[secdir] secdir review of draft-ietf-tcpm-rtorestart-08

David Mandelberg <david@mandelberg.org> Tue, 06 October 2015 21:22 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 059141B3372 for <secdir@ietfa.amsl.com>; Tue, 6 Oct 2015 14:22:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wyZtzK3fgDIv for <secdir@ietfa.amsl.com>; Tue, 6 Oct 2015 14:22:09 -0700 (PDT)
Received: from nm2-vm5.access.bullet.mail.gq1.yahoo.com (nm2-vm5.access.bullet.mail.gq1.yahoo.com [216.39.63.120]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E71201B3370 for <secdir@ietf.org>; Tue, 6 Oct 2015 14:22:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1444166528; bh=0ev82aOgzJE+NXpfh/vHbKgqkpiGqEpgFN9mteQExKQ=; h=Date:From:To:Subject:From:Subject; b=XImmge88Xoxnk7I0cWyVElCRkwBPCU9cjjyohP79r011MwZqwkEhQf4qRQYDClO34lN7Uo65HDejsQ4KET4DGBbqpRpMqf+In/JO0l1OrSlG0RHMmfY62ga8YK6HUcOAPjmEreb3WKSjFyarQXaaYilzoGwKcVVUQ7DVi7BzfBBK/BmIUZcthFEtxY8R/R16DUrrzK23hgZIHrHgcb0PPldrZtohZh9OACDhzVvRVdCDLpQKXDqOIt/B8vwOywKu/c56yel28sWJeNa53eSLRJpMkEIDwo4xpqNit6EY4MAMiVbCNYQSST2wMjkBbYl2SudcK9lDs3Un3we8ylBTrg==
Received: from [216.39.60.170] by nm2.access.bullet.mail.gq1.yahoo.com with NNFMP; 06 Oct 2015 21:22:08 -0000
Received: from [98.138.226.243] by tm6.access.bullet.mail.gq1.yahoo.com with NNFMP; 06 Oct 2015 21:22:08 -0000
Received: from [127.0.0.1] by smtp114.sbc.mail.ne1.yahoo.com with NNFMP; 06 Oct 2015 21:22:08 -0000
X-Yahoo-Newman-Id: 12104.25605.bm@smtp114.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: OKa5BuEVM1kPoPh3eqBKpv4V626ujGGEV.h7fMr61CUdyt7 Hl6JMbbGrkxtHaC6iyn9V3Hdx1st6Affd1JhzXcq0OJfyjmzl5JgUUZrb1mA BMXW_bQLKYC1zICBFBUaP5tkm136_Ee6W9.ydo4bX.isEJ1WPrlFuri06fji .ARl5ye.AS6g7p9ZeUYs_CLNnr3Q2An_Yj_pfpWCk6HQNN_PsBD9nXop8IHR wg.vlPqZINRa5s3iRvxwUNW_H_EYvrD0NGnK75oYFXjqC_gM0tYT5kl_bA4w 06egIYQS_CSjZYNt4z3U5FJoGpP.rXWkrT3itRuK04lv04xPSXwNGaLCx2PR X9AgS6rBytojrnaE6AjAZdpomiuMghkAexCyPNTqozhH9_q2q5I4AOZrY5DT LjaS5RGfvpFc._fYkl5AtIIkuirQM_XY7kLk699YTd2M4m6tRd0acedO5_4F OFN74x.C8BZy52W1ijJfI4nw1lMuOLTEBL4KMqThDJp13D1HLSRoFtM6cqzX itAmSz3N5XtOo1zLmWGEsiKzSLxr37lxeYn_JFw--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from secure.mandelberg.org (c-76-24-31-176.hsd1.ma.comcast.net [76.24.31.176]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 0F6F11C6033; Tue, 6 Oct 2015 17:22:07 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Date: Tue, 06 Oct 2015 17:22:06 -0400
From: David Mandelberg <david@mandelberg.org>
To: <iesg@ietf.org>, <secdir@ietf.org>, <draft-ietf-tcpm-rtorestart.all@tools.ietf.org>
Message-ID: <08c33803c2e1397c9467ad269bc55edc@mail.mandelberg.org>
X-Sender: david@mandelberg.org
User-Agent: Roundcube Webmail/0.7.2
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/rgylmKL0egVYMbRXIuScS23R8FQ>
Subject: [secdir] secdir review of draft-ietf-tcpm-rtorestart-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2015 21:22:10 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors.  Document editors and WG chairs should treat these 
comments just like any other last call comments.

This document describes an experimental change to a TCP and SCTP 
retransmission timer.

I thought about multiple ways to attack the specified algorithm, and 
was unable to come up with anything noteworthy. However, I should note 
that I do not feel qualified to comment on the impact this change might 
have on congestion in the Internet.

The security considerations section primarily references RFC 6298, 
which I believe is sufficient.

As such, I think this document is Ready.


Venturing outside my area of expertise (so feel free to disregard 
this), I have a question about section 4, step 3a. Would it make more 
sense for the "0" to be replaced with a configurable parameter? It seems 
to me that the number should be close to an inter-packet arrival time to 
more accurately avoid the issue mentioned below ("this is required to 
ensure that RTOR does not trigger retransmissions prematurely when 
previously retransmitted segments are acknowledged").

-- 
David Eric Mandelberg / dseomn
http://david.mandelberg.org/