 -0700 (PDT)
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDEDC12421A; Wed, 13 Sep 2017 16:11:51 -0700 (PDT)
Received: from in01.mta.xmission.com ([166.70.13.51]) by out02.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1dsGox-0001wi-7O; Wed, 13 Sep 2017 17:11:51 -0600
Received: from mta2.zcs.xmission.com ([166.70.13.66]) by in01.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1dsGos-0001Hh-3M; Wed, 13 Sep 2017 17:11:50 -0600
Received: from localhost (localhost [127.0.0.1]) by mta2.zcs.xmission.com (Postfix) with ESMTP id 0C326600209; Wed, 13 Sep 2017 17:11:46 -0600 (MDT)
Received: from mta2.zcs.xmission.com ([127.0.0.1]) by localhost (mta2.zcs.xmission.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id JPA_uX5cn8IY; Wed, 13 Sep 2017 17:11:45 -0600 (MDT)
Received: from zms04.zcs.xmission.com (zms04.zcs.xmission.com [166.70.13.74]) by mta2.zcs.xmission.com (Postfix) with ESMTP id EB1C3600208; Wed, 13 Sep 2017 17:11:45 -0600 (MDT)
Date: Wed, 13 Sep 2017 17:11:45 -0600 (MDT)
From: Hilarie Orman <hilarie@purplestreak.com>
To: "Black, David" <David.Black@dell.com>
Cc: The IESG <iesg@ietf.org>, secdir <secdir@ietf.org>, draft-ietf-tsvwg-ecn-experimentation all <draft-ietf-tsvwg-ecn-experimentation.all@ietf.org>
Message-ID: <1607661178.655872.1505344305163.JavaMail.zimbra@purplestreak.com>
In-Reply-To: <CE03DB3D7B45C245BCA0D243277949362FC4F7BC@MX307CL04.corp.emc.com>
References: <201709131804.v8DI4QUh014123@rumpleteazer.rhmr.com> <CE03DB3D7B45C245BCA0D243277949362FC4F7BC@MX307CL04.corp.emc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [72.250.219.84]
X-Mailer: Zimbra 8.7.4_GA_1730 (ZimbraWebClient - FF53 (Linux)/8.7.4_GA_1730)
Thread-Topic: Review of draft-ietf-tsvwg-ecn-experimentation-05
Thread-Index: AQHTLLr4WQvk51ntSUOPm3l8GZJ72KKzINLQ5YpUX6I=
X-XM-SPF: eid=1dsGos-0001Hh-3M; ; ; mid=<1607661178.655872.1505344305163.JavaMail.zimbra@purplestreak.com>; ; ; hst=in01.mta.xmission.com; ; ; ip=166.70.13.66; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-SA-Exim-Connect-IP: 166.70.13.66
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ****;"Black, David" <David.Black@dell.com>
X-Spam-Relay-Country: US
X-Spam-Timing: total 4742 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 2.8 (0.1%), b_tie_ro: 1.92 (0.0%), parse: 1.34 (0.0%), extract_message_metadata: 20 (0.4%), get_uri_detail_list: 2.9 (0.1%), tests_pri_-1000: 5 (0.1%), tests_pri_-950: 0.90 (0.0%), tests_pri_-900: 0.95 (0.0%), tests_pri_-400: 24 (0.5%), check_bayes: 23 (0.5%), b_tokenize: 8 (0.2%), b_tok_get_all: 7 (0.2%), b_comp_prob: 3.0 (0.1%), b_tok_touch_all: 3.0 (0.1%), b_finish: 0.64 (0.0%), tests_pri_0: 518 (10.9%), check_dkim_signature: 0.56 (0.0%), check_dkim_adsp: 160 (3.4%), tests_pri_500: 4161 (87.8%), poll_dns_idle: 4156 (87.6%), rewrite_mail: 0.00 (0.0%)
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/_AEXhB_q2WVef5hV0KELsbLIrEk>
Subject: Re: [secdir] Review of draft-ietf-tsvwg-ecn-experimentation-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 23:11:53 -0000

Yes, I think it would be suitable to include such a statement.
People read these things, they wonder, does anyone try to prevent
Internet from turning into ice-9?

Hilarie

----- Original Message -----
From: "Black, David" <David.Black@dell.com>
To: "Hilarie Orman" <hilarie@purplestreak.com>om>, "The IESG" <iesg@ietf.org>rg>, "secdir" <secdir@ietf.org>
Cc: "draft-ietf-tsvwg-ecn-experimentation all" <draft-ietf-tsvwg-ecn-experimentation.all@ietf.org>rg>, "Black, David" <David.Black@dell.com>
Sent: Wednesday, September 13, 2017 12:27:55 PM
Subject: RE: Review of draft-ietf-tsvwg-ecn-experimentation-05

Hilarie,

Thank you for the review. 

> I realize that people experiment with TCP modifications all the time,
> and the ECN experiments can provide valuable engineering information.
> Nonetheless, it seems that some higher standard of safety could be
> in order for today's Internet.  But that is outside the scope of this
> document.

Well, there is a higher standard of safety and it is outside the scope of this document.

Experiments that take advantage of the liberation (I like that word!) in this document are required to first be documented in an Experimental RFC.   That requirement should provide both the Transport Area and the IESG with the ability to ensure that such experiments do not pose unacceptable risks to the continued operation of the Internet - a statement to that effect could be added if you or the Security ADs think it would be helpful.

Thanks, --David


> -----Original Message-----
> From: Hilarie Orman [mailto:hilarie@purplestreak.com]
> Sent: Wednesday, September 13, 2017 2:04 PM
> To: iesg@ietf.org; secdir@ietf.org
> Cc: draft-ietf-tsvwg-ecn-experimentation.all@ietf.org
> Subject: Review of draft-ietf-tsvwg-ecn-experimentation-05
> 
>                      Security review of
>          Explicit Congestion Notification (ECN) Experimentation
>                 draft-ietf-tsvwg-ecn-experimentation-05
> 
> Do not be alarmed.  I have reviewed this document as part of the
> security directorate's ongoing effort to review all IETF documents
> being processed by the IESG.  These comments were written primarily
> for the benefit of the security area directors.  Document editors and
> WG chairs should treat these comments just like any other last call
> comments.
> 
> This document liberalizes the ways in which experiments can be
> conducted on explicit congestion notification with TCP, RTP, and DCCP.
> 
> Other than the alarming statement:
> 
>    "... this memo places the
>    responsibility for not breaking Internet congestion control on the
>    experiments and the experimenters who propose them, as specified in
>    Section 4.4."
> 
> there are no security considerations that occur to me.
> 
> I realize that people experiment with TCP modifications all the time,
> and the ECN experiments can provide valuable engineering information.
> Nonetheless, it seems that some higher standard of safety could be
> in order for today's Internet.  But that is outside the scope of this
> document.
> 
> 
> Hilarie
> 
> 
> 
>