Last Call Review of draft-ietf-fecframe-simple-rs-
review-ietf-fecframe-simple-rs-secdir-lc-hutzelman-2012-12-20-00
Request | Review of | draft-ietf-fecframe-simple-rs |
---|---|---|
Requested revision | No specific revision (document currently at 06) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2012-12-18 | |
Requested | 2012-10-11 | |
Authors | Vincent Roca , Mathieu Cunche , Jerome Lacan , Amine Bouabdallah , Kazuhisa Matsuzono | |
I-D last updated | 2012-12-20 | |
Completed reviews |
Genart Last Call review of -??
by Miguel Angel García
Genart Telechat review of -05 by Miguel Angel García (diff) Secdir Last Call review of -?? by Jeffrey Hutzelman |
|
Assignment | Reviewer | Jeffrey Hutzelman |
State | Completed | |
Request | Last Call review on draft-ietf-fecframe-simple-rs by Security Area Directorate Assigned | |
Result | Ready | |
Completed | 2012-12-20 |
review-ietf-fecframe-simple-rs-secdir-lc-hutzelman-2012-12-20-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines a forward error correction scheme for use with the FECFRAME framework, based on Reed-Solomon codes over finite fields of order 2^m. However, this is mostly a protocol document; the actual FEC code is defined in RFC5510. In discussing security considerations, this document relies heavily on the security discussion in the already-published FEC framework document (RFC6363). It also contains a reasonably complete discussion of issues that can arise if an attacker can modify the encoding parameters. These generally amount to resource exhaustion if a receiver accepts an overly large parameter, or denial of service as a result of a receiver being unable to recover data due to misinterpretation of the code. I found that this document, especially the introduction, did not read very smoothly. However, the technical content was entirely understandable, despite my abstract algebra being a bit rusty. -- Jeff