Early Review of draft-ietf-mptcp-rfc6824bis-11
review-ietf-mptcp-rfc6824bis-11-secdir-early-eastlake-2018-07-19-00

Request Review of draft-ietf-mptcp-rfc6824bis
Requested rev. no specific revision (document currently at 13)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2018-06-30
Requested 2018-06-05
Requested by Philip Eardley
Other Reviews
Comments
We've just started a WG last call on draft-ietf-mptcp-rfc6824bis. It would be great to have an early Security Area review, to allow any issues to be discussed prior to /at Montreal. Thank-you!

Here's the WGLC text:
<<This starts a WG Last Call for draft-ietf-mptcp-rfc6824bis. Please send comments by the end of June. 

Please note there are three IPR disclosures (we're working on getting them added to the rfc6824bis page): 

* two are inherited from RFC6824  https://datatracker.ietf.org/ipr/search/?submit=draft&id=draft-ietf-mptcp-multiaddressed    
* one is inherited from draft-paasch-mptcp-syncookies (which got include in rfc6824bis) https://datatracker.ietf.org/ipr/2678/ 
>>
Review State Completed
Reviewer Donald Eastlake
Review review-ietf-mptcp-rfc6824bis-11-secdir-early-eastlake-2018-07-19
Posted at https://mailarchive.ietf.org/arch/msg/secdir/RwQqGewdo9Rf5_YRS3KyEUIaa6Y
Reviewed rev. 11 (document currently at 13)
Review result Ready
Draft last updated 2018-07-19
Review completed: 2018-07-19

Review
review-ietf-mptcp-rfc6824bis-11-secdir-early-eastlake-2018-07-19

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the
IESG.  Document editors and WG chairs should treat these comments just like
any other last call comments.

The summary of the review is Ready.

This draft specified version 1 of Multipath TCP obsoleting version 0. The
paths are identified by the 4-tuple of IP addresses and ports for each
path. The services offered to applications are the same as TCP. The
additional information needed for setting up and tearing down paths,
synchronizing flows, etc., is communicated using TCP options.

The Security Considerations section appears to be good and the security
mechanisms adequate to achieve the documents goal of being as secure as
TCP. There is a good if somewhat generalized Threat Analysis in RFC 6181 as
well as an Architecture document in RFC 6182 that considers security
aspects.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 1424 Pro Shop Court, Davenport, FL 33896 USA
 d3e3e3@gmail.com