Last Call Review of draft-ietf-manet-credit-window-07
review-ietf-manet-credit-window-07-secdir-lc-huitema-2016-12-01-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

I think the document is ready, but its security considerations depend on
those of draft-ietf-manet-dlep-25, which are discussed in another thread.

Draft-ietf-manet-credit-window-07 defines "Credit Windowing extension for
DLEP". The Dynamic Link Exchange Protocol (DLEP) is defined in
draft-ietf-manet-dlep-25. DLEP is meant to operate over a single link. It
consists of an ad hoc discovery protocol over multicast UDP in which a
router discovers a modem, followed by a TCP connection over which router and
modem exchange control messages. DLEP operates in the control plane,
independent of the data plane used for actual data transmission. 

The current draft, draft-ietf-manet-credit-window-07, defines a set of
messages exchanged over DLEP to manage a credit window, so as to control the
flow of packets in the data plane between the router and destinations
accessible through the wireless modem. The goal is to track the variable
capacity of the wireless link to different destinations without requiring
complex queue management at the modem itself -- I assume that the queues
will be managed by the router instead. 

The security section states that "The extension does not introduce any
additional threats above those documented in [DLEP]." That's true. There is
an ongoing debate about the security of DLEP itself, but there is noting
that this extension could do about it.

-- Christian Huitema