Telechat Review of draft-ietf-tsvwg-ecn-experimentation-05
review-ietf-tsvwg-ecn-experimentation-05-secdir-telechat-orman-2017-09-20-00
| Request | Review of | draft-ietf-tsvwg-ecn-experimentation |
|---|---|---|
| Requested revision | No specific revision (document currently at 08) | |
| Type | Telechat Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2017-09-12 | |
| Requested | 2017-08-31 | |
| Authors | David L. Black | |
| Draft last updated | 2017-09-20 | |
| Completed reviews |
Genart Telechat review of -05
by
Brian E. Carpenter
(diff)
Secdir Telechat review of -05 by Hilarie Orman (diff) Genart Telechat review of -06 by Brian E. Carpenter (diff) Opsdir Telechat review of -06 by Susan Hares (diff) |
|
| Assignment | Reviewer | Hilarie Orman |
| State | Completed | |
| Review |
review-ietf-tsvwg-ecn-experimentation-05-secdir-telechat-orman-2017-09-20
|
|
| Reviewed revision | 05 (document currently at 08) | |
| Result | Has Nits | |
| Completed | 2017-09-20 |
review-ietf-tsvwg-ecn-experimentation-05-secdir-telechat-orman-2017-09-20-00
Security review of
Explicit Congestion Notification (ECN) Experimentation
draft-ietf-tsvwg-ecn-experimentation-05
Do not be alarmed. I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG. These comments were written primarily
for the benefit of the security area directors. Document editors and
WG chairs should treat these comments just like any other last call
comments.
This document liberalizes the ways in which experiments can be
conducted on explicit congestion notification with TCP, RTP, and DCCP.
Other than the alarming statement:
"... this memo places the
responsibility for not breaking Internet congestion control on the
experiments and the experimenters who propose them, as specified in
Section 4.4."
there are no security considerations that occur to me.
I realize that people experiment with TCP modifications all the time,
and the ECN experiments can provide valuable engineering information.
Nonetheless, it seems that some higher standard of safety could be
in order for today's Internet. But that is outside the scope of this
document.
Hilarie