[secdir] SecDir Review of draft-ietf-tcpm-1323bis-19

"Moriarty, Kathleen" <kathleen.moriarty@emc.com> Tue, 18 February 2014 17:25 UTC

Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 728491A04FC; Tue, 18 Feb 2014 09:25:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.548
X-Spam-Status: No, score=-2.548 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id N0f6Dti9tvlg; Tue, 18 Feb 2014 09:25:22 -0800 (PST)
Received: from mailuogwdur.emc.com (mailuogwdur.emc.com []) by ietfa.amsl.com (Postfix) with ESMTP id 427931A03F9; Tue, 18 Feb 2014 09:25:22 -0800 (PST)
Received: from maildlpprd51.lss.emc.com (maildlpprd51.lss.emc.com []) by mailuogwprd51.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s1IHPGK1010360 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 18 Feb 2014 12:25:17 -0500
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com s1IHPGK1010360
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1392744317; bh=MqzXflPJH2En/aiebNDMqrsm0nU=; h=From:To:CC:Date:Subject:Message-ID:Content-Type:MIME-Version; b=rZqha7LXohpm6wkvC25PxgMOgMtmFoH5TqpbuqoTt5b923V3xNpOGYhvhCVpZPnFO jsPxsrp41FLCgdcdY6FbLszb1StWWFa58XrBHM1WqOLk+7tIdn93pV/K/XZvWC33jM uezxeLdVl/V+lAhQsTR2lz5SzUgKJjrR+fLYGJJ0=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com s1IHPGK1010360
Received: from mailusrhubprd54.lss.emc.com (mailusrhubprd54.lss.emc.com []) by maildlpprd51.lss.emc.com (RSA Interceptor); Tue, 18 Feb 2014 12:25:11 -0500
Received: from mxhub11.corp.emc.com (mxhub11.corp.emc.com []) by mailusrhubprd54.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s1IHPAoX002025 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 18 Feb 2014 12:25:10 -0500
Received: from mx15a.corp.emc.com ([]) by mxhub11.corp.emc.com ([]) with mapi; Tue, 18 Feb 2014 12:25:10 -0500
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Date: Tue, 18 Feb 2014 12:25:07 -0500
Thread-Topic: SecDir Review of draft-ietf-tcpm-1323bis-19
Thread-Index: Ac8sy+PKVC0RZe0iRMS/K3E7IpheJg==
Message-ID: <F5063677821E3B4F81ACFB7905573F24065BE94B74@MX15A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_F5063677821E3B4F81ACFB7905573F24065BE94B74MX15Acorpemcc_"
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd54.lss.emc.com
X-RSA-Classifications: public
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/pAHohuZRpvt6qni_zMHsGeyZ-iY
Cc: "rs@netapp.com" <rs@netapp.com>, "braden@isi.edu" <braden@isi.edu>, "david.borman@quantum.com" <david.borman@quantum.com>, "vanj@google.com" <vanj@google.com>
Subject: [secdir] SecDir Review of draft-ietf-tcpm-1323bis-19
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2014 17:25:32 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

draft-ietf-tcpm-1323bis-19 is mostly ready.  Discussion of the possible DoS attacks that could occur from the technique described in section 5.3 should be included in this section and mentioned in the security considerations section as well.

Suppose again that segments: A.1, B.1, C.1, ..., Z.1 have been

      sent in sequence and that segment B.1 has been lost.  Furthermore,

      suppose delivery of some of C.1, ...  Z.1 is delayed until *after*

      the retransmission B.2 arrives at the receiver.  These delayed

      segments will be discarded unnecessarily when they do arrive,

      since their timestamps are now out of date.

Thank you,