Last Call Review of draft-ietf-pals-congcons-01
review-ietf-pals-congcons-01-secdir-lc-orman-2015-12-17-00
Request | Review of | draft-ietf-pals-congcons |
---|---|---|
Requested revision | No specific revision (document currently at 02) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2015-12-15 | |
Requested | 2015-12-03 | |
Authors | Yaakov (J) Stein , David L. Black , Bob Briscoe | |
I-D last updated | 2015-12-17 | |
Completed reviews |
Genart Last Call review of -01
by Ron Bonica
(diff)
Secdir Last Call review of -01 by Hilarie Orman (diff) Opsdir Last Call review of -01 by Menachem Dodge (diff) Rtgdir Early review of -01 by Keyur Patel (diff) |
|
Assignment | Reviewer | Hilarie Orman |
State | Completed | |
Request | Last Call review on draft-ietf-pals-congcons by Security Area Directorate Assigned | |
Reviewed revision | 01 (document currently at 02) | |
Result | Has nits | |
Completed | 2015-12-17 |
review-ietf-pals-congcons-01-secdir-lc-orman-2015-12-17-00
Security review of Pseudowire Congestion Considerations draft-ietf-pals-congcons-01 Do not be alarmed. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The question that the draft addresses is whether or not TCP flows that are bundled in a pseudowire (PW) need to have a special congestion avoidance algorithm in order to co-exist with normal TCP flows. The answer seems to be a sort of analogy to the central limit theorem: bundled TCP flows behave nearly as gracefully as a similar set of non-bundled flows. Whether or not I got that right, I do agree that this seems to introduce no new security considerations. I do wonder, though, about whether or not an attacker needs to control more or fewer resources to attack a network through a PW than without a PW. I suspect that it depends on the details of the network graph. In any case, the document in question does a good job of discussing the issue of delays and capacity. I think the formula for TCP throughput would be better expressed by moving the common factor of 2p/3 outside the expression in the denominator, but if all previous documents have used the form given in this draft, it would only confuse people. Hilarie