Problem Statement for the Datagram Congestion Control Protocol (DCCP)
RFC 4336

Note: This ballot was opened for revision 03 and is now closed.

(Allison Mankin) Yes

Comment (2005-09-15)
No email
send info
The detailed comments on security  were deemed very worthwhile, but given that the
DCCP specs have excellent security considerations, we decided not to revise.
We just added a note to the RFC Editor for Russ's comment.

(Brian Carpenter) No Objection

Comment (2005-09-15)
No email
send info
Gen-ART review by Lakshimnath Dondeti follows. I don't want to block an
Informational on these grounds, but the authors might care to think
about doing as suggested below:


Summary:  Very well written; however, missing security considerations ...

I enjoyed reading the I-D immensely; as I was nearing the end, I was hoping to see the authors' recommendations on security protocols for a datagram congestion control protocol.   Unfortunately, security did not make the cut in Section 5 on Additional Design Considerations.  Furthermore, Section 8 on Security Considerations says that there are no security considerations for this document.  I disagree!

Here are some questions the security considerations section might address:

1. I use SRTP/IPsec/DTLS for my VoIP traffic and now that a motivation for a DCCP being proposed, what are the implications on the existing security protocols.  Would they work without modifications or would there be any special considerations (for instance the DTLS draft has a paragraph on what might be different w.r.t. the DCCP vs. UDP).

2. TCP and UDP have different security considerations (e.g., reset attacks in TCP don't apply to UDP).  Would a DCCP be similar to TCP or UDP in security issues?

The answers may be obvious to folks active in this area, but not necessarily to an average reader.

As Russ suggested in his comments, DoS considerations and FW traversal as noted in other parts of the draft might be repeated in the security considerations section as well.

Nit: The abstract says the document is a historical record.  In that case, please delete the sentence starting with "The current version of DCCP includes no multihoming ..." in Section 5 (for future proofing this document in the face of changes to the DCCP specification).

(Margaret Cullen) No Objection

(Bill Fenner) No Objection

(Ted Hardie) No Objection

(Sam Hartman) No Objection

(Russ Housley) No Objection

Comment (2005-09-09)
No email
send info
  Very nice, well written document.

  The Security Considerations essentially say that there are no
  security considerations, but the authors raise several security
  issues in the body of the document.  The body of the document has
  discussion of DoS attacks, firewall traversal, and NAT traversal.
  I would rather see the Security Considerations section refer to
  these places.

(David Kessens) No Objection

(Mark Townsley) No Objection

(Bert Wijnen) No Objection