Last Call Review of draft-ietf-tcpinc-tcpcrypt-07
review-ietf-tcpinc-tcpcrypt-07-opsdir-lc-wang-2017-10-23-00

Request Review of draft-ietf-tcpinc-tcpcrypt
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2017-10-19
Requested 2017-10-05
Other Reviews Rtgdir Telechat review of -07 by John Drake (diff)
Secdir Last Call review of -07 by Stephen Kent (diff)
Genart Last Call review of -07 by Dale Worley (diff)
Secdir Telechat review of -09 by Barry Leiba (diff)
Review State Completed
Reviewer Zitao Wang
Review review-ietf-tcpinc-tcpcrypt-07-opsdir-lc-wang-2017-10-23
Posted at https://www.ietf.org/mail-archive/web/ops-dir/current/msg02907.html
Reviewed rev. 07 (document currently at 10)
Review result Has Nits
Draft last updated 2017-10-23
Review closed: 2017-10-23

Review
review-ietf-tcpinc-tcpcrypt-07-opsdir-lc-wang-2017-10-23

Reviewer: Zitao Wang

Review result: Ready with Nits

 

I have reviewed this document as part of the Operational directorate’s ongoing effort to review all IETF documents being processed by the IESG.  These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review.  Document editors and WG chairs should treat these comments just like any other last call comments.

Document reviewed:  draft-ietf-tcpinc-tcpcrypt-07

Summary:

This document specifies tcpcrypt, a TCP encryption protocol designed for use in conjunction with the TCP Encryption Negotiation Option (TCP-ENO).  Tcpcrypt coexists with middleboxes by tolerating resegmentation, NATs, and other manipulations of the TCP header.  The protocol is self-contained and specifically tailored to TCP implementations, which often reside in kernels or other environments in which large external software dependencies can be undesirable. Because the size of TCP options is limited, the protocol requires one additional one-way message latency to perform key exchange before application data may be transmitted.  However, this cost can be avoided between two hosts that have recently established a previous tcpcrypt connection.

 

My overall view of the document is 'Ready' for publication.

 

One small comment is that there are some id-nits, please fix it in next version:

 

  -- Looks like a reference, but probably isn't: '0' on line 323
 
  == Missing Reference: 'RFC-TBD' is mentioned on line 932, but not defined
 
 
     Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--).
 
OPS-DIR mailing list

OPS-DIR at ietf.org

https://www.ietf.org/mailman/listinfo/ops-dir