[secdir] Secdir last call review of draft-ietf-tcpm-cubic-06

Sean Turner <sean@sn3rd.com> Tue, 26 September 2017 14:15 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 56170120724; Tue, 26 Sep 2017 07:15:22 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Sean Turner <sean@sn3rd.com>
To: <secdir@ietf.org>
Cc: tcpm@ietf.org, ietf@ietf.org, draft-ietf-tcpm-cubic.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.62.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <150643532230.20822.2899916825960257300@ietfa.amsl.com>
Date: Tue, 26 Sep 2017 07:15:22 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/oxMNT9f4ZnsS0FhDux8zJtDvBXE>
Subject: [secdir] Secdir last call review of draft-ietf-tcpm-cubic-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Sep 2017 14:15:22 -0000

Reviewer: Sean Turner
Review result: Has Nits

Do not be alarmed.  I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors and
WG chairs should treat these comments just like any other last call

This document specifies a TCP congestion control algorithm.  It
uses a cubic function instead of linear window increase function.
It is the default function for Linux.

It's ready with nits - basically a couple of more words the security
considerations and maybe a reference or two and you’re done.

Note: I know next to nothing about congestion control functions
so I'm going to trust the function is properly specified and reflects
what's actually implemented.

The security considerations were a little bit terse.  So here's a couple
of questions that came to mind while searching around for where
to refer:

1. I get that since CUBIC just changes the congestion window
adjustment function on the sender side that it makes "no
changes" to the underlying security of TCP.  But, I kinda had to
guess where the underlying security of TCP are documented -
so how about adding "[RFC5681]" to end the sentence assuming
that's where the security considerations for TCP are documented.

2. I think the answer is yes here, but wanted to check:
In RFC5681's security considerations, there's some text
about how to deal with the "ACK division attack" by:

   ... increasing the congestion window based on the
   number of bytes newly acknowledged in each arriving ACK
   rather than by a particular constant on each arriving ACK (as
   outlined in section 3.1).

CUBIC has protections against this attack because it MUST
support slowstart?  Like I said, I think it's yes because s3.1 in
RFC5681 is all about slowstart.

WRT s5.1: In (quickly) reviewing SACK it refers to RFC5961
(aka dealing with the blind in-window attack), does CUBIC
protect against this attack?  If it does or doesn't it might be
worth an informative reference to RFC5961 in s5.1 because
it was published after RFC5681.