Last Call Review of draft-ietf-ledbat-congestion-
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.
Security risks should be minimized since it is designed to back off to standard TCP behavior in congestion situations. It can be used in transport or in applications by design. The Security considerations section says it relies on 'authenticating' time stamps, so the security relies upon the application or protocol at the higher level to have a method to do this.
The draft is written more like a whitepaper than a typical RFC, so it made it tough to follow the flow of the algorithm.
Section 2, 3rd line in second paragraph: typo
Change from: avoidoing
Section 2.1: the section ends with a ',' at the end of #3