Re: [secdir] Review of draft-ietf-tsvwg-ecn-experimentation-05

"Black, David" <David.Black@dell.com> Wed, 13 September 2017 18:28 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84F4A132D4C; Wed, 13 Sep 2017 11:28:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.22
X-Spam-Level:
X-Spam-Status: No, score=-2.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=dZk42+vZ; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=M+d7qFJA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LCART7mRBTxl; Wed, 13 Sep 2017 11:28:22 -0700 (PDT)
Received: from esa3.dell-outbound.iphmx.com (esa3.dell-outbound.iphmx.com [68.232.153.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FFE71200F3; Wed, 13 Sep 2017 11:28:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1505327220; x=1536863220; h=from:cc:to:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=KU+9vD3WSQIZmyvUfD3jcMVl47d/KgOHiy+0rfR4u9Q=; b=dZk42+vZYEUMqwOAJYMpG0yRTU/4dcN23v/TqS6shOU4qLSUJUduC6oK n1sI9ZMfy+1RBURbIPNs70xB0YWdcb6DDcOOcYVXIBFh8RUWglxG9AoZ5 f9s+1YEkIKyggBkNN3yXHIl3wpsJg6AGmYbJJ1LrBAE348B3CfMrtQtZj A=;
Received: from esa2.dell-outbound2.iphmx.com ([68.232.153.202]) by esa3.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Sep 2017 13:26:59 -0500
From: "Black, David" <David.Black@dell.com>
Cc: "draft-ietf-tsvwg-ecn-experimentation.all@ietf.org" <draft-ietf-tsvwg-ecn-experimentation.all@ietf.org>, "Black, David" <David.Black@dell.com>
Received: from mailuogwhop.emc.com ([168.159.213.141]) by esa2.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Sep 2017 00:27:03 +0600
Received: from maildlpprd04.lss.emc.com (maildlpprd04.lss.emc.com [10.253.24.36]) by mailuogwprd02.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v8DISHTS009622 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 13 Sep 2017 14:28:20 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd02.lss.emc.com v8DISHTS009622
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1505327300; bh=ilgdaCk4QzYHLgybmXpIyOSkK3M=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=M+d7qFJAKBJbiIR1rbOLba1zubrN/Zv0wE/h0lFQQ8kBrHPUvKWSC3+6yeIOZVPlW bLu5AlS3YV8tX9aS1jfsWAy2mpw+sw6lsyxxgLb2M42HGcCmLHwgCxRRUNmemWsttw XAf/m7NWZQ8Qh6gP73X4dlhiQfBChCN5xwFD/Txs=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd02.lss.emc.com v8DISHTS009622
Received: from mailusrhubprd52.lss.emc.com (mailusrhubprd52.lss.emc.com [10.106.48.25]) by maildlpprd04.lss.emc.com (RSA Interceptor); Wed, 13 Sep 2017 14:26:38 -0400
Received: from MXHUB316.corp.emc.com (MXHUB316.corp.emc.com [10.146.3.94]) by mailusrhubprd52.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v8DIRupO023800 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Wed, 13 Sep 2017 14:27:56 -0400
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB316.corp.emc.com ([10.146.3.94]) with mapi id 14.03.0352.000; Wed, 13 Sep 2017 14:27:56 -0400
To: Hilarie Orman <hilarie@purplestreak.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Review of draft-ietf-tsvwg-ecn-experimentation-05
Thread-Index: AQHTLLr4WQvk51ntSUOPm3l8GZJ72KKzINLQ
Date: Wed, 13 Sep 2017 18:27:55 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949362FC4F7BC@MX307CL04.corp.emc.com>
References: <201709131804.v8DI4QUh014123@rumpleteazer.rhmr.com>
In-Reply-To: <201709131804.v8DI4QUh014123@rumpleteazer.rhmr.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.238.44.138]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd52.lss.emc.com
X-RSA-Classifications: public
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ysbcVp5mp1WID4ETbso7xiXWEwI>
Subject: Re: [secdir] Review of draft-ietf-tsvwg-ecn-experimentation-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 18:28:23 -0000

Hilarie,

Thank you for the review. 

> I realize that people experiment with TCP modifications all the time,
> and the ECN experiments can provide valuable engineering information.
> Nonetheless, it seems that some higher standard of safety could be
> in order for today's Internet.  But that is outside the scope of this
> document.

Well, there is a higher standard of safety and it is outside the scope of this document.

Experiments that take advantage of the liberation (I like that word!) in this document are required to first be documented in an Experimental RFC.   That requirement should provide both the Transport Area and the IESG with the ability to ensure that such experiments do not pose unacceptable risks to the continued operation of the Internet - a statement to that effect could be added if you or the Security ADs think it would be helpful.

Thanks, --David


> -----Original Message-----
> From: Hilarie Orman [mailto:hilarie@purplestreak.com]
> Sent: Wednesday, September 13, 2017 2:04 PM
> To: iesg@ietf.org; secdir@ietf.org
> Cc: draft-ietf-tsvwg-ecn-experimentation.all@ietf.org
> Subject: Review of draft-ietf-tsvwg-ecn-experimentation-05
> 
>                      Security review of
>          Explicit Congestion Notification (ECN) Experimentation
>                 draft-ietf-tsvwg-ecn-experimentation-05
> 
> Do not be alarmed.  I have reviewed this document as part of the
> security directorate's ongoing effort to review all IETF documents
> being processed by the IESG.  These comments were written primarily
> for the benefit of the security area directors.  Document editors and
> WG chairs should treat these comments just like any other last call
> comments.
> 
> This document liberalizes the ways in which experiments can be
> conducted on explicit congestion notification with TCP, RTP, and DCCP.
> 
> Other than the alarming statement:
> 
>    "... this memo places the
>    responsibility for not breaking Internet congestion control on the
>    experiments and the experimenters who propose them, as specified in
>    Section 4.4."
> 
> there are no security considerations that occur to me.
> 
> I realize that people experiment with TCP modifications all the time,
> and the ECN experiments can provide valuable engineering information.
> Nonetheless, it seems that some higher standard of safety could be
> in order for today's Internet.  But that is outside the scope of this
> document.
> 
> 
> Hilarie
> 
> 
> 
>