Last Call Review of draft-ietf-ippm-alt-mark-13
review-ietf-ippm-alt-mark-13-secdir-lc-yu-2017-10-26-00

Request Review of draft-ietf-ippm-alt-mark
Requested rev. no specific revision
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-09-27
Requested 2017-09-13
Requested by Spencer Dawkins
Other Reviews Genart Last Call review of -10 by Linda Dunbar (diff)
Intdir Last Call review of -10 by Brian Haberman (diff)
Opsdir Last Call review of -12 by Eric Vyncke (diff)
Rtgdir Last Call review of -10 by Russ White (diff)
Genart Telechat review of -12 by Linda Dunbar (diff)
Genart Telechat review of -13 by Linda Dunbar
Comments
These are the reviews requested by the document shepherd.
Review State Completed
Reviewer Tom Yu
Review review-ietf-ippm-alt-mark-13-secdir-lc-yu-2017-10-26
Posted at https://mailarchive.ietf.org/arch/msg/secdir/gTU7otfnGLpIzmGvjIa0EB3x2mE
Reviewed rev. 13
Review result Ready
Draft last updated 2017-10-26
Review closed: 2017-10-26

Review
review-ietf-ippm-alt-mark-13-secdir-lc-yu-2017-10-26

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready.

The Security Considerations section seems reasonable.  I mostly agree
that

  "The privacy concerns of network measurement are limited because the
   method only relies on information contained in the IP header without
   any release of user data."

I would add that although information in the IP header is metadata that
can be used to compromise the privacy of users, the limited marking
technique in this document seems unlikely to substantially increase the
existing privacy risks from IP header metadata.  I also think it's
reasonable to consider this detail to be already addressed by the
wording "privacy concerns... are limited".

It might be theoretically possible to modulate the marking to serve as a
covert channel, but I think it would have a very low data rate if it is
to avoid adversely affecting the measurement systems that monitor the
marking.  It's probably not worth mentioning this possibility in the
document.

Best regards,

-Taylor