Re: [secdir] Secdir review of draft-ietf-aqm-eval-guidelines-11

Kuhn Nicolas <Nicolas.Kuhn@cnes.fr> Tue, 17 May 2016 08:31 UTC

Return-Path: <Nicolas.Kuhn@cnes.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 537CC12B048; Tue, 17 May 2016 01:31:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.327
X-Spam-Level:
X-Spam-Status: No, score=-3.327 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DBYCtvSPmIeD; Tue, 17 May 2016 01:31:08 -0700 (PDT)
Received: from mx1.cnes.fr (mx1.cnes.fr [194.199.174.200]) by ietfa.amsl.com (Postfix) with ESMTP id BBC6012B00C; Tue, 17 May 2016 01:31:07 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.26,324,1459814400"; d="scan'208";a="3480013"
X-IPAS-Result: A2EyAgDQ1TpX/wYBeApdHAGDGoFTBrlvAQ2BdoYRAoE0OBQBAQEBAQEBA2InhEMBAQEDeRACAQUDDRUdBzIUEQIEAQ0FCIgnwxYBAQEBAQEEAQEBAQEBASCKcoRBgymCLgEEjheFGYR5jwSBBIRPgx4MhTePQh4BAUKDbDwyAYcGAX4BAQE
From: Kuhn Nicolas <Nicolas.Kuhn@cnes.fr>
To: Tero Kivinen <kivinen@iki.fi>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-aqm-eval-guidelines.all@tools.ietf.org" <draft-ietf-aqm-eval-guidelines.all@tools.ietf.org>
Thread-Topic: Secdir review of draft-ietf-aqm-eval-guidelines-11
Thread-Index: AQHRoIyZ3aFSg9THzUGEGUMXQuD6up+860sg
Date: Tue, 17 May 2016 08:31:05 +0000
Message-ID: <F3B0A07CFD358240926B78A680E166FF8DAD9B@TW-MBX-P03.cnesnet.ad.cnes.fr>
References: <22304.47475.765923.579337@fireball.acr.fi>
In-Reply-To: <22304.47475.765923.579337@fireball.acr.fi>
Accept-Language: en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tm-as-product-ver: SMEX-11.0.0.4179-8.000.1202-22326.006
x-tm-as-result: No--37.596500-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/o1TZvrEtItLd27gNsMWYAi3_tCs>
Cc: "Mirja Kuehlewind \(IETF\)" <ietf@kuehlewind.net>
Subject: Re: [secdir] Secdir review of draft-ietf-aqm-eval-guidelines-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2016 08:31:10 -0000

Dear Tero, 

Thanks a lot for your review. If you believe that your proposed changes on the references format should deserve changes in the document and a new ID, please let us know, we would try to integrate them ASAP. 

Kind regards,

The authors.

-----Message d'origine-----
De : Tero Kivinen [mailto:kivinen@iki.fi] 
Envoyé : mercredi 27 avril 2016 15:07
À : iesg@ietf.org; secdir@ietf.org; draft-ietf-aqm-eval-guidelines.all@tools.ietf.org
Objet : Secdir review of draft-ietf-aqm-eval-guidelines-11

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

Summary: ready with nits.

This document describes various criteria for doing characterizations of active queue management schemes. As this is not really a protocol document there is not that much of security issues that could raise from here. The security considerations section says

   Some security considerations for AQM are identified in [RFC7567].This
   document, by itself, presents no new privacy nor security issues.

and I agree with that.

As for nits, the document uses very heavily references in a format where it makes document very hard to read. The references are used in such way, that if they are removed or hidden, the whole document comes completely unreadable. I think the references should only provide extra information, and the document should be readable even if you remove everything between [], but in this case the text comes like
this:

   An AQM scheme SHOULD adhere to the recommendations outlined in
   [], and SHOULD NOT provide undue advantage to flows with
   smaller packets [].

Also references style (i.e. whether it is [RFCxxxx] or [1]) should not affect the document readability, but in this case it makes things very hard to read when text is like:

   [1] separately describes the AQM algorithm implemented in a
   router from the scheduling of packets sent by the router.

When you are reading the document and you do not remember what [1] (or
[RFC7567]) actually is it forces you to go and check the reference section to see what this document is.

It would be better if the text would be expanded so that the actual text is readable even if you remove all references, i.e. the first example would come:

   An AQM scheme SHOULD adhere to the recommendations outlined in Byte
   and Packet Congestion Notification document [RFC7141], and SHOULD
   NOT provide undue advantage to flows with smaller packets.

(I have no idea why the second reference was there at all, it might be useful if it provided section talking about that, but as the whole document is "IETF Recommendations Regarding Active Queue Management", I do not think it relates only to the smaller packets.
--
kivinen@iki.fi