Last Call Review of draft-ietf-tcpinc-tcpcrypt-07
review-ietf-tcpinc-tcpcrypt-07-opsdir-lc-wang-2017-10-23-00

Reviewer: Zitao Wang

Review result: Ready with Nits

I have reviewed this document as part of the Operational directorate’s ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational aspects of
the IETF drafts. Comments that are not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs should
treat these comments just like any other last call comments.

Document reviewed:  draft-ietf-tcpinc-tcpcrypt-07

Summary:

This document specifies tcpcrypt, a TCP encryption protocol designed for use in
conjunction with the TCP Encryption Negotiation Option (TCP-ENO).  Tcpcrypt
coexists with middleboxes by tolerating resegmentation, NATs, and other
manipulations of the TCP header.  The protocol is self-contained and
specifically tailored to TCP implementations, which often reside in kernels or
other environments in which large external software dependencies can be
undesirable. Because the size of TCP options is limited, the protocol requires
one additional one-way message latency to perform key exchange before
application data may be transmitted.  However, this cost can be avoided between
two hosts that have recently established a previous tcpcrypt connection.

My overall view of the document is 'Ready' for publication.

One small comment is that there are some id-nits, please fix it in next version:

  -- Looks like a reference, but probably isn't: '0' on line 323

  == Missing Reference: 'RFC-TBD' is mentioned on line 932, but not defined

     Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--).

OPS-DIR mailing list

OPS-DIR at ietf.org

https://www.ietf.org/mailman/listinfo/ops-dir