Last Call Review of draft-ietf-ledbat-congestion-
review-ietf-ledbat-congestion-secdir-lc-moriarty-2012-05-04-00

Request Review of draft-ietf-ledbat-congestion
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2012-05-07
Requested 2012-04-26
Other Reviews
Review State Completed
Reviewer Kathleen Moriarty
Review review-ietf-ledbat-congestion-secdir-lc-moriarty-2012-05-04
Posted at http://www.ietf.org/mail-archive/web/secdir/current/msg03294.html
Review result Ready
Last updated 2012-05-04

Review
review-ietf-ledbat-congestion-secdir-lc-moriarty-2012-05-04

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

Security risks should be minimized since it is designed to back off to standard TCP behavior in congestion situations.  It can be used in transport or in applications by design.  The Security considerations section says it relies on 'authenticating' time stamps, so the security relies upon the application or protocol at the higher level to have a method to do this.

The draft is written more like a whitepaper than a typical RFC, so it made it tough to follow the flow of the algorithm.

NITS:
Section 2, 3rd line in second paragraph: typo
Change from: avoidoing
To: avoiding

Section 2.1: the section ends with a ',' at the end of #3

Thanks,
Kathleen