Last Call Review of draft-ietf-tcpm-ecnsyn-
review-ietf-tcpm-ecnsyn-secdir-lc-orman-2009-04-24-00
| Request | Review of | draft-ietf-tcpm-ecnsyn |
|---|---|---|
| Requested revision | No specific revision (document currently at 10) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2009-05-05 | |
| Requested | 2009-04-03 | |
| Authors | Amit Mondal, Aleksandar Kuzmanovic , Dr. K. K. Ramakrishnan , Sally Floyd | |
| I-D last updated | 2009-04-24 | |
| Completed reviews |
Secdir Last Call review of -??
by Hilarie Orman
|
|
| Assignment | Reviewer | Hilarie Orman |
| State | Completed | |
| Request | Last Call review on draft-ietf-tcpm-ecnsyn by Security Area Directorate Assigned | |
| Completed | 2009-04-24 |
review-ietf-tcpm-ecnsyn-secdir-lc-orman-2009-04-24-00
draft-ietf-tcpm-ecnsyn-08.txt I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This is an interesting and well-written document, I enjoyed reading it. It is about an optional, experimental modification to RFC 3168 to allow TCP SYN/ACK packets to be ECN-Capable. The TCP initiator can use this information to reduce its initial congestion window. In simulation, there is a compelling argument that this helps to improve response time during heavy congestion.. The draft argues that the mechanism introduces no security problems, using arguments that bound any potential problems by known existing behaviors. I have no reason to believe that the analysis is wrong. My only caveat is that the combined state machine for TCP and ECN seems complicated, I don't know that all cases are really covered by the draft authors. Perhaps someone could do that if this draft ever moves toward standard. Hilarie Orman