Re: [secdir] [aqm] Review of draft-ietf-aqm-codel-07

"Gengxuesong (Geng Xuesong)" <> Wed, 22 March 2017 02:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EA398129431; Tue, 21 Mar 2017 19:04:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.222
X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9C_m8rpmaEmZ; Tue, 21 Mar 2017 19:04:39 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8A877126BF7; Tue, 21 Mar 2017 19:04:38 -0700 (PDT)
Received: from (EHLO ([]) by (MOS 4.3.7-GA FastPath queued) with ESMTP id DDF00375; Wed, 22 Mar 2017 02:04:36 +0000 (GMT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.301.0; Wed, 22 Mar 2017 02:04:34 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Wed, 22 Mar 2017 10:04:32 +0800
Received: from ([]) by ([]) with mapi id 14.03.0301.000; Wed, 22 Mar 2017 10:04:30 +0800
From: "Gengxuesong (Geng Xuesong)" <>
To: Yoav Nir <>, "" <>
CC: "" <>, "" <>, "" <>
Thread-Topic: [aqm] Review of draft-ietf-aqm-codel-07
Thread-Index: AQHSohmrIModH2ljM06Ghh8sQcqdUqGgGhzw
Date: Wed, 22 Mar 2017 02:04:30 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: zh-CN
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020204.58D1DBB4.01E4, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: d1de04b9f72ef8ec43a766f971f4a0f3
Archived-At: <>
Subject: Re: [secdir] [aqm] Review of draft-ietf-aqm-codel-07
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 22 Mar 2017 02:04:43 -0000


I can not agree more on this.
It is well written, but I really think I can get the point of the draft faster if I can read the section 5 before section 3.

Best Regards,
Emma (Xuesong)

-----Original Message-----
From: aqm [] On Behalf Of Yoav Nir
Sent: Tuesday, March 21, 2017 4:03 PM
Subject: [aqm] Review of draft-ietf-aqm-codel-07

Reviewer: Yoav Nir
Review result: Has Nits


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

The document describes the CoDel (controlled delay) framework for reducing bufferbloat. It does a good job of describing the problem, outlining the solution and providing both a description of the algorithm (including pseudo-code) and linking to real world implementations. 

Two nits:

1. A lot of terms are used long before they are explained, such as Estimator, Sojourn time, Interval (BTW: if this is a moving interval the spec should probably say so). When reading sections 3 I concluded that the document was aimed at peopel who already knew all these terms and didn't need definitions, but then reading section 5 gave me a lot of a-ha moments about what I had read previously.

2. The security considerations section says "There are no specific security exposures associated with CoDel."  CoDel is about dropping packets, so immediately I have to think how I could subvert a router running CoDel to drop other people's packets. Perhaps it is fine to say that there are no known attacks on CoDel and no steps necessary to mitigate such, but I think it's tempting fate and hackers to say that CoDel has no security exposures.

aqm mailing list